Hello sssd experts We have a monitoring service login our linux servers with an AD account periodically, 1 or 2 times every 5 minutes (that is ~500 logins per day, I do not think this frequency is that high). But we find the login through sssd fails almost every month and have to restart the sssd service to bring it back.
After increasing the debug level, we found there are some memory issues for sssd_be (Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [fork_child] (0x0020): fork failed [12][Cannot allocate memory]. (Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [handle_child_send] (0x0020): fork_child failed. (Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [krb5_auth_done] (0x0020): child failed (12 [Cannot allocate memory]) (Mon Dec 18 10:48:37 2017) [sssd[be[tls.ad]]] [krb5_auth_queue_done] (0x0040): krb5_auth_recv failed with: 12 For a typical server configured with 4G RAM, sssd_be will consume 12% of RAM (~500M) after 5 days. I googled a bit and tried to tune parameters, but did not see significant improvement. Here is my current configuration: [sssd] domains = lab.local config_file_version = 2 services = nss, pam [pam] pam_id_timeout = 86400 [domain/lab.local] ad_domain = lab.local krb5_realm = LAB.LOCAL realmd_tags = manages-system joined-with-samba cache_credentials = true id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True fallback_homedir = /home/%d/%u access_provider = simple simple_allow_groups = admins@lab.local ldap_user_principal = nosuchattribute entry_cache_timeout = 86400 ldap_referrals = false use_fully_qualified_names=false ignore_group_members = true cached_auth_timeout = 86400 We want our Linux servers to use local credential to authenticate users whenever possible to reduce load on our ADs. The phenomenon I can see is: in the 1st day (within the timeout period 86400), sssd_be's memory usage remains stable, around 20M. But after the 1st day, the memory usage increases steadily, and finally the login service fails. Do you have any idea about this problem? It looks like memory leak Our system is - Centos 7.4.1708 x86_64 - sssd 1.15.2-50
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
