[Freeipa-users] Intermittent delay in authentication
Jakub Hrozek
jhrozek at redhat.com
Wed Aug 15 08:23:39 UTC 2012
On Tue, Aug 14, 2012 at 03:28:52PM -0500, KodaK wrote:
> I apologize in advance for not having very much information to go on.
>
> We have exactly 100 hosts in IPA right now. On occasion, maybe once
> or twice a day, all authentication just pauses for some amount of
> time. It can range from just a few seconds to about 30 seconds. I
> can see this happen, I can be doing an "su" on one box and an ssh into
> another, and people will yell over the cube walls that "it's happening
> again" but after a few seconds everything will start flowing again.
>
> I've been watching logs and I don't see anything that's corresponding
> with these events, but I'm willing to take any advice at the moment.
>
> What *could* cause something like this? Does replication block
> authentication (I can't imagine that it does.) I'm absolutely sure I
> have something misconfigured, but I don't even know where to start on
> this one.
>
I suspect this is a SSSD issue.
Is is possible that one of your replicas might have been unreachable at
some point? We've had a bug where the SSSD would attempt to get a TGT
from a replica rather than master and if that failed b/c the replica was
down, the whole SSSD went offline.
Anyhow, I think that SSSD domain logs would tell us more.
More information about the Freeipa-users
mailing list