Slow Login when Offline/Off Network

iphonematt · Sep 6, 2008

Our school has roughly 300 MacBooks assigned out to students. Each MacBook is bound to our Xserve through Open Directory and also to our Active Directory Server. All log-in/ account info comes through active directory. The first time students log in, it asks them to set up a mobile account and we have them click create. We have been getting complaints from students that when they are off our schools network, logging in takes about 5 minutes. In what we have seen, the student types their log-in info and click log in, the login windows grays out and sits there for a few and finally logs in. Now, when they are on our network, they get logging in immediately. It seems to me when ever a student logs-in, it is searching for either Active Directory or Open Directory and preventing the user from logging in immediately. What setting am I missing that will prevent this from happening?
Thanks!

Chris R · Sep 7, 2008

Hi,

Are you're AD/OD servers, and the appropriate ports accessible from the outside? If not, then the Macbooks are attempting to BIND to IP addresses/DNS names that they cannot find when not connected to your network. So they will search, timeout and login.

You have to translate outside IP's, ports and DNS names for your AD/OD servers via NAT or DMZ (whatever your setup may be).

You might be able to setup a 2nd automatic location for the machines and have the students switch when they are outside the network. I think that the mobile accounts will still allow login, without attempting to sync to the server. Although, I haven't tried that scenario.

Good Luck,

-Chris

iphonematt · Sep 13, 2008

Our servers are only accessible on our local network and so no, the MacBooks are unable to connect to the server and are timing out. The only problem is timeout is taking forever. Some students have reported it taking up to 10 minutes to log in. I took one of the MacBooks home and it took about 4 minutes to log in. Is there a way to reduce the timeout time? When the students logged in the first time, they were on our network and were asked to create a mobile account. We clicked "create mobile account" and one was created. My best guess is the timeout time is set way to high. If there is a way to reduce it please let me know and I will give it a try. Thanks!

Chris R · Sep 14, 2008

- Are you manually adding the DNS, search domains and LDAP to the Macbooks? If so, they would be the first things to disable. If the DHCP server correctly identifies the proper servers for the DNS zone, then this will populate automatically inside, and not populate when the students are outside of the firewall. I am not a fan of DHCP for LDAP. So definitely try this with a couple of units first.

Unfortunately, there will be a delay regardless, because the machine is attempting to authenticate back to the AD server, and perform a sync at login. But if you set a very minimal set of login sync items, that would reduce the number of items that the Macbooks are attempting to sync.

I don't think that you'll eliminate the delay. But addressing the above items might help reduce it to an acceptable time. Then again, if you sync the mobile accounts in intervals and instruct students not to logoff, just close the lid, that would also help as well. Even though it's not not the ideal solution.

Hope it helps,

-Chris

iphonematt · Sep 16, 2008

Problems solved with 10.5.5.
I upgraded a system yesterday and took it home and it seems to be logging in just fine now! Thats all we needed!

twoodcc · Sep 16, 2008

iphonematt said:
Problems solved with 10.5.5.
I upgraded a system yesterday and took it home and it seems to be logging in just fine now! Thats all we needed!

wow, that was an easy fix

glad it works for you. let us know if the problem comes back

iphonematt · Sep 17, 2008

We did the upgrade on a few more systems today and told those students to shut down before they leave the school and then start it up when they get home and let us know how the log in went. Hopefully everything will be okay and then all we have to do is deploy 10.5.5 to all the systems and all will be well!

twoodcc · Sep 17, 2008

iphonematt said:
We did the upgrade on a few more systems today and told those students to shut down before they leave the school and then start it up when they get home and let us know how the log in went. Hopefully everything will be okay and then all we have to do is deploy 10.5.5 to all the systems and all will be well!

sounds good! just curious, but how do you deploy the update to the systems? do you use remote desktop?

luckado · Oct 1, 2008

iphonematt said:
Problems solved with 10.5.5.
I upgraded a system yesterday and took it home and it seems to be logging in just fine now! Thats all we needed!

I am still having the problem, even after upgrading to 10.5.5. My Macbook Pro is a guinea pig machine, where it is the only machine bound to AD to test the cached credentials and group policy capabilities of Leopard. It was upgraded to 10.5.5, then bound to AD in the Directory Utility. Options set to create a mobile account at login.
The MBP has no problems logging in right away when directly connected to the network, but when outside the network, it takes anywhere from 3-5 minutes to finally finish logging in after entering the username & password at the login window screen. I haven't been able to find much about this problem on other sites. Anybody have any other ideas?

Our AD domain is a ".local" domain; do you think that would make a difference? Wish there were some way to set the timeout period to a low number.

twoodcc · Oct 1, 2008

luckado said:
I am still having the problem, even after upgrading to 10.5.5. My Macbook Pro is a guinea pig machine, where it is the only machine bound to AD to test the cached credentials and group policy capabilities of Leopard. It was upgraded to 10.5.5, then bound to AD in the Directory Utility. Options set to create a mobile account at login.
The MBP has no problems logging in right away when directly connected to the network, but when outside the network, it takes anywhere from 3-5 minutes to finally finish logging in after entering the username & password at the login window screen. I haven't been able to find much about this problem on other sites. Anybody have any other ideas?

Our AD domain is a ".local" domain; do you think that would make a difference? Wish there were some way to set the timeout period to a low number.

have you upgraded the server to 10.5.5? and do you have dns setup correctly?

luckado · Oct 2, 2008

twoodcc said:
have you upgraded the server to 10.5.5? and do you have dns setup correctly?

This MBP is authenticating against AD in a Windows Server 2003 environment, not OD on a Mac OS X Server, so the Windows server can't be upgraded to 10.5.5 since it's not a Mac.

DNS is set up correctly; we don't have any problems with Windows XP users signing in when they are not connected to the network. We also have tested Centrify DirectControl on Tiger & Leopard MBPs, and that works just fine without any delays in logging in using an AD mobile account when they are not connected directly to our internal network.

We are attempting to test the built-in AD functionality of 10.5.5 on the client side, to see if we could avoid using Centrify DC, but so far, we are having this login delay problem.

I've noticed that it seems to sign on with no delay when it has not made a connection to a network, but the delay occurs when it has made a connection, such as a wireless router in a hotel or at a user's home.

Any other ideas?

GeeeBeee · Nov 23, 2009

I have exactly the same problem here. Leopard machines authenticating to a Windows box. Any ideas how to reduce the time out? Did your problem get resolved?

Be pleased for any advice you might have.

Cheers

G

Search

Search

Slow Login when Offline/Off Network

iphonematt

Guest

Chris R

macrumors newbie

iphonematt

Guest

Chris R

macrumors newbie

iphonematt

Guest

twoodcc

macrumors P6

iphonematt

Guest

twoodcc

macrumors P6

luckado

macrumors newbie

twoodcc

macrumors P6

luckado

macrumors newbie

GeeeBeee

macrumors newbie

Our Staff