Jakub Hrozek wrote:
You can also set the dns_discovery_domain to explicitly specify the discovery domain the SSSD should be using.
In the absence of that parameter, the SSSD uses the domain part of the host name.
Thanks, that is good to know.
Instead of DNS discovery I went ahead and hard coded the local AD server (ldap_uri/krb5_server). The server SSSD was using by default was the primary AD located across a VPN and it was introducing a few second delay in authentication due to the latency of the connection.