Skip navigation

Mobile User Slow Login Off Network

56752 Views 116 Replies Latest reply: May 3, 2013 3:21 AM by RULLAB RSS
1 2 3 ... 8 Previous Next
TheChinaMac Calculating status...
Currently Being Moderated
Sep 4, 2009 2:38 PM
I am running server 10.58 with mobile user accounts. I have upgraded three laptops to Snow Leopard and when they are off the network any login or password entry for things like changing a sys pref takes over 1 minute. If i remove the network account server bind from the user account in sys prefs, the login is back to normal. I read of similar problems in 10.5 that was the result of a search domain being listed in the DNS settings of the client machine. However, my DHCP server provides the DNS and search domain listings so this is not listed in the client machines when they are off the network.

My domain name is miniserv.companydomain.net and the search domain in the server is companydomain.net - but again, this DNS info is not listed in the client machines. companydomain.net is a FQDN that only runs locally. Could the client be looking for companydomain.net on the WAN?

The console log reads as follows:

authorizationhost[1965] k5_authenticate(): got -1765328228 (Cannot contact any KDC for requested realm) on /SourceCache/SecurityAgent/SecurityAgent-37013/plugins/krb5/krb5_operations.c:8 4

authorizationhost[1965] -[SFBuiltinAuthenticate performDSPasswordAuth](): got -1765328228 (Cannot contact any KDC for requested realm) on /SourceCache/SecurityAgent/SecurityAgent-37013/authhostbuiltins.m:1039


Any guidance appreciated.
MacBook Pro, Mac OS X (10.6)
  • macwiz1220 Level 4 Level 4 (1,940 points)
    Currently Being Moderated
    Sep 4, 2009 9:55 PM (in response to TheChinaMac)
    Yes, it is probably a DNS issue. KDC = Key Distribution Center. The server becomes a KDC when using Kerberos authentication, as Kerberos (krb5) uses key cryptography. The client can't find the server. Make sure the clients have the proper DNS servers setup.
     17" MBP5,2 (Early 2009), 2.93GHz, 4GB RAM, 320GB 7200RPM HD, Glossy , Mac OS X (10.5.8),  PowerBook G4 12'', 512MB DDR2 RAM, 1.5GHz PowerPC G4+ iPhone 3G 16GB Black
  • haoyangliu Calculating status...
    Currently Being Moderated
    Sep 24, 2009 3:54 PM (in response to TheChinaMac)
    Did you ever get this resolved? I have the same problem.

    I found that if I turn off all network interface, then login is flawless.

    Also, I think the behavior in Leopard was that off network mobile users do not sync at login/logout, because they can't find the server. But when my SL clients logout, they still want to sync. This makes me think it's because the client somehow still thinks it's in the network.
  • dalboslampen Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 25, 2009 1:40 AM (in response to TheChinaMac)
    Hi
    Same problem.
    Insanely slow log on, and out for that matter.
    Airport dropping connections, and trouble log on to mobile account off network.

    Lots of trouble with the golden triangle this year!!
    Imac(intel/ppc), macbook pro, powerbook, emac, Mixed enviroment pc & mac, isa server, active directory, leopard server
  • haoyangliu Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 27, 2009 1:51 AM (in response to TheChinaMac)
    Have you guys found a solution to this problem?

    I found that if I open TCP 389 (LDAP) and TCP&UDP 88 (Kerberos V5 KDC) on the firewall, then the problem goes away. But this begs the questions: Is it safe to open those ports? Is there any other way to tell the client that "You are not on the network, stop checking!"?

    Thanks.
  • DirkTheDog Level 1 Level 1 (10 points)
    Currently Being Moderated
    Oct 13, 2009 5:40 AM (in response to TheChinaMac)
    Same problem. Has anyone solved it?
    OS X Server, Mac OS X (10.6.1)
  • InterHmai Level 1 Level 1 (60 points)
    Currently Being Moderated
    Oct 16, 2009 11:34 AM (in response to DirkTheDog)
    Yeah my office is getting ready to try out mobile accounts and started testing out 10.6 for this and ran into the same problem. I couldn't find a workaround so I just went back to 10.5.8 to see how things work until the problem is fixed.
    Mac OS X (10.4.6)
  • DirkTheDog Level 1 Level 1 (10 points)
    Currently Being Moderated
    Oct 16, 2009 11:50 AM (in response to TheChinaMac)
    I seem to have solved this problem for us by *switching off* the "Server Side File Tracking for Mobile Home Sync" setting in Server Admin. Now the Sync process no longer hangs indefinitely at login or logout (or shows Checking "~/" forever), but unfortunately the actual sync itself has slowed down as when it happens the entire folder structure is compared for changes. I guess I replaced the problem of an unreliable sync that forced users to force-power-off their machines into a reliable but slow one... realised

