how could I possibly trace why there is a noticeable delay when logging into 
sssd enabled server?
With ssh there is a 2-3 second delay before users logs in. But most users 
notice this with webmail, which uses dovecot->pam->sssd as authentication 
Environment is Centos 7.1 and FreeIPA 4.1.0 servers, two redundant.
Client also running Centos 7.1 with sssd.
Installation as per IPA handbook. DNS is proper (or so I think :) ).
Nothing special in logs that I could attribute to this problem except maybe 
that for each successful login there is a pam_unix failure entry in 
/var/log/secure log like:
Jun  1 17:38:36 mail auth: pam_unix(dovecot:auth): authentication failure; 
logname= uid=0 euid=0 tty=dovecot ruser=us...@company.com rhost=::1  
Jun  1 17:38:37 mail auth: pam_sss(dovecot:auth): authentication success; 
logname= uid=0 euid=0 tty=dovecot ruser=us...@company.com rhost=::1 

But when user is logged in, “id” command result is instantaneous.
All machines have selinux enabled, of course.

Thanks in advance,

sssd.conf file from client:


cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = company.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = mail.company.com
chpass_provider = ipa
ipa_server = server1.company.com, _srv_
ldap_tls_cacert = /etc/ipa/ca.crt
enumerate = true
services = nss, sudo, pam, ssh
config_file_version = 2

domains = company.com
homedir_substring = /home






Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to