- Jamf Nation Community
- Products
- Jamf Pro
- Slow login after binding to AD
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Slow login after binding to AD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 04:16 AM
Hi,
Need help with this issue regarding slow login in AD. It happen if it's out of network or off premises. It takes about 40-55 seconds to login after entering the password. Most of our Mac's are running El Capitan and Yosemite. Our AD ends with .local
I've tried all possible feedback from here and other Forums... Tried the following workaround.
1. sudo /usr/bin/defaults write /Library/Preferences....
2. https://discussions.apple.com/thread/2143988?start=105&tstart=0
3. Add .local to all of my Network Interface
etc. etc..
Is there away to reduce the login time?
Thanks so much.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 04:38 AM
The extra login time is caused by the Mac trying to authenticate against the AD first, timing out then resorting to cached credentials. I know of no way to adjust the timeout, and doing so would probably cause other issues if set to aggressively anyway.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 04:54 AM
Thanks, @franton. Can we try it?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 04:56 AM
I know of no way to adjust the timeout, and doing so would probably cause other issues if set to aggressively anyway.
emboldened for clarity.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 04:59 AM
Oh okay. It's just that 40-55 seconds login is really slow. most of our users hated it. Once connected to the network is really fine after fine tuning the DSBindTimeout. The thing is I can't find any better suggestion in most of the forums.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 05:10 AM
The common fix in this scenario is to lower the LDAP lookup timeout so it "gives up" quicker. I don't have the details to hand but from memory it's a login window key.
As @franton mentioned, this is a risky thing to do. If you set it too low, the login window will always give up too quickly and you won't be able to authenticate against the domain at all. Apple may also overwrite your customizations at any point with an OS update, or just remove the functionality.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 05:55 AM
Lowering the DSBindTimeout value has been very successful for me. I've been using it for several years and haven't found any issues.
10 seconds is a conservative value and a good place to start. Think about it this way: If the Mac doesn't find the domain within 10 seconds....whats the chances it is going to find it? If you are on the LAN does it ever take 10 seconds to login? If yes then you could set a higher value, but most likely 10 will get the job done.
FWIW this setting has survived 10.9-10.10-10.11 upgrades for me.
sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow DSBindTimeout -int 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-12-2016 03:21 PM
We have been using the method @Josh.Smith mentioned with great success.
