ansible-lockdown/UBUNTU22-CIS

After run this rule and now login take longer time

TCP-88 opened this issue · 4 comments

TCP-88 commented

Question
after apply this rule and when i login to the server from ssh or console and it take long time to log me in.
this is after key in password and it take long time to return to shell. (but root login from console no issue)

Environment (please complete the following information):

  • Ansible Version: [2.15.8]
  • Host Python Version: [3.10.12]
  • Ansible Server Python Version: [3.10.12]
  • Additional Details:

hi @TCP-88

Thank you for raising the issue, but trying to understand which control you are having issues with.
If i read this correctly it as first appears to be possibly DNS, pam related as these can slow down authentication. But without know the control number you are referring to im afraid i am unable to be of much help.

Many thanks

uk-bolly

Hi Bolly,

Thanks for reply. after i troubleshoot and i notice that when i try to login domain users and i have this issue. local account no issue. i just run the ansible with the roll without exclude anything.

Hi Team,

i have resolved the problem by added this in /etc/sssd/sssd.conf

ldap_opt_timeout = 20
ldap_network_timeout = 20
dns_resolver_timeout = 20
ad_enabled_domains = example.com
ad_server = example

hi @TCP-88

Great news you've managed to find this fix for your configuration.

Best regards

uk-bolly