Painfully slow login to AD bound Leopard machine when off home network

[geebee]

Dear all

Just looking for a little help with this problem that seems to trip a lot of people up and is causing me no end of grief.

I have a number of fully patched Leopard machines that are bound to my AD (Server 2003).

When on the home network, logging in seems swift and works as expected.

When users take the machines off site, login can take 5 minutes or more. The user adds correct credentials but the desktop does not appear for a very long time.

When I have tried logging in using a local Admin account, switching off Airport and then logging in using an AD account, login is once again swift again.

It all seems as if Leopard is finding a suitable wireless network, spending far too long looking for the Domain before eventually giving up and using the cached credentials instead.

I have read that disabling Bonjour on the machine will stop this problem (i have not yet tested)

http://www.macwindows.com/leopardAD.html#111607z

…but I am reluctant to use this “Solution” as I would like to be able to use Bonjour on the local network as well as having AD-bound machines.

However, is disabling Bonjour really the only answer? Is there not some time-out setting somewhere that could be amended to stop Leopard spending forever looking for home?

Any help would be very gratefully received

Thanks

Gordon

[Simon.Laird]

Hi Gordon, have you had any more luck with this yet? I’m facing the same issue and I really want to get it resolved. Read all about the supposed ‘fix’ of turning off Bonjour however as it’s part of the mDNSResolver doing that pretty much disabled your DNS, as I found out when I tested it. I really don’t know how so many people found that as a suitable fix..

It is also possible to disable the Bonjour service adverts without switching off the mDNSResolver however that doesn’t solve the login issue either.

I thought I’d cracked it when I found this article on MacEnterprise – [url]http://www.macenterprise.org/articles/fixingactivedirectorytimeoutvalues[/url]
It talks specifically about this issue and how to resolve it but it must have been for a much earlier edition of Mac OS as the files are no longer structured in the same way. There is still an LDAP timeout that can be adjusted though but again… it did not resolve the issue for me.

I finally decided to call Apple Enterprise support and see what they had to say…. and they said that they want €700 just to look at the issue. If I can get that amount cleared by the boss then I’l take it up with them.

So, no solution but MAYBE this extra info might help get anyone reading this point us in the right direction.

Simon

[xenedar]

We added a startup item to turn off the AirPort card when the computer is starting up. This helps prevent the computer from automatically jumping on the user’s home network, causing Login Window to spend 5 minutes or more slamming into the brick wall that is the firewall around our Active Directory domain before it finally times out.

With no network, the computer auths locally using the cached data and logs in immediately. Once logged in, they can then turn the wireless card back on to use their personal network.

From memory, something like:
networksetup -setairportpower off

[Author]

Posts