LDAP connection Time Out.

mintzd01
New Contributor III
New Contributor III

Hi All,

I'm in the process of integrating mac into a windows AD environment. 100% of the hardware for mac will be portable so we will be using mobile accounts.

At logout we have an issue which causes the machine to hang when not connected to the network. This could be because the user went to a meeting or left the office for the day with the lid shut and the later on in the day they go to log out and cant.

I am trying to edit LDAP Timeout in the Active Directory.plist file in /Library/Prefrences/Directory Services but can not seem to see the file in there. Has this moved in 10.8.3?

Have any of you guys has the same problem trying to locate the plist?

Thanks

Dan

4 REPLIES 4

mm2270
Legendary Contributor III

The file you're looking for is now in:

/Library/Preferences/OpenDirectory/Configurations/Active Directory/

Not exactly why Apple is shoving that into the OpenDirectory folder now. Its not very obvious to look in there for it, but that's where you'll find your ADDomain.plist file.

That said, I would look further into your issue before trying to modify that file. Its buried and protected for a reason. The issue may return until you find the source of your problem. We use mobile accounts here as well (99% laptops) and we don't have timeout problems at logout while off the network.
Start by looking at your binding configuration. Post it here perhaps. We may see something in there that's causing the problem.

mintzd01
New Contributor III
New Contributor III

Hi,

adtest:~ daniel.mintz$ dsconfigad -show
Active Directory Forest = squaregroup.co.uk
Active Directory Domain = squaregroup.co.uk
Computer Account = adtest$

Advanced Options - User Experience Create mobile account at login = Enabled Require confirmation = Enabled Force home to startup disk = Enabled Mount home as sharepoint = Enabled Use Windows UNC path for home = Enabled Network protocol to be used = smb Default user Shell = /bin/bash

Advanced Options - Mappings Mapping UID to attribute = not set Mapping user GID to attribute = not set Mapping group GID to attribute = not set Generate Kerberos authority = Enabled

Advanced Options - Administrative Preferred Domain controller = not set Allowed admin groups = not set Authentication from any domain = Enabled Packet signing = allow Packet encryption = allow Password change interval = 14 Restrict Dynamic DNS updates = not set Namespace mode = domain

mm2270
Legendary Contributor III

Yours is almost identical to ours (minus of course the specific AD domain stuff) except for one difference, which is the Require confirmation on mobile account creation. Ours is set to Disabled, but I highly doubt that is causing your issue since that should only affect things on first login and have nothing to do with logout.
Let me ask - are your accounts mounting a home share when users log in? If so, is it possible that share is still mounted at logout and its having some trouble with that?

Hopefully someone else will have some ideas, because nothing other than that possibility is sticking out at me. Sorry I can't be of more help.

mintzd01
New Contributor III
New Contributor III

Hi

Yes they do mount a share. Which is causing the issue. I did change the timeout variable and this has improved it to what I would class as an expectable time. I now need to move this theory from our test environment into the clients network and see if this helps.

Would still be good to see if any other users have encountered anything like this or have anything to bring to this.

Dan