Hi,How much RAM does the FreeIPA server have?
Thanks
 

    On Friday, 15 December 2017, 04:17:52 GMT, Tony Delov via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:  
 
 I've been having difficulties connecting a freeipa-client on Ubuntu 16.06 LTS, 
to a Redhat IPA server that has a trusted connection to Microsoft AD server.

Ssh authentications are pretty slow, however, once I do get on, I find sudo 
commands often do not work for several minutes saying I am not in the "not in 
the sudoers file.". This is even though, I am in the same group on the 
access.conf file and a sudoers file.

I think the initial slowness is due to the fact that our AD system has lots of 
groups and I am part of many large groups with many users. I've been checking 
the sssd cache file, and I can see that ssh authentication does not even start 
until almost all groups I am a member of have been added to the cache. However, 
that does not explain why sudo is being delayed as the groups are already 
cached.

Has anyone got any advice about setting up a freeipa-client on Ubuntu to 
connect to a Redhat IPA server?
Has anyone else experienced difficulties with sudo commands?
Group membership not listing all the groups a person is a member off all the 
time.id <username>




IPA Client.

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
 
# dpkg --list | grep freeipa
ii  freeipa-client                     4.3.1-0ubuntu1                           
  amd64        FreeIPA centralized identity framework -- client
ii  freeipa-common                     4.3.1-0ubuntu1                           
  all          FreeIPA centralized identity framework -- common files

IPA Server
# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.4 (Maipo)


# rpm -qa | grep "ipa-"
sssd-ipa-1.15.2-50.el7_4.6.x86_64
ipa-common-4.5.0-21.el7_4.2.2.noarch
ipa-server-4.5.0-21.el7_4.2.2.x86_64
ipa-client-common-4.5.0-21.el7_4.2.2.noarch
ipa-client-4.5.0-21.el7_4.2.2.x86_64
ipa-server-common-4.5.0-21.el7_4.2.2.noarch
ipa-server-trust-ad-4.5.0-21.el7_4.2.2.x86_64




RegardsTony D



 

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
  
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to