Yes, definitely hitting timeout - our firewall is configured to drop the traffic rather
than rejecting it.
Will try to configure for reject - that could do the job.
Ondrej
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek
Sent: 03 July 2015 10:55
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] AD site recognition with sssd version 1.11.5
On Fri, Jul 03, 2015 at 08:15:47AM +0000, Ondrej Valousek wrote:
Hi Frank,
Yes, that would work, indeed. The thing is, that it would cripple down roaming users that
travels between sites.
But thanks for the hint, anyway.
I don't really have time to do many tests right now, but I would suggest the DNS
timeout:
dns_resolver_timeout
and the LDAP timeouts:
ldap_search_timeout
ldap_network_timeout
ldap_opt_timeout
btw the defaults are alrady 6 seconds which is quite high, are you sure you're hitting
timeouts?
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.