Help

Slow AD User Logins w/ 10.7.X

Go to solution
mcrispin
Contributor II

Posted on ‎10-12-2012 07:37 AM

Is anyone experiencing consistent 5+ minute delay on logins for machines bound to Win AD 2008 R2 on Lion only? ML does not seem to have this issue.

We've regressed the issue to the point that it might be caused by some configuration issue when using the Casper bind as part of the imaging process.

I know the question is a bit vague, but I don't want to overdetermine this. Thank you!

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
cgordy
Contributor

Posted on ‎10-15-2012 07:20 AM

I have seen this before - our environment sounds just like yours.

Here's what we did to shave time off our logins-

1) Settings --> Network-->Set Service Order
TO set service order, click the gear icon slightly above the Padlock in the lower lefthand corner. IF WiFi is your connection method, drag it to the top.

2) In Directory Utility, set your Preferred Server for authentication rather than the default setting Allow authentication from and domain in the forest.

Once 10.7.4 was released, our login times greatly improved.
Even though we were able to get login times down to a minute or less, we did stop putting Mac OS devices on our domain and just create a Standard User account for the enduser to login as.

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
jarednichols
Honored Contributor

Posted on ‎10-12-2012 08:33 AM

Does your domain end in .local?

0 Kudos

Go to solution
mcrispin
Contributor II

Posted on ‎10-12-2012 12:13 PM

no, not a NAT environment at all, the AD has a valid FQDN ending in .edu.

0 Kudos

Go to solution
donmontalvo
Esteemed Contributor III

Posted on ‎10-12-2012 01:55 PM

First login will take time since dscl has to cache the entire AD list. Second time would be faster. Is it slow for the first login only Lion?

--
https://donmontalvo.com
0 Kudos

Go to solution
mcrispin
Contributor II

Posted on ‎10-13-2012 10:01 AM

This is not limited to a first login, this is persistent despite multiple attempts (meaning, the user folder is already created and credentials in the local). It is slow only in Lion -- I know the answer is to "Go to Mountain Lion", but that would be significantly disruptive to classes, etc.

0 Kudos

Go to solution
jwojda
Valued Contributor II

Posted on ‎10-15-2012 07:10 AM

We have a similar issue (except in ML not Lion) with our offshore site. Accounts work fine here, over there we had about an 8-10min login time. When we created a test user with minimal groups the login times improved dramatically. We also had an errant nested group, removing that helped too.

0 Kudos

Go to solution
cgordy
Contributor

Posted on ‎10-15-2012 07:20 AM

I have seen this before - our environment sounds just like yours.

Here's what we did to shave time off our logins-

1) Settings --> Network-->Set Service Order
TO set service order, click the gear icon slightly above the Padlock in the lower lefthand corner. IF WiFi is your connection method, drag it to the top.

2) In Directory Utility, set your Preferred Server for authentication rather than the default setting Allow authentication from and domain in the forest.

Once 10.7.4 was released, our login times greatly improved.
Even though we were able to get login times down to a minute or less, we did stop putting Mac OS devices on our domain and just create a Standard User account for the enduser to login as.

0 Kudos