Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1672527
Description of problem: In RHEL-7.6 mounting a CIFS share takes a long time (54s) to complete. The same mount completes on a RHEL-7.5 system within 3s. The machine uses SSSD and 'krb5' as 'auth' and 'chpass' provider. The /etc/krb5.conf contains a list of AD domain controllers. It turns out that cifs.upcall interferes with the 'kdcinfo' file from the SSSD locator plugin. When this file is in place and 'krb5_use_kdcinfo' is set to 'true' in sssd.conf (which is the default), we see unwanted krb5 kpasswd packets going to the AD DC stored in the 'kdcinfo' file. Removing 'kdcinfo' or setting 'krb5_use_kdcinfo' to 'false' resolves the issue. Version-Release number of selected component (if applicable): sssd-1.16.0-19.el7_5.8.x86_64 How reproducible: Always Steps to Reproduce: 1. Configure a RHEL-7.6 machine as AD client using SSSD with 'ldap' as identity provider and 'krb5' as 'auth' and 'chpass' provider 2. Make sure /var/lib/sss/pubconf/kdcinfo.* exists and contains one of the AD DC IP's 3. Mount an AD CIFS share using an AD account with krb5 security options Actual results: It takes very long for the mount to complete. Expected results: Mount completes immediately. Additional info:
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1672527
The underlying reason for this issue is that if the kpasswdinfo file is created as well its content is used for the MIT specific master KDC lookup. But unfortunately the port number 464 is not replaced with the expected port number 88 for master KDCs.
https://github.com/SSSD/sssd/pull/758
Commit 05350ab relates to this ticket
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.1
Metadata Update from @jhrozek: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @jhrozek: - Issue assigned to sbose
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4932
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.