Jakub Hrozek wrote:
You can also set the dns_discovery_domain to explicitly specify the
discovery domain the SSSD should be using.
In the absence of that parameter, the SSSD uses the domain part of the
host name.
Thanks, that is good to know.
Instead of DNS discovery I went ahead and hard coded the local AD server
(ldap_uri/krb5_server). The server SSSD was using by default was the
primary AD located across a VPN and it was introducing a few second
delay in authentication due to the latency of the connection.