On Wed, Feb 03, 2016 at 11:20:01PM +0000, Nathan Peters wrote:
> We have a FreeIPA 4.1.4 domain running on CentOS 7.1.
> 
> We have noticed that from certain machines, sudo is instant, and from others, 
> it takes about 5 seconds.
> 
> All machines involved can resolve each other through DNS (both forward and 
> reverse lookups).
> 
> Running an strace reveals that sssd_pam is hanging for 4.3 seconds waiting 
> for /proc/freeipaproccessid/fd3 which maps to [eventpoll]
> 
> 
> 0.000044 epoll_wait(3,  {{EPOLLIN, {u32=6976896, u64=6976896}}}, 1, 4896) = 1
> 
> 4.373816 read(9, 
> "l\2\1\1\206\0\0\0\10\0\0\0\25\0\0\0\5\1u\0\10\0\0\0\10\1g\0\7ua("..., 2048) 
> = 174
> 
> lrwx------ 1 root root 64 Feb  3 19:04 3 -> [eventpoll]
> 
> There are no nfs mounts on this system, so I can't see why this system call 
> would take so long.
> 
> This is happening on 3 of our machines right now, but others can login just 
> fine.  The pam/authconfig setup is identical on all of them.
> 
> Any ideas why sssd would be timing out trying to get [eventpoll] out of the 
> /proc directory?

I guess what you're seeing is the tevent loop sssd uses waiting for
input.

I would recommend to enable sssd logs and take a look there. Feel free
to post the logs on the list so we can help you with debugging. I would
guess that it takes a long time to resolve some large group, but without
logs it's hard to tell.

This is the sssd upstream troubleshooting guide:
    https://fedorahosted.org/sssd/wiki/Troubleshooting

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to