[Freeipa-users] IPA-AD Login
Alan P
estracen at hotmail.com
Thu Feb 4 19:15:17 UTC 2016
Hi,
I just configured a trust between an IPA and an Active Directory to authenticate IPA users in Windows machines joined in AD domain. The login is successfull, but only after several minutes (nearly 25 minutes) in the first attempt; in the next attempts, the required time goes from 5 to 10 min. So, what can I do to reduce the time to something more acceptable? (For reference, when an AD user authenticates it only takes 10 seconds or less).
My environment is:
IPA server 4.2.0-15 in a RHEL 7.2
IPA domain is a subdomain of AD (like ad.example.com and ipa.ad.example.com)
There are, right now, a few users but is planed to manage more than 10,000
The trust was configured as "two way"
AD is in a Windows Server 2012
It has the root domain
I made a domain delegation, so AD is authoritative for ad.example.com and IPA, for ipa.ad.example.com
All windows client machines are joined here
There are a few users, but they are only for test purposes
The authentication in a windows client is:
user: IPA.AD.EXAMPLE.COM\ipa.user
pass: ipa user pass
>From IPA console I can make kinit user.ad at AD.EXAMPLE.COM with no problem.
Thanks.
Alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160204/da423790/attachment.htm>
More information about the Freeipa-users
mailing list