Where should my clients be getting the contents of /etc/openldap/certs from?
I've got one network where my IPA authentications are blazing fast and
one where they're ... not. On the slower one, clients'
/etc/openldap/certs directories are either missing or empty; on the
faster network,
Bret Wortman wrote:
Where should my clients be getting the contents of /etc/openldap/certs from?
I've got one network where my IPA authentications are blazing fast and
one where they're ... not. On the slower one, clients'
/etc/openldap/certs directories are either missing or empty; on the
What we're seeing is slow GDM logins, ssh authentications, and sudo -i
responses on this network. On our other, these things are all blazing
fast. Here, they're on the order of 5-10 seconds. And it doesn't seem to
improve (much) with age or time, except perhaps anecdotally. At best, a
second
On 05/22/2014 09:43 AM, Bret Wortman wrote:
What we're seeing is slow GDM logins, ssh authentications, and sudo
-i responses on this network. On our other, these things are all
blazing fast. Here, they're on the order of 5-10 seconds. And it
doesn't seem to improve (much) with age or time,
I found that our slower system was using FQDNs for the list of IPA
servers; our faster system was using IPs. I'm switching now, letting
Puppet distribute the update and will see if it helps.
By enumeration, do you mean are we spelling out our IPA servers? Yes. We
only have 3 and they look
On Thu, May 22, 2014 at 10:36:45AM -0400, Bret Wortman wrote:
I found that our slower system was using FQDNs for the list of IPA
servers; our faster system was using IPs. I'm switching now, letting
Puppet distribute the update and will see if it helps.
By enumeration, do you mean are we
On 05/22/2014 10:36 AM, Bret Wortman wrote:
I found that our slower system was using FQDNs for the list of IPA
servers; our faster system was using IPs. I'm switching now, letting
Puppet distribute the update and will see if it helps.
That means you have problems with DNS that are worth
It doesn't seem to have helped -- we're still pretty slow even with IP
addresses in sssd.conf.
On 05/22/2014 11:07 AM, Dmitri Pal wrote:
On 05/22/2014 10:36 AM, Bret Wortman wrote:
I found that our slower system was using FQDNs for the list of IPA
servers; our faster system was using IPs. I'm
On Thu, May 22, 2014 at 11:16:57AM -0400, Bret Wortman wrote:
It doesn't seem to have helped -- we're still pretty slow even with
IP addresses in sssd.conf.
Yes, I would expect the performance to be still slow, because when you
perform authentication, the user information is always refreshed
On 05/22/2014 02:25 PM, Jakub Hrozek wrote:
On Thu, May 22, 2014 at 11:16:57AM -0400, Bret Wortman wrote:
It doesn't seem to have helped -- we're still pretty slow even with
IP addresses in sssd.conf.
Yes, I would expect the performance to be still slow, because when you
perform
On 05/22/2014 11:16 AM, Bret Wortman wrote:
It doesn't seem to have helped -- we're still pretty slow even with IP
addresses in sssd.conf.
Then we need debug logs to see where the delays are. Put high debug
level and zip the logs somewhere we can take a look at.
Jakub is your guy.
On
11 matches
Mail list logo
