Re: [SSSD-users] sudo very slow

Actually, numerous things are slow (including logins), but the sudo example is quite easy to reproduce. Am new to SSSD so I'm assuming this is something I've misconfigured. Here's my config: [sssd] config_file_version = 2 domains = domain.com services = nss, pam debug_level = 0 override_space = _ [nss] debug_level = 0 override_shell = /bin/bash allowed_shells = /bin/bash, /bin/tcsh vetoed_shells = /bin/csh shell_fallback = /bin/bash [pam] debug_level = 0 [domain/domain.com] debug_level = 0 id_provider = ad ; access_provider = ad ; ad_access_filter = memberOf=CN=ISTUnix,DC=domain,DC=com access_provider = simple simple_allow_groups = istunix krb5_realm = DOMAIN.COM override_homedir = /home/%u ldap_referrals = false sudoers is fairly simple -- just defaults save for the following: %istunix ALL=(ALL) NOPASSWD: ALL However, when I run 'sudo su -' as a test, it can take 20+ seconds for it to succeed. Debug logs seem to show SSSD querying many groups. I can post debug logs if someone thinks they'll be useful -- but am hoping there's some obvious best practice I'm missing.