    By the way, as I was debugging this problem I that it was the "ssh yourserver ... FileSyncAgent" process that seemed to be hanging indefinitely. Your cause may be different therefore this solution might not work... Good luck.
    Mac Pro Quad 2.66, Mac OS X (10.6.1), OS X Server
  • HBarnes Level 1 Level 1 (0 points)
    Currently Being Moderated
    Dec 31, 2009 6:16 AM (in response to DirkTheDog)
    I thought this thread was in reference to waiting forever to login when away from your office network. We don't do any sync at login/logout but it still takes forever at home. All syncing while at work has been perfect, especially since 10.6.2.

    I sure hope Apple fixes this soon as it is holding up our deployment of Snow Leopard.
    MacBook Pro, Mac OS X (10.6.2)
  • Bernlo Calculating status...
    Currently Being Moderated
    Mar 11, 2010 9:26 AM (in response to HBarnes)
    I have exactly the same problem when logging in off network. It should be some key combination that bypasses the network check when logging in.

    Please let me know if you find anything useful.

    Thanks

    Message was edited by: Bernlo
    MacBook Pro, Mac OS X (10.6.2)
  • neekolas321 Calculating status...
    Currently Being Moderated
    Apr 21, 2010 7:03 AM (in response to Bernlo)
    I am experiencing the painfully slow logins as well. Sometimes 3-4 minutes. Running 10.6.3.
    MBP 2.66 GHZ 4 GB, Mac OS X (10.6.2)
  • Abel408 Calculating status...
    Currently Being Moderated
    Apr 28, 2010 8:41 AM (in response to neekolas321)
    So I know there has been a lot of input in here and I don't have a solution, but I thought I would report that I am getting the same problems. If the machine is on the network, login times are normal. If the machine is off the network, it will sit at the login screen for a very long time.
    xserve 10.5
  • mrbofus Level 1 Level 1 (5 points)
    Currently Being Moderated
    Apr 30, 2010 1:29 PM (in response to Abel408)
    Having the problem here too. Users are complaining that when logging on to their laptops at home, logins are taking upwards of 4 or 5 minutes. Also when waking from sleep, will run into that issue. Running 10.6.3 on the laptops and binding to a Windows 2003 domain.
    Mac OS X (10.6.3)
  • Codeus Level 1 Level 1 (10 points)
    Currently Being Moderated
    May 6, 2010 2:02 AM (in response to mrbofus)
    Sync issues and AD issues aside.

    I too am seeing this delay of around 2 minutes during login in the following scenario which I believe the OP was experiencing: -

    • Mac OS 10.6.x
    • PHD / Mobile Account.
    • Computer CAN coonnect to internet.
    • Computer CANNOT connect to OD Master (eg. offsite, not vpn etc).

    As mentioned, my logs show KDS returning errors after a long wait (around 1:30 - 2 mins in my case) while it hunts for a KDC for the realm.

    My current thinking is: -

    • Can we reduce the KDC timeout via a conf / plist / dscl value someplace?
    • If this only happens when a internet connection is up, can we script a pull down of the internet connection in a boot script to skip it?
    Intel Xserve, Mac OS X (10.6.3)
  • phil.n Calculating status...
    Currently Being Moderated
    May 6, 2010 8:16 AM (in response to Codeus)
    I would like to add some support to this thread. I have the same problem, with ~2.5min delay during login. This is the time from when the mouse first appears after boot until the user logon screen is displayed. Fine when within office network, problems when away from domain.

    I found this article: http://www.macenterprise.org/articles/fixingactivedirectorytimeoutvalues
    which discusses changing the LDAP timeout. I found it referenced from a couple other articles which say that this worked fine for Tiger but not for Leopard or SL. I can confirm that changing the timeout value in my activedirectory.plist from the original "90" to "10" made no difference at all.
    I have also seen people saying that disabling Bonjour helped or stopping mDNSresponder but that essentially 'switches off' the internet...

    This is a real inconvenience and I hope that someone can come up with a solution/apple fix this as soon as possible.
    Macbook, Mac OS X (10.6.3)
1 2 3 ... 8 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.