On 2017-04-04 11:19, Jakub Hrozek wrote:
On Tue, Apr 04, 2017 at 09:51:04AM +0200, Ronald Wimmer wrote:
Hi,

my IPA master has an AD trust (several thousand users). Since the trust has
been set up I am experiencing that I cannot login on the web interface. Even
connecting via SSH does not work or takes extremely long. When I managed to
log in as root via SSH (after waiting and trying several times or rebooting
the machine) I could not restart SSSD (systemctl restart sssd). I had to
kill the SSSD processes manually and then everything seemed to work fine
again.

What could be going on? Could the SSSD cache be to big (122M)? Where should
I take a deeper look?

Any hints are highly appreciated!
SSSD logs that capture the problem are always a good start.

I found out that the CPU was quite busy (sssd_be process) and that there was a lot I/O in the cache directory. So I upgraded from 1 to 4 virtual CPUs and followed your recommendations regarding large deployments: https://jhrozek.wordpress.com/2015/08/19/performance-tuning-sssd-for-large-ipa-ad-trust-deployments/

No problems so far...

Regards,
Ronald

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to