On RHEL6, ssh log-ins became very slow over time which could be fixed by restarting the sssd process.

Solution In Progress - Updated -

Environment

Red Hat Enterprise Linux 6.5

Issue

sssd was configured to use Active directory as the kerberos authentication provider. With debug enabled, the following was logged in the domain log file:

(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'KERBEROS'
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [get_server_status] (0x1000): Status of server 'server.domain.com' is 'name resolved'
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [fo_resolve_service_activate_timeout] (0x2000): Resolve timeout set to 6 seconds
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is not resolved
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (server.domain.com), resolver returned (5)
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [be_resolve_server_process] (0x0040): Failed to find a server after 10 attempts
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [be_resolve_server_done] (0x1000): Server resolution failed: 5
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [be_mark_offline] (0x2000): Going offline!
(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [be_run_offline_cb] (0x0080): Going offline. Running callbacks.

Resolution

Looking at the error log:

(Thu Oct  9 15:02:27 2014) [sssd[be[domain.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is not resolved

This was a SRV lookup that was failing. The sssd.conf did not have a krb5_server auth provider configured in the domain section. This was worked around by explicitly configuring the krb5_server option in the domain section of sssd.conf.

Root Cause

SRV DNS lookups were not working.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.