Hi there, I am new to sssd. I have setup a CentOS sssd (1.8.0) and LDAP authentication. The LDAP stuff seems to work. I want to restrict logins to users of certain netgroups. Usually we do this with "compat" in /etc/nsswitch.conf and entries like "+@groupname" in /etc/passwd. Does this mechanism work with sssd? Right now I have: passwd: files sss shadow: files sss group: files sss and it seems that all users from the users LDAP subtree could login, "getent passwd" shows all LDAP users. If I change this to passwd: compat shadow: compat group: compat passwd_compat: sss group_compat: sss "getent passwd" only shows local users from the passwd file. Thanks for any help, Olaf -- Olaf Gellert email gellert(a)dkrz.de Deutsches Klimarechenzentrum GmbH phone +49 (0)40 460094 214 Bundesstrasse 45a fax +49 (0)40 460094 270 D-20146 Hamburg, Germany www http://www.dkrz.de Sitz der Gesellschaft: Hamburg Geschäftsführer: Prof. Dr. Thomas Ludwig Registergericht: Amtsgericht Hamburg, HRB 39784