OD Replica to Load Balance?

[ozpass]

Here’s the setup in question:

2k3 Server with Active Directory. Runs DHCP and DNS.

XServe 10.3.9 OD Master, bound to Active Directory. Groups with Preferences set in Open Directory. Hosts home directories for Active Directory users (via SM.

iMac clients bound to Active Directory and Open Directory.

It’s a fairly standard setup in that the mac clients authenticate against Active directory and have their preferences specified by the OD master (dependent upon which OD group the AD user is in).

The problem is that when 60+ users start logging in to the system, the login times go through the roof. Looking at up to 10 minutes for some users (other blast straight in). The XServe is getting *thrashed* whilst this is going on with both CPU’s at or near 100%.

Our friendly local hardware vendor (surprisingly enough) suggested throwing kit at the problem, but we decided to do a little investigation first. We obtained a dual G5 PowerMac and an unlimited client OS Server 10.3.9. We added this as an OD Replica and bound it to AD.

Only problem is, it just sits there looking pretty! It doesn’t actually authenticate or dole out preferences to any of the clients. Is this just my misunderstanding of what an OD replica is supposed to do? Is it just there as a failover or is it supposed to actually load balance the authentication?

As an aside, KDC is stopped on both servers, despite there being A names and PTR records for both servers in DNS.

Any advice, ideas, input very much appreciated.

Thanks in advance,
Austin.

[Dan Dickinson]

This sounds ridiculously similar to our setup at WMC. I take it you’re doing the 60 logins simultaneously?

I’ve frequently had chokes in instances where I get a lot of students making home directory connections at the same time. The solution, best I could tell, was to work on the disk end of it, not so much the replication end of it.

OD replicas will only load balance the preference serving; all the authentication will be going to the AD servers. If you check the DSLDAPv3 plist on the client machine, you should see the IP of the replica somewhere in there.

[ozpass]

As Dan states, the solution here was to expand the available disk I/O throughput.

Rather than setup one large RAID array, the solution has been to “multi-home” the home areas around several discrete servers, each with a few fast disks.

I’m yet to complete an OD-only setup so I couldn’t state what kind of capacity you could run per-server with Apple hardware, but with Windows 2k3 Servers (twin Xeon 3.0, 2 X U320 SCSI RAID 0) holding the home areas we can accomodate around 300 busy users per box and still have login times well under a minute.

[Author]

Posts