0

I have configured Centos with nss-pam-ldapd and seems to work fine. ( I can login with my AD credentioals). Except there seems to be a delay of about 20-30 seconds before I can log in.

I also set-up SSH with keys, so I know the connection can be made fast (if I use my private key I get in < 1s)

Is there a log file that I can inspect to see where the delay is coming from? Or any other debugging tips?

[Edit]

I see this in the logs:

May 27 16:07:04 machine1 unix_chkpwd[7699]: password check failed for user (robau)
May 27 16:07:04 machine1 sshd[7697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.125.24  user=robau
May 27 16:07:20 machine1 sshd[7697]: pam_ldap: ldap_result Timed out
May 27 16:07:20 machine1 sshd[7697]: pam_ldap: ldap_result Timed out
May 27 16:07:20 machine1 sshd[7697]: Accepted password for robau from 192.168.125.24 port 34788 ssh2
Rob Audenaerde
  • 315
  • 1
  • 5
  • 16
  • I know I am not answering your question, but using sssd with the ad provider would probably be a bit more straightforward. Starting with RHEL-6.8, there is even the adcli client utility in RHEL which might help. – jhrozek May 30 '16 at 07:32
  • I'm on CentOS 6.8 Does that come with the same options? – Rob Audenaerde May 30 '16 at 07:37
  • centos is just a rebuild of rhel, so yeah :) – jhrozek May 30 '16 at 12:23
  • Ah yes. I found a nice pdf of red hat describing four scenario's for this. I now use kerberos/samba/sssd combination that is a lot faster. – Rob Audenaerde May 30 '16 at 12:33

0 Answers0