[Freeipa-users] login delay with sssd
Ivars Strazdiņš
ivars.strazdins at sets.lv
Mon Jun 1 14:42:53 UTC 2015
Hi,
how could I possibly trace why there is a noticeable delay when logging into sssd enabled server?
With ssh there is a 2-3 second delay before users logs in. But most users notice this with webmail, which uses dovecot->pam->sssd as authentication backend.
Environment is Centos 7.1 and FreeIPA 4.1.0 servers, two redundant.
Client also running Centos 7.1 with sssd.
Installation as per IPA handbook. DNS is proper (or so I think :) ).
Nothing special in logs that I could attribute to this problem except maybe that for each successful login there is a pam_unix failure entry in /var/log/secure log like:
Jun 1 17:38:36 mail auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=user1 at company.com rhost=::1 user=user1 at company.com
Jun 1 17:38:37 mail auth: pam_sss(dovecot:auth): authentication success; logname= uid=0 euid=0 tty=dovecot ruser=user1 at company.com rhost=::1 user=user1 at company.com
But when user is logged in, “id” command result is instantaneous.
All machines have selinux enabled, of course.
Thanks in advance,
Ivars
sssd.conf file from client:
[domain/company.com]
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = company.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = mail.company.com
chpass_provider = ipa
ipa_server = server1.company.com, _srv_
ldap_tls_cacert = /etc/ipa/ca.crt
enumerate = true
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
domains = company.com
[nss]
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150601/165dd9ea/attachment.htm>
More information about the Freeipa-users
mailing list