Hi there,
I am new to sssd. I have setup a CentOS sssd (1.8.0) and LDAP authentication. The LDAP stuff seems to work. I want to restrict logins to users of certain netgroups. Usually we do this with "compat" in /etc/nsswitch.conf and entries like "+@groupname" in /etc/passwd.
Does this mechanism work with sssd? Right now I have:
passwd: files sss shadow: files sss group: files sss
and it seems that all users from the users LDAP subtree could login, "getent passwd" shows all LDAP users.
If I change this to
passwd: compat shadow: compat group: compat passwd_compat: sss group_compat: sss
"getent passwd" only shows local users from the passwd file.
Thanks for any help, Olaf