- Jamf Nation Community
- Products
- Jamf Pro
- Re: Slow AD User Logins w/ 10.7.X
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2012 07:37 AM
Is anyone experiencing consistent 5+ minute delay on logins for machines bound to Win AD 2008 R2 on Lion only? ML does not seem to have this issue.
We've regressed the issue to the point that it might be caused by some configuration issue when using the Casper bind as part of the imaging process.
I know the question is a bit vague, but I don't want to overdetermine this. Thank you!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-15-2012 07:20 AM
I have seen this before - our environment sounds just like yours.
Here's what we did to shave time off our logins-
1) Settings --> Network-->Set Service Order
TO set service order, click the gear icon slightly above the Padlock in the lower lefthand corner. IF WiFi is your connection method, drag it to the top.
2) In Directory Utility, set your Preferred Server for authentication rather than the default setting Allow authentication from and domain in the forest.
Once 10.7.4 was released, our login times greatly improved.
Even though we were able to get login times down to a minute or less, we did stop putting Mac OS devices on our domain and just create a Standard User account for the enduser to login as.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2012 08:33 AM
Does your domain end in .local?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2012 12:13 PM
no, not a NAT environment at all, the AD has a valid FQDN ending in .edu.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-12-2012 01:55 PM
First login will take time since dscl has to cache the entire AD list. Second time would be faster. Is it slow for the first login only Lion?
--
https://donmontalvo.com
https://donmontalvo.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-13-2012 10:01 AM
This is not limited to a first login, this is persistent despite multiple attempts (meaning, the user folder is already created and credentials in the local). It is slow only in Lion -- I know the answer is to "Go to Mountain Lion", but that would be significantly disruptive to classes, etc.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-15-2012 07:10 AM
We have a similar issue (except in ML not Lion) with our offshore site. Accounts work fine here, over there we had about an 8-10min login time. When we created a test user with minimal groups the login times improved dramatically. We also had an errant nested group, removing that helped too.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-15-2012 07:20 AM
I have seen this before - our environment sounds just like yours.
Here's what we did to shave time off our logins-
1) Settings --> Network-->Set Service Order
TO set service order, click the gear icon slightly above the Padlock in the lower lefthand corner. IF WiFi is your connection method, drag it to the top.
2) In Directory Utility, set your Preferred Server for authentication rather than the default setting Allow authentication from and domain in the forest.
Once 10.7.4 was released, our login times greatly improved.
Even though we were able to get login times down to a minute or less, we did stop putting Mac OS devices on our domain and just create a Standard User account for the enduser to login as.
