Hi all,
After all, no issues at all with FreeIPA. The reboot of the Cable modem
caused changing the IPv6 Prefix Delegation, more or less destroying my
IPv6 setup.
After fixing IPv6 (enabled on IPA also :) ) all is going blazing fast again.
Winfried
Op 11-02-2020 om 16:01 schreef Winfried de
Hi all,
Got rid of the dropped packages by simply restarting the Cable
modem/router...
Anyway, this wasn't the problem. Still cannot find the reason why
sss_ssh_authorizedkeys slow on IPA-server is so slow, ONLY on the
IPA-server...
Winfried
Op 10-02-2020 om 13:44 schreef Winfried de
On Mon, Feb 10, 2020 at 01:44:52PM +0100, Winfried de Heiden via FreeIPA-users
wrote:
> Hi all,
>
> sssd 2.20 is being used.
Hi,
with this version all validation should be done with the help of
p11_child. If you add debug_level=9 to the [ssh] section of sssd.conf
you should be able to see from
Hi all,
sssd 2.20 is being used.
I cannot figure out why the network might cause problems since the "good
clients" are running on the same network, switches etc.
I dived into it anyway, finding a rather large and increasing number of
dropped packages and dive into that first. Nevertheless,
On Mon, Feb 10, 2020 at 09:54:04AM +0100, Winfried de Heiden via FreeIPA-users
wrote:
> Hi all,
>
> Yep, I do use user-certs for authentication and it seems ocsp takes time;
> but only on the IPA-server. Even on a Rapsberry Pi 3 as an IPA-client, using
> the same IPA-server, it is 4 times
Hi all,
Seems like a usefull feature; oscp and I rather keep it enabled. On all
other IPA-clients, even a Raspberry Pi 3, it is much much more fast. On
the IPA-server is suffering here :(
What could be causing this slowness
Winfried
Op 10-02-2020 om 08:13 schreef Sumit Bose via
Hi all,
Yep, I do use user-certs for authentication and it seems ocsp takes
time; but only on the IPA-server. Even on a Rapsberry Pi 3 as an
IPA-client, using the same IPA-server, it is 4 times faster...
Hence; something seems going wrong in oscp, but what could be causing
the problem?
On Sun, Feb 09, 2020 at 11:06:46PM +0200, Alexander Bokovoy via FreeIPA-users
wrote:
> On su, 09 helmi 2020, Winfried de Heiden via FreeIPA-users wrote:
> > Hi all,
> > For some reason, for a particular user, sss_ssh_authorizedkeys is extremely
> > slow on the IPA-server:
> > time
On su, 09 helmi 2020, Winfried de Heiden via FreeIPA-users wrote:
Hi all,
For some reason, for a particular user, sss_ssh_authorizedkeys is extremely
slow on the IPA-server:
time /usr/bin/sss_ssh_authorizedkeys ~real 0m9.520suser
0m0.022ssys 0m0.018s
It will return all the public
Have you check authentication source order in nsswitch.conf ? Maybe there it
hit some timeout or so.
From: Winfried de Heiden via FreeIPA-users
Sent: dimanche 9 février 2020 13:55
To: freeipa-users@lists.fedorahosted.org
Cc: Winfried de Heiden
Subject: [Freeipa-users] sss_ssh_authorizedkeys
10 matches
Mail list logo
