Hello, After a primary DNS server problem, I have realized that the IDM client has a timeout of 60 s for the log in. As the primary DNS was not working, server used the secondary DNS and it takes 4s for resolving any name, as I use AD users, on the authentication phase, all AD servers must be translated (9 servers) so it makes the authentication very slow and timeout of 60 s is triggered. I have modified the resolv.conf to make the transition to the second DNS server faster (resolving any name takes 2s), and then authentication is done on 48s so it works. But what I want to know is how to modify those 60s of timeout. I have checked the logs with debug_level = 9 and I don't see the "timeout" log. I have also changed (on client side): krb5_auth_timeout = 190 pam_id_timeout = 190 but it still have the timeout at 60s the client is: RHEL 6.10 (but I think it happens the same on RHEL 7) sssd-client-1.13.3-60.el6_10.2.x86_64 ipa-client-3.0.0-51.el6.x86_64 sssd.conf: [domain/IPAdomain] krb5_auth_timeout = 190 cache_credentials = True krb5_store_password_if_offline = True ipa_domain = IPAdomain id_provider = ipa auth_provider = ipa access_provider = ipa ldap_tls_cacert = /etc/ipa/ca.crt ipa_hostname = CLIENT.domain.org chpass_provider = ipa ipa_server = _srv_, IPASERVER1, IPASERVER2 dns_discovery_domain = IPAdomain [sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = IPAdomain default_domain_suffix = AD.domain [nss] filter_groups = root filter_users = root,iccsecure,tomcat,oracle reconnection_retries = 3 [pam] reconnection_retries = 3 pam_id_timeout = 190 [sudo] [ssh] On the Server side: RHEL 7.6 sssd-1.16.2-13.el7_6.8.x86_64 ipa-server-4.6.4-10.el7_6.3.x86_64 sssd.conf: [domain/IPAdomain] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = IPAdomain id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = IPASERVER1 chpass_provider = ipa ipa_server = IPASERVER1 ipa_server_mode = True ldap_tls_cacert = /etc/ipa/ca.crt subdomain_homedir = %o [sssd] config_file_version = 2 services = nss, sudo, pam, ssh domains = IPAdomain [domain/IPAdomain/ADdomain] ldap_search_base = ou=XXX,dc=XXXX,dc=XXXXX,dc=XXX [nss] filter_groups = root filter_users = root, iccsecure, tomcat, oracle reconnection_retries = 3 memcache_timeout = 600 homedir_substring = /home [pam] reconnection_retries = 3 [ssh] [sudo] I have attached the logs, timeout is triggered at 12:21:50 Thanks & Regards.