[Freeipa-users] clients very slow

David Fitzgerald David.Fitzgerald at millersville.edu
Thu Sep 27 19:36:28 UTC 2012 


From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Dmitri Pal
Sent: Thursday, September 13, 2012 6:50 PM
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] clients very slow

On 09/13/2012 09:54 AM, David Fitzgerald wrote:
Hello Everyone,

I work at a small university and I deployed freeIPA on my Linux network over the summer break with no (known) problems,  and everything worked as expected.  However, now that the semester has started and the Linux system is under a much higher load, I am noticing that my client machines will randomly slow to a crawl.  For example, I have a lab of 25 machines.  The students can log in ok, but after a time, a few of the machines will freeze so that the users on those machines cannot do anything.  After a few minutes, the frozen machines will unfreeze, but other machines will freeze up.  I can't see any pattern to what machines freeze up.  I did not have this problem when running NIS, so I suspect it is something in freeIPA but I am not sure what to look for to solve the problem.  Probably a setting somewhere needs tweaked but I don't know.  The server and clients all run Scientific Linux 6.2.

Can anyone help me troubleshoot this?

Do you use SSSD as a client or something else?

If SSSD we would need the nsswitch, pam, krb5.conf, sssd.conf configuration files and SSSD logs set to debug_level=8 or 9.

What operation they are freezing on? Is it login/authentication or just suddenly, which probably indicates identity lookup.
So freezes might be related to the DNS or name resolution lookups that those machines do. They might be accessing a DNS server that is down or misconfigured before failing over to a correct one.

So resolve.conf, /etc/hosts would be helpful.
But you might need to check the DNS configuration yourself.


HTH


We do use SSSD as a client.  The freeze occurs suddenly, after the user logs in.  One process that always is at the top of 'top' when the systems freeze is 'xxx.xxx.xxx.xxx-ma', where the xxx's are the ip address of my freeIPA server.  Watching the network during these freezes show that the clients are attempting to contact the freeIPA server but we don't see a reply.  Is there a limit on the number of connections the server can handle?

Thanks!

Dave

+++++++++++++++++++++++
David Fitzgerald
Department of Earth Sciences
Millersville University
Millersville, PA 17551

Phone: 717-871-2394





_______________________________________________

Freeipa-users mailing list

Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>

https://www.redhat.com/mailman/listinfo/freeipa-users




--

Thank you,

Dmitri Pal



Sr. Engineering Manager for IdM portfolio

Red Hat Inc.





-------------------------------

Looking to carve out IT costs?

www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120927/c00c64f5/attachment.htm>

More information about the Freeipa-users mailing list