[Freeipa-users] Slow logins on FreeIPA 4.1.2 (F21)

Wed Apr 8 08:57:59 UTC 2015

On Wed, Apr 08, 2015 at 10:43:10AM +0200, Martin (Lists) wrote:
> Am 08.04.2015 um 10:27 schrieb Jakub Hrozek:
> > Can you run:
> >     KRB5_TRACE=/dev/stderr kinit yourprinc at YOUR.REALM
> >
> > So that we can compare with the krb5_child.log you sent earlier? I
> > wonder if SSSD talks to a KDC that is slower or far away from your
> > client..
> >
> This is my trace from kinit:
> 
> [2422] 1428482081.62208: AS key obtained for encrypted timestamp:
> aes256-cts/61D1
> [2422] 1428482081.62288: Encrypted timestamp (for 1428482081.868994):
> plain ***, encrypted ***
> [2422] 1428482081.62328: Preauth module encrypted_timestamp (2) (real)
> returned: 0/Success
> [2422] 1428482081.62342: Produced preauth for next request: 133, 2
> [2422] 1428482081.62379: Sending request (265 bytes) to MITTELERDE.DE
> [2422] 1428482081.62484: Sending initial UDP request to dgram 1.2.3.4:88
> [2422] 1428482081.201814: Received answer (740 bytes) from dgram 1.2.3.4:88
> [2422] 1428482081.201872: Response was from master KDC
> [2422] 1428482081.201905: Processing preauth types: 19
> [2422] 1428482081.201914: Selected etype info: etype aes256-cts, salt
> "***", params ""
> [2422] 1428482081.201920: Produced preauth for next request: (empty)
> [2422] 1428482081.201929: AS key determined by preauth: aes256-cts/61D1
> [2422] 1428482081.201973: Decrypted AS reply; session key is:
> aes256-cts/C464
> [2422] 1428482081.201991: FAST negotiation: available
> [2422] 1428482081.202014: Initializing KEYRING:persistent:0:0 with
> default princ frodo at MITTELERDE.DE
> [2422] 1428482081.202058: Removing frodo at MITTELERDE.DE ->
> krbtgt/MITTELERDE.DE at MITTELERDE.DE from KEYRING:persistent:0:0
> [2422] 1428482081.202065: Storing frodo at MITTELERDE.DE ->
> krbtgt/MITTELERDE.DE at MITTELERDE.DE in KEYRING:persistent:0:0
> [2422] 1428482081.202110: Storing config in KEYRING:persistent:0:0 for
> krbtgt/MITTELERDE.DE at MITTELERDE.DE: fast_avail: yes
> [2422] 1428482081.202126: Removing frodo at MITTELERDE.DE ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
> from KEYRING:persistent:0:0
> [2422] 1428482081.202133: Storing frodo at MITTELERDE.DE ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
> in KEYRING:persistent:0:0
> [2422] 1428482081.202166: Storing config in KEYRING:persistent:0:0 for
> krbtgt/MITTELERDE.DE at MITTELERDE.DE: pa_type: 2
> [2422] 1428482081.202177: Removing frodo at MITTELERDE.DE ->
> krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
> from
> KEYRING:persistent:0:0                                                                                                                                                 
> 
> [2422] 1428482081.202184: Storing frodo at MITTELERDE.DE ->
> krb5_ccache_conf_data/pa_type/krbtgt\/MITTELERDE.DE\@MITTELERDE.DE at X-CACHECONF:
> in
> KEYRING:persistent:0:0                                                                                                                                                    
> 
> 
> Most of the host can only communicate in the local net, which has not
> that much hosts (10). The wired ones are connected via GBit Network,
> wireless it is up to 150MBit. Server is a Xeon E3-1225 with 8GB Mem. All
> Systems have Fedora 21 installed

Does it communicate with the same KDC as krb5_child?