SSH login process is very slow or times out for AD users on IPA Clients in large IPA-AD Trust environment

Solution Verified - Updated -

Issue

  • With an empty SSSD cache, logins either take several minutes, or they timeout
  • We need to speed up initial SSSD retrieval of Active Directory user information
  • Even after all the usual "SSSD tuning for large AD deployments" improvements, an empty SSSD cache still takes around 2 minutes to provide Password: prompt after the initial SSH command

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Identity Management (IPA)
  • Active Directory Trust
  • Multiple AD Domains in remote locations

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content