SSH login process is very slow or times out for AD users on IPA Clients in large IPA-AD Trust environment

Solution Verified - Updated -


  • With an empty SSSD cache, logins either take several minutes, or they timeout
  • We need to speed up initial SSSD retrieval of Active Directory user information
  • Even after all the usual "SSSD tuning for large AD deployments" improvements, an empty SSSD cache still takes around 2 minutes to provide Password: prompt after the initial SSH command


  • Red Hat Enterprise Linux 7
  • Red Hat Identity Management (IPA)
  • Active Directory Trust
  • Multiple AD Domains in remote locations

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In