LDAP user authentication access denied

I am configuring LDAP client for user authentication on the server. Currently SSH key authentication is allowed and password authentication is not allowed.

My SSH configurtion (/etc/ssh/sshd_config)

PermitRootLogin no
AuthorizedKeysCommand /path/to/getsshkey.sh
AuthorizedKeysCommandUser root
PasswordAuthentication no

My other config files:

I have added following line in /etc/pam.d/common-auth

auth    required    pam_access.so

I have added the following line in /etc/pam.d/sshd

account required pam_access.so

I have added the following line in /etc/security/access.conf

-: ALL EXCEPT root (group1) (group2): ALL except LOCAL

I have also configured all these files (/etc/ldap.conf, /etc/nsswitch.conf, /etc/pam.d/common-session)

For an example username1 belong to group1

Executing this command:

ssh -i private.pem username1@ip_address

Returns the below error in auth.log on the server:

Access denied for user username1 by PAM account configuration [preauth]

Why is access denied?

personally I would use the nss_base_<map> directives as they are a bit more flexible and work with pam filters. however, since you are this far down the road, here is a good way to pinpoint your issue:

1st verify your LDAP information using the following commands

$ id
$ id YOURUSERNAME (will not show additional groups)

$ getent passwd
$ getent shadow
$ getent group

next check your pam filter configurations in /etc/ldap.conf and make sure the hostnames match

see the LDAP docs for more information.