[Freeipa-users] Really slow logins with AD SID Mapping vs. POSIX

Thu Mar 19 16:29:35 UTC 2015

You are correct. 7.1.

Sent with Good (www.good.com)

-----Original Message-----
From: Jakub Hrozek [jhrozek at redhat.com<mailto:jhrozek at redhat.com>]
Sent: Thursday, March 19, 2015 11:37 AM Eastern Standard Time
To: Gould, Joshua
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Really slow logins with AD SID Mapping vs. POSIX

On Thu, Mar 19, 2015 at 11:31:16AM -0400, Gould, Joshua wrote:
> RHEL 7.0 fully up to date.

Are you sure? Looks like 7.1 to me based on the NVRs.

>
> sssd-krb5-common-1.12.2-58.el7.x86_64
> sssd-ipa-1.12.2-58.el7.x86_64
> sssd-1.12.2-58.el7.x86_64
> sssd-tools-1.12.2-58.el7.x86_64
> sssd-common-1.12.2-58.el7.x86_64
> sssd-ad-1.12.2-58.el7.x86_64
> sssd-krb5-1.12.2-58.el7.x86_64
> sssd-ldap-1.12.2-58.el7.x86_64
> sssd-client-1.12.2-58.el7.x86_64
> sssd-common-pac-1.12.2-58.el7.x86_64
> sssd-proxy-1.12.2-58.el7.x86_64
>
>
>
> On 3/19/15, 11:23 AM, "Jakub Hrozek" <jhrozek at redhat.com> wrote:
>
> >On Thu, Mar 19, 2015 at 11:05:45AM -0400, Gould, Joshua wrote:
> >> I¹m seeing ssh logins for AD users take MUCH longer when using SID
> >>mapping
> >> vs. POSIX attributes. Both myself and our AD admin would prefer to use
> >>SID
> >> mapping. It appears tied to the group lookup at login. There seem to be
> >> many posts about it, but I haven¹t found anything to help much. sssd
> >>pegs
> >> the CPU for the 15 or so seconds the login takes.
> >
> >You haven't said what OS or release are you running, but for 7.0 I have
> >test packages with a proposed enhancement Sumit wrote:
> >
> >https://urldefense.proofpoint.com/v2/url?u=https-3A__jhrozek.fedorapeople.
> >org_sssd-2Dtest-2Dbuilds_sssd-2D7.0-2Dlogin-2Dspeedup_&d=AwIFAw&c=k9MF1d71
> >ITtkuJx-PdWme51dKbmfPEvxwt8SFEkBfs4&r=C8H0y1Bn8C6Mf5i9qrqkUDy3xSk8zPbIs_Sv
> >JwojC24&m=YA1l-b8irE5VE9qVc1q4PY8RVJA2iLwWLK_U7aXS1gs&s=bYcFLFGsd6BT_1ozcn
> >1r1WaYFWJ4_5xT5ddR7d45Z08&e=
> >
> >Please include the versions of the problematic packages in the future
> >requests for troubleshooting.
> >
> >--
> >Manage your subscription for the Freeipa-users mailing list:
> >https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_mailma
> >n_listinfo_freeipa-2Dusers&d=AwIFAw&c=k9MF1d71ITtkuJx-PdWme51dKbmfPEvxwt8S
> >FEkBfs4&r=C8H0y1Bn8C6Mf5i9qrqkUDy3xSk8zPbIs_SvJwojC24&m=YA1l-b8irE5VE9qVc1
> >q4PY8RVJA2iLwWLK_U7aXS1gs&s=uJUobRCfTZ-jS6M4XSLW8ScMXv_1sIQ-OSoy54M7b2k&e=
> >
> >Go to
> >https://urldefense.proofpoint.com/v2/url?u=http-3A__freeipa.org&d=AwIFAw&c
> >=k9MF1d71ITtkuJx-PdWme51dKbmfPEvxwt8SFEkBfs4&r=C8H0y1Bn8C6Mf5i9qrqkUDy3xSk
> >8zPbIs_SvJwojC24&m=YA1l-b8irE5VE9qVc1q4PY8RVJA2iLwWLK_U7aXS1gs&s=F_LQz74bb
> >hG6_BKutjgbdRMTvIBRYggIgNj1QZoEznw&e=  for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150319/9c1620e9/attachment.htm>