Active Directory Login Delay
I have this thread going on Apple's Support pages too but figured I'd see if anyone else has seen this or has any ideas...
We began deploying OS X after 10.3 came out in our business. From the beginning we integrated our machines to Active Directory using Apple's AD plugin. We use everything from low end G4's to Dual G5's, iMacs, PowerBooks, etc. User caching is turned off.
At first we consistently experienced a 30 second to 1 minute delay after the login window appeared before our users could actually log in. If they attempted to log in before letting this time pass the window simply shook as if they entered incorrect information. When the delay was this short it wasn't a big deal
Since migrating to 10.3.7 and now testing with 10.3.8 we are experiencing up to a 10 minute delay before you can log in, something our users will not accept...
I've tried checking to make sure PortFast is enabled on our switches, etc. but am running out of ideas. Is anyone else experiencing a problem like this, has anyone found a solution or does anyone have any ideas???
I was able to test more yesterday and found that it took almost exactly 7 minutes before I could log in...
The Apple Thread has so far suggested updating prebinding through the terminal and checking the routers to see if Kerberos was blocked. Neither has worked...
Any ideas?
We began deploying OS X after 10.3 came out in our business. From the beginning we integrated our machines to Active Directory using Apple's AD plugin. We use everything from low end G4's to Dual G5's, iMacs, PowerBooks, etc. User caching is turned off.
At first we consistently experienced a 30 second to 1 minute delay after the login window appeared before our users could actually log in. If they attempted to log in before letting this time pass the window simply shook as if they entered incorrect information. When the delay was this short it wasn't a big deal
Since migrating to 10.3.7 and now testing with 10.3.8 we are experiencing up to a 10 minute delay before you can log in, something our users will not accept...
I've tried checking to make sure PortFast is enabled on our switches, etc. but am running out of ideas. Is anyone else experiencing a problem like this, has anyone found a solution or does anyone have any ideas???
I was able to test more yesterday and found that it took almost exactly 7 minutes before I could log in...
The Apple Thread has so far suggested updating prebinding through the terminal and checking the routers to see if Kerberos was blocked. Neither has worked...
Any ideas?
Comments
Here is a copy of our DirectoryService.server.log related to a reboot. As you can see I shut down the machine at 3:14 and it was basically back up at 3:15. However, immediately after Active Directory completed loading we got two "Network transition occurred" that were about three minutes appart. I was finally able to log in and immediately did an uptime in the terminal and received that the machine had been up for 7 minutes at 3:22.
2005-02-15 15:14:42 CST - Shutting down DirectoryService...
2005-02-15 15:15:19 CST -
2005-02-15 15:15:19 CST - DirectoryService 1.8.2 (v257.1) starting up...
2005-02-15 15:15:20 CST - Plugin <Configure>, Version <1.6>, processed
successfully.
2005-02-15 15:15:20 CST - Plugin <NetInfo>, Version <1.6>, processed
successfully.
2005-02-15 15:15:20 CST - Plugin <LDAPv3>, Version <1.6.5>, processed
successfully.
2005-02-15 15:15:20 CST - Plugin <Search>, Version <1.6.1>, processed
successfully.
2005-02-15 15:15:20 CST - Plugin "Active Directory", Version "1.0.6", is set
to load lazily.
2005-02-15 15:15:20 CST - Plugin "AppleTalk", Version "1.1", is set to load
lazily.
2005-02-15 15:15:20 CST - Plugin "BSD", Version "1.1", is set to load
lazily.
2005-02-15 15:15:20 CST - Plugin "PasswordServer", Version "2.0.4", is set
to load lazily.
2005-02-15 15:15:20 CST - Plugin "Rendezvous", Version "1.1.2", loaded
successfully.
2005-02-15 15:15:20 CST - Plugin "SLP", Version "1.1.2", is set to load
lazily.
2005-02-15 15:15:20 CST - Plugin "SMB", Version "1.1.4", is set to load
lazily.
2005-02-15 15:15:20 CST - Registered node ~Configure
2005-02-15 15:15:20 CST - Plug-in Configure state is now active.
2005-02-15 15:15:20 CST - Plug-in LDAPv3 state is now active.
2005-02-15 15:15:20 CST - Registered node ~NetInfo~DefaultLocalNode
2005-02-15 15:15:20 CST - Plug-in NetInfo state is now active.
2005-02-15 15:15:20 CST - Plug-in Rendezvous state is now active.
2005-02-15 15:15:20 CST - Registered Locally Hosted Node
~NetInfo~DefaultLocalNode
2005-02-15 15:15:21 CST - Registered node ~Search
2005-02-15 15:15:21 CST - Registered node ~Search~Contacts
2005-02-15 15:15:21 CST - Registered node ~Search~Network
2005-02-15 15:15:21 CST - Plug-in Search state is now active.
2005-02-15 15:15:21 CST - Plug-in Active Directory state is now active.
2005-02-15 15:15:21 CST - Plugin "Active Directory", Version "1.0.6", loaded
on demand successfully.
2005-02-15 15:15:24 CST - Network transition occurred.
2005-02-15 15:18:36 CST - Network transition occurred.
2005-02-15 15:22:02 CST - Plug-in SLP state is now active.
2005-02-15 15:22:02 CST - Plugin "SLP", Version "1.1.2", loaded on demand
successfully.
2005-02-15 15:22:02 CST - Plug-in SMB state is now active.
2005-02-15 15:22:02 CST - Plugin "SMB", Version "1.1.4", loaded on demand
successfully.
2005-02-15 15:22:02 CST - Plug-in AppleTalk state is now active.
2005-02-15 15:22:02 CST - Plugin "AppleTalk", Version "1.1", loaded on
demand successfully.
Any other ideas?
We had problems with 2000, but 2003 works great.
I added most of the servers involved to the local netinfo hosts and it was much faster after that.
I don;t know if this works in your case tho.
Dobby.