Greetings:

I am trying to set up my SSSD to authenticate against an LDAP server. So far I have gotten getent and id to draw from LDAP, which tells me at least the identity part of things is working.

When I try to SSH into the box with my LDAP account though, it just gives an "access denied". I've tried ldapsearch against the LDAP and it comes back fine, and I am stumped. Here is my sssd.conf file:

[domain/default]
ldap_tls_reqcert=never
autofs_provider = ldap
cache_credentials = True
ldap_search_base = ou=xxxx,dc=xxxxx,dc=xxxx
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://my-ldap.example.com/
ldap_id_use_start_tls = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout=600
ldap_network_timeout=3
ldap_access_filter=(&(object)(object))
debug_level=6
enumerate=false
debug_timestamps = True
ldap_default_authtok_type = password
ldap_default_bind_dn= uid=xxxxx,ou=xxxx,dc=xxxxx,dc=xxxx
ldap_default_authtok = xxxxxxxxxxx

[sssd]
services = nss, pam, autofs
config_file_version = 2
debug_level=8
domains = default

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
homedir_substring = /home

[pam]
debug_level=6
[sudo]

[autofs]

[ssh]

[pac]

[ifp]

=====

Also, here is nsswitch.conf

passwd: files sss
shadow: files sss
group: files sss
#initgroups: files

hosts: files dns

If anyone has any thoughts about what might be going on, I'd appreciate it. Thanks in advance.