[Freeipa-users] Intermittent delay in authentication

[Steven Jones]

Hi,

Yes....Last time we lost a switch at DR which is 5km away on dark fibre...the 002 replica is at DR.


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Jakub Hrozek [jhrozek at redhat.com]
Sent: Wednesday, 15 August 2012 8:23 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Intermittent delay in authentication

On Tue, Aug 14, 2012 at 03:28:52PM -0500, KodaK wrote:
> I apologize in advance for not having very much information to go on.
>
> We have exactly 100 hosts in IPA right now.  On occasion, maybe once
> or twice a day, all authentication just pauses for some amount of
> time.  It can range from just a few seconds to about 30 seconds.  I
> can see this happen, I can be doing an "su" on one box and an ssh into
> another, and people will yell over the cube walls that "it's happening
> again" but after a few seconds everything will start flowing again.
>
> I've been watching logs and I don't see anything that's corresponding
> with these events, but I'm willing to take any advice at the moment.
>
> What *could* cause something like this?  Does replication block
> authentication (I can't imagine that it does.)  I'm absolutely sure I
> have something misconfigured, but I don't even know where to start on
> this one.
>

I suspect this is a SSSD issue.

Is is possible that one of your replicas might have been unreachable at
some point? We've had a bug where the SSSD would attempt to get a TGT
from a replica rather than master and if that failed b/c the replica was
down, the whole SSSD went offline.

Anyhow, I think that SSSD domain logs would tell us more.

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users