Openldap authenticating

[nash11]

I have three server which are 192.168.0.1 , 192.168.0.2 , 192.168.0.3 , and have already setup the openldap authentication while 192.168.0.1 is the master ldap server , now the user can authenticate via the ldap then access the servers, however , some users should not be allowed to login 192.168.0.2 , but now they can login this server via the ldap as the ldap server accept the authentication , for example , the user run 'ssh 192.168.0.2' , the ldap accept the authenticate then allow the user to login this server , can advise how to forbid the unauthorized user can access 192.168.0.2' ?

[nash11]

I have already follow the admin guide to setup it , add the below to the config file , but it is strange that when I use telnet to access the system , it pop "Access denied for this host" , but to still accept me to access the system , can advise why the system not deny me to access ? thx


#vi /etc/ldap.conf
pam_check_host_attr yes

#vi /etc/pam.d/system-auth
auth required /lib/security/pam_nologin.so
auth required pam_env.so
auth required /lib/security/pam_unix.so nullok shadow use_first_pass
auth sufficient /lib/security/pam_ldap.so
auth required pam_deny.so

account required /lib/security/pam_unix.so
account sufficient pam_localuser.so
account sufficient /lib/security/pam_ldap.so
#account sufficient [default=bad success=ok user_unknown=ignore service_err=igno
re system_err=ignore] /lib/security/$ISA/pam_ldap.so

#account [success=done new_authtok_reqd=done perm_denied=bad default=ignore] pam
_ldap.so

password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_unix.so nullok use_authtok shadow md5
password sufficient pam_ldap.so use_authtok use_first_pass
password required pam_deny.so

session required pam_limits.so
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0066