I also tried that but it also didn't do the trick, I read on a web page that account ... was the line to add.
I'm using 2 accounts to test, 1 in the group 1 outside. The changes I've made either allow both to log in or neither.
Is it possible that even when I've got the PAM right, it only compares the primary group that shows up when you do
If so, this might explain something cos 15020 isn't the primary group of the user who is a member.