SSH login process is very slow or times out for AD users on IPA Clients in large IPA-AD Trust environment
Issue
- With an empty SSSD cache, logins either take several minutes, or they timeout
- We need to speed up initial SSSD retrieval of Active Directory user information
- Even after all the usual "SSSD tuning for large AD deployments" improvements, an empty SSSD cache still takes around 2 minutes to provide
Password:
prompt after the initial SSH command
Environment
- Red Hat Enterprise Linux 7
- Red Hat Identity Management (IPA)
- Active Directory Trust
- Multiple AD Domains in remote locations
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.