Active Directory Login Delay

Posted:
in Genius Bar edited January 2014
I have this thread going on Apple's Support pages too but figured I'd see if anyone else has seen this or has any ideas...



We began deploying OS X after 10.3 came out in our business. From the beginning we integrated our machines to Active Directory using Apple's AD plugin. We use everything from low end G4's to Dual G5's, iMacs, PowerBooks, etc. User caching is turned off.



At first we consistently experienced a 30 second to 1 minute delay after the login window appeared before our users could actually log in. If they attempted to log in before letting this time pass the window simply shook as if they entered incorrect information. When the delay was this short it wasn't a big deal



Since migrating to 10.3.7 and now testing with 10.3.8 we are experiencing up to a 10 minute delay before you can log in, something our users will not accept...



I've tried checking to make sure PortFast is enabled on our switches, etc. but am running out of ideas. Is anyone else experiencing a problem like this, has anyone found a solution or does anyone have any ideas???



I was able to test more yesterday and found that it took almost exactly 7 minutes before I could log in...



The Apple Thread has so far suggested updating prebinding through the terminal and checking the routers to see if Kerberos was blocked. Neither has worked...



Any ideas?

Comments

  • Reply 1 of 3
    More Info:



    Here is a copy of our DirectoryService.server.log related to a reboot. As you can see I shut down the machine at 3:14 and it was basically back up at 3:15. However, immediately after Active Directory completed loading we got two "Network transition occurred" that were about three minutes appart. I was finally able to log in and immediately did an uptime in the terminal and received that the machine had been up for 7 minutes at 3:22.



    2005-02-15 15:14:42 CST - Shutting down DirectoryService...

    2005-02-15 15:15:19 CST -



    2005-02-15 15:15:19 CST - DirectoryService 1.8.2 (v257.1) starting up...

    2005-02-15 15:15:20 CST - Plugin <Configure>, Version <1.6>, processed

    successfully.

    2005-02-15 15:15:20 CST - Plugin <NetInfo>, Version <1.6>, processed

    successfully.

    2005-02-15 15:15:20 CST - Plugin <LDAPv3>, Version <1.6.5>, processed

    successfully.

    2005-02-15 15:15:20 CST - Plugin <Search>, Version <1.6.1>, processed

    successfully.

    2005-02-15 15:15:20 CST - Plugin "Active Directory", Version "1.0.6", is set

    to load lazily.

    2005-02-15 15:15:20 CST - Plugin "AppleTalk", Version "1.1", is set to load

    lazily.

    2005-02-15 15:15:20 CST - Plugin "BSD", Version "1.1", is set to load

    lazily.

    2005-02-15 15:15:20 CST - Plugin "PasswordServer", Version "2.0.4", is set

    to load lazily.

    2005-02-15 15:15:20 CST - Plugin "Rendezvous", Version "1.1.2", loaded

    successfully.

    2005-02-15 15:15:20 CST - Plugin "SLP", Version "1.1.2", is set to load

    lazily.

    2005-02-15 15:15:20 CST - Plugin "SMB", Version "1.1.4", is set to load

    lazily.

    2005-02-15 15:15:20 CST - Registered node ~Configure

    2005-02-15 15:15:20 CST - Plug-in Configure state is now active.

    2005-02-15 15:15:20 CST - Plug-in LDAPv3 state is now active.

    2005-02-15 15:15:20 CST - Registered node ~NetInfo~DefaultLocalNode

    2005-02-15 15:15:20 CST - Plug-in NetInfo state is now active.

    2005-02-15 15:15:20 CST - Plug-in Rendezvous state is now active.

    2005-02-15 15:15:20 CST - Registered Locally Hosted Node

    ~NetInfo~DefaultLocalNode

    2005-02-15 15:15:21 CST - Registered node ~Search

    2005-02-15 15:15:21 CST - Registered node ~Search~Contacts

    2005-02-15 15:15:21 CST - Registered node ~Search~Network

    2005-02-15 15:15:21 CST - Plug-in Search state is now active.

    2005-02-15 15:15:21 CST - Plug-in Active Directory state is now active.

    2005-02-15 15:15:21 CST - Plugin "Active Directory", Version "1.0.6", loaded

    on demand successfully.

    2005-02-15 15:15:24 CST - Network transition occurred.

    2005-02-15 15:18:36 CST - Network transition occurred.

    2005-02-15 15:22:02 CST - Plug-in SLP state is now active.

    2005-02-15 15:22:02 CST - Plugin "SLP", Version "1.1.2", loaded on demand

    successfully.

    2005-02-15 15:22:02 CST - Plug-in SMB state is now active.

    2005-02-15 15:22:02 CST - Plugin "SMB", Version "1.1.4", loaded on demand

    successfully.

    2005-02-15 15:22:02 CST - Plug-in AppleTalk state is now active.

    2005-02-15 15:22:02 CST - Plugin "AppleTalk", Version "1.1", loaded on

    demand successfully.



    Any other ideas?
  • Reply 2 of 3
    What version of Windows Server are you using?



    We had problems with 2000, but 2003 works great.
  • Reply 3 of 3
    dobbydobby Posts: 796member
    I had a problem with long login delays when authenticating to an OpenLDAP domain and the host resolution was stuffed.

    I added most of the servers involved to the local netinfo hosts and it was much faster after that.

    I don;t know if this works in your case tho.



    Dobby.
Sign In or Register to comment.