Login window delay after logging in

bbot
Contributor

I'm wondering if anyone else is seeing this issue.
I've been able to replicate it on 10.9.5 and 10.10.4.

The issue is when people are WAKING their computers from sleep(usually when they close the lid and walk to a meeting), then after entering their password to login, it sits on the login page for about 10-20 seconds and then takes them in.

Setting the DSBind Timeout -int 10 fixes the delay at initial login, but not waking from sleep.
We are using active directory. It doesn't seem to happen all the time.

42 REPLIES 42

apizz
Valued Contributor

@Crowe87 this is a well known issue that we experienced ourselves and had to learn the hard way.

3eb4fde0bdc9451da2c6b629a87cbfef

It has to do with the deriving of the UNC path setting in Directory Bindings. Just uncheck that box. You can update this setting on already deployed machines by running the following command:

sudo dsconfigad -useuncpath disable

If you use this to derive the user's network folder, you'll also want to disable the sharepoint setting as well:

sudo dsconfigad -sharepoint disable

We use a script developed by amsys to mount user network folders on the Desktop when they login to a machine: https://github.com/amsysuk/public_scripts/tree/master/mount_SMBHome

Crowe87
New Contributor

@aporlebeke Thanks for the reply mate.

Tried adding in these commands but the problem still persists.

What I've noticed is when the little orange dot does not appear in user name field the login fails. On occasion it will be there when the computer connects using the loginwindow credentials, but most of the time it will not appear until the second time you try to log in.

NightFlight
New Contributor III

Still seeing randomly lost bindings and random lockouts on wake from sleep across our enterprise with multiple domains. It's not the AD, its the crappy implementation of the AD plug-in on macOS. You could write your own before Apple will fix it.

It's gotten to a point I have to customize my krb5 and hosts file looping back all unreachable DC to 127.0.0.1 (on one of our domains we have over 100 DC and mostly unreachable) to get any sort of semblance of functionality out of AD. Why Apple can't fix this over the course of the last decade is simply beyond me.