On 28/09/2022 10:43, ahmed zakraoui via FreeIPA-users wrote:
Hello, I have a cluster of 6 FreeIPA servers in production that are connected to Active Directory cluster via the Active directory trust. The goal is to make users access linux VMs using their Active directory credentials. This workes fine for the majority of our servers, but lately we started to notice slow ssh authentication for Active Directory users. this is caused by, sometimes (I dont know when, or why) sssd is trying to enumerate all the users (or part of the users) on the AD and trying to update their group membership (below an example of the error message).
See <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/tuning_performance_in_identity_management/assembly_tuning-sssd-performance-for-large-idm-ad-trust-deployments_tuning-performance-in-idm#proc_tuning-sssd-in-idm-servers-for-large-idm-ad-trust-deployments_assembly_tuning-sssd-performance-for-large-idm-ad-trust-deployments>
Regards, -- Sam Morris <https://robots.org.uk/> PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue