On (27/12/17 11:12), Lin Yuan wrote: >Hello sssd experts > >We have a monitoring service login our linux servers with an AD account >periodically, 1 or 2 times every 5 minutes (that is ~500 logins per day, I >do not think this frequency is that high). But we find the login through >sssd fails almost every month and have to restart the sssd service to bring >it back. > >After increasing the debug level, we found there are some memory issues for >sssd_be > >(Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [fork_child] (0x0020): fork >failed [12][Cannot allocate memory]. >(Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [handle_child_send] (0x0020): >fork_child failed. >(Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [krb5_auth_done] (0x0020): >child failed (12 [Cannot allocate memory]) >(Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [krb5_auth_queue_done] >(0x0040): krb5_auth_recv failed with: 12 > >For a typical server configured with 4G RAM, sssd_be will consume 12% of >RAM (~500M) after 5 days. I googled a bit and tried to tune parameters, but >did not see significant improvement. Here is my current configuration: > >[sssd] >domains = lab.local >config_file_version = 2 >services = nss, pam > >[pam] >pam_id_timeout = 86400 > >[domain/lab.local] >ad_domain = lab.local >krb5_realm = LAB.LOCAL >realmd_tags = manages-system joined-with-samba >cache_credentials = true >id_provider = ad >krb5_store_password_if_offline = True >default_shell = /bin/bash >ldap_id_mapping = True >fallback_homedir = /home/%d/%u >access_provider = simple >simple_allow_groups = [email protected] >ldap_user_principal = nosuchattribute >entry_cache_timeout = 86400 >ldap_referrals = false >use_fully_qualified_names=false >ignore_group_members = true >cached_auth_timeout = 86400 > > >We want our Linux servers to use local credential to authenticate users >whenever possible to reduce load on our ADs. The phenomenon I can see is: >in the 1st day (within the timeout period 86400), sssd_be's memory usage >remains stable, around 20M. But after the 1st day, the memory usage >increases steadily, and finally the login service fails. > >Do you have any idea about this problem? It looks like memory leak > >Our system is >- Centos 7.4.1708 x86_64 >- sssd 1.15.2-50 That's probably a known bug in 1.15 https://pagure.io/SSSD/sssd/issue/3588 and already fixed in upstream.
https://bugzilla.redhat.com/show_bug.cgi?id=1482231 LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
