0

I have bunch of RHEL8.6 machines and i need user authentication via Active Directory.

I got machines added to AD-domain with Realmd, made user groups, restricted access to user groups and enabled Sudo for those groups.

However, i'm facing some lag/delay(3-10 seconds) when running commands with sudo.

AD has about 200-250 users total. At the moment there is only one(1) user group with 3 users who has access to RHEL-servers.

All required packages listed with:

realm discover domain.com

is installed.

Is there something i can do in RHEL side to "tune" sudo performance? I would prefer to make changes at RHEL-side because AD is not familiar to me at all.

I'm not very familiar with SSSD or anything related to that so i appreciate every tip.

Thanks already

unix_ike
  • 13
  • 3

1 Answers1

0

The question is old but it may solve the day for someone. I would check first for DNS/LDAP latency issues. Every login is checked against AD every time, so this causes some latency. RedHat also Recommends setting up a site if root DC is geographically distant: check ad_site option: https://www.systutorials.com/docs/linux/man/5-sssd-sudo/

If you already have a site, sssd may not connect to it directly. This is what ad_site achieves.

user148942
  • 1
  • 1
  • Actually i have been talking with redhat support about this and got this solved. I will try to remember to post sssd.conf file here as like you said: ”it may solve the day for someone.” – unix_ike Mar 10 '23 at 14:35