On 05/22/2014 09:43 AM, Bret Wortman wrote:
What we're seeing is slow GDM logins, ssh authentications, and "sudo -i" responses on this network. On our other, these things are all blazing fast. Here, they're on the order of 5-10 seconds. And it doesn't seem to improve (much) with age or time, except perhaps anecdotally. At best, a second connection might be a second faster, but will revert within an hour or so.

Have you compared sssd.conf from clients in these two networks?
Do you use enumeration?

Increasing debug level and looking at the logs will help you to understand what part takes most time. These logs will be helpful for you/us to see if/what the problem is/are.

On 05/22/2014 09:36 AM, Rob Crittenden wrote:
Bret Wortman wrote:
Where should my clients be getting the contents of /etc/openldap/certs from?

I've got one network where my IPA authentications are blazing fast and
one where they're ... not. On the slower one, clients'
/etc/openldap/certs directories are either missing or empty; on the
faster network, clients have certs in these directories.

Is this important, and if so what could be going wrong on my slower
network that might cause the certs to not get distributed or created
These are not the droids you are looking for...

Can you clarify what you mean by IPA authentications? sssd should be
handling that, and while a first auth over a slow link might be slow
subsequent usage should be quite fast.


Freeipa-users mailing list

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Freeipa-users mailing list

Reply via email to