From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Thursday, September 13, 2012 6:50 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] clients very slow

On 09/13/2012 09:54 AM, David Fitzgerald wrote:
Hello Everyone,

I work at a small university and I deployed freeIPA on my Linux network over 
the summer break with no (known) problems,  and everything worked as expected.  
However, now that the semester has started and the Linux system is under a much 
higher load, I am noticing that my client machines will randomly slow to a 
crawl.  For example, I have a lab of 25 machines.  The students can log in ok, 
but after a time, a few of the machines will freeze so that the users on those 
machines cannot do anything.  After a few minutes, the frozen machines will 
unfreeze, but other machines will freeze up.  I can't see any pattern to what 
machines freeze up.  I did not have this problem when running NIS, so I suspect 
it is something in freeIPA but I am not sure what to look for to solve the 
problem.  Probably a setting somewhere needs tweaked but I don't know.  The 
server and clients all run Scientific Linux 6.2.

Can anyone help me troubleshoot this?

Do you use SSSD as a client or something else?

If SSSD we would need the nsswitch, pam, krb5.conf, sssd.conf configuration 
files and SSSD logs set to debug_level=8 or 9.

What operation they are freezing on? Is it login/authentication or just 
suddenly, which probably indicates identity lookup.
So freezes might be related to the DNS or name resolution lookups that those 
machines do. They might be accessing a DNS server that is down or misconfigured 
before failing over to a correct one.

So resolve.conf, /etc/hosts would be helpful.
But you might need to check the DNS configuration yourself.


HTH


We do use SSSD as a client.  The freeze occurs suddenly, after the user logs 
in.  One process that always is at the top of 'top' when the systems freeze is 
'xxx.xxx.xxx.xxx-ma', where the xxx's are the ip address of my freeIPA server.  
Watching the network during these freezes show that the clients are attempting 
to contact the freeIPA server but we don't see a reply.  Is there a limit on 
the number of connections the server can handle?

Thanks!

Dave

+++++++++++++++++++++++
David Fitzgerald
Department of Earth Sciences
Millersville University
Millersville, PA 17551

Phone: 717-871-2394





_______________________________________________

Freeipa-users mailing list

Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>

https://www.redhat.com/mailman/listinfo/freeipa-users




--

Thank you,

Dmitri Pal



Sr. Engineering Manager for IdM portfolio

Red Hat Inc.





-------------------------------

Looking to carve out IT costs?

www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>




_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to