Unacceptable Delay using AD authentication

[OkiKowai]

The problem I am having is similar to the topic: “Active Directory Home Folder problems with 10.4 and higher” posted on 11/2/05. However, I have very distinct differences.

I am having a problem at a particular school. They have two labs of eMacs running 10.4.5 on about half and 10.4.8 on the other half. We upgraded the one group to 10.4.8 to make sure it didn’t fix the issue and it didn’t. They are authenticating to the main domain controller (we’ll call it dc1) and then mounting their network home folder which is stored on a das (we’ll just call it das). Both dc1 and das are running Windows Server 2003. When they login, the eMacs are configured to create Mobile Accounts after a confirmation. In other words I have Create mobile account at login, Require confirmation before creating a mobile account, Force local home directory on startup disk, and Use UNC path from Active Directory to derive network home location (using SMB). Default user shell set to /bin/bash. Here is the problem as I have found:

If the user does not have a home folder, it logs in without any serious delay. If they login with their home folder on the das, then they get a 15 min. to 1.5 hour delay (if not longer). If I put their home folder on an older Windows 2000 Server, they get a slight delay but still quicker than when logging into the das. When I checked the system logs I found out something interesting. When logging into the Windows 2000 server, the delay was caused by the fact that it was failing to mount the home folder on the first attempt. It would take 3 or so tries. When logging into the Windows 2003 server the same thing could be found, but it also tried to mount every other mobile account user on that specific machine’s (not the users on the server) home folder. So if we re-image the machine it is fine for about a month. It seems that once the number of mobile accounts gets to 20-30 users, the delays start. If there are no mobile accounts on the machine, the login works without any delays.

So I have a few questions. Can anyone answer why the Mac is trying to mount the other mobile account user’s home folder (instead of the one actually logging into the machine)? If not, then can anyone give me ideas on a good workaround. I do not know how to do scripting/login hooks etc. But my general thoughts of a workaround would be to delete the mobile accounts every night using a script of some sort. The other option is to setup the Macs to not automatically mount the home folder using the AD plug-in, but to instead right a login hook that goes out and connects to the user’s home folder.

By the way, the reason I am asking for specific workarounds is because the Teachers will not accept that the Students authenticate and then manually go and mount their home folders. They feel it is too hard for the students. The solution needs to be as automated as possible.

Any help would be greatly appreciated, whether it is help fixing the problem altogether OR giving me a viable workaround (as well as details on doing that workaround, or good direction on how to figure it out). Thanks.

Keith

[Author]

Posts