Home Forums OS X Server and Client Discussion Active Directory 2 min. wait before network login works

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • July 18, 2008 at 11:31 pm #373444
    Atari800
    Participant

    I just finished setting up an AD/OD “magic triangle” configuration. Clients (10.4.11 PPC) authenticate with an AD server (Win2K3) , then auto-mount home directories hosted via AFP by an OD server (10.5.4 Server PPC). The trouble is, if you boot up a client you have to wait two minutes after the login window appears before you can login as an AD user! I’ve timed it several times and it’s very consistent. Local users can login immediately. If I wait the two minutes I can login as an AD user, then logout, then log back in again, etc. It’s just after the initial boot-up that you have to wait the two minutes.

    Does Directory Services start up after the login window appears? I’ve seen this behavior in pure OD environments, but I’ve never investigated it in depth. Anyone know anything about this delay?

    Thanks!

    P.S. I don’t think this issue has anything to do with AD or OD specifically, but because it has to do with network logins and because this is my first stab at setting up a mixed AD/OD environment, I figured I’d post it in here.

    July 20, 2008 at 2:32 am #373451
    zanzan42
    Participant

    In my environment, it’s about 30 seconds before the “network accounts available” button turns green in loginwindow. BTW, you might want to set your loginwindow to display that as the default rather than the machine name, otherwise you have to click through the other information in loginwindow to get to it. I can’t remember the command off the top of my head, but I originally used the Secrets preference pane add-in to set it that way.

    Since my machines are bound to both OD and AD, “network accounts available” shows yellow first (one of the directories the machine is bound to is responding, I’m assuming OD), then goes green after that 30 second wait. Not sure whether it’s an issue of the DCs being a couple miles away in a different building, or if it’s just an issue of loginwindow launching before directoryservices is done preparing itself.

    Zanzan

    July 25, 2008 at 3:40 pm #373520
    Atari800
    Participant

    MacTroll:

    Thanks for the suggestions. As far as I can tell, I have DNS setup properly. All my servers have DNS entries. My clients shouldn’t need to be listed in DNS, should they? When I have time I plan to examine a network dump and see what’s happening. This week I’ve been out of the office cleaning and refitting lab machines, so I haven’t had a chance to even think about the Macs. 😉

    zanzan42:

    The AD servers are about 13 miles from my Mac servers. 🙂

    That login window network accounts status light is brilliant!! I used Bombich’s Login Window Manager to set it up on a test system and it works great. Even if I somehow manage to shorten the delay, I think I’ll use the status light anyway. I’d never have stumbled on that one myself. Thank you!

    July 27, 2008 at 5:04 pm #373530
    larkost
    Participant

    Your DNS entries have to be correct for both forward and reverse queries. This is what trips up many people as Windows clients default back to NetBUI values and skip DNS altogether. MacOS X does not have the luxury.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.