Hi All!
Work very well with sssd+ad provider, but sudo su - very slow working when running first time(running again <1sec), user1@host$ sudo su - ( slow ~ 8-15 sec).
user1 domain user - member of many groups (+300) in Active Directory.
/etc/sssd/sssd.conf:
[domain/default] cache_credentials = true ignore_group_members = true
[domain/domain.local] debug_level = 6 id_provider = ad ad_server = msa-dc13. domain.local, msk-dc11. domain.local ad_domain = domain.local ad_hostname = msa-mailsys1.domain.local override_homedir = /home/%u override_shell = /bin/bash ignore_group_members = true
# FILTER access_provider = simple simple_allow_groups = ROL-Linux-Admin
[sssd] services = nss, pam, sudo cache_credentials = true config_file_version = 2 domains = domain.local [nss] debug_level= 6 [pam]
[sudo] #debug_level = 9
In /var/log/sssd/sssd_nss.log more requesting to domain,when run sudo first time. Whether it is possible to cache operations with sudo or or some other way to get around there is the problem?
-- Eugene