Rikki49
Level 1 (0 points)

Q: Network accounts appear after delay

Hi,

 

I have a 10.6.8 server (mac mini), a 10.7.2 ethernet client (macpro), a 10.7.2 wifi client (macbook pro) and even a 10.5.8 wifi client (ibook G4).

The server has network accounts, and the clients are configured to show them. It works, except that the delay between the appearance of the login screen with the local accounts and the appearance of the network accounts goes from 2 to 10 seconds. And this is the same on the wired macpro as on the wireless portables.

 

If "show others.." is activated on server side via WorkGroup Manager, local accounts and "other" appear immediately, and network accounts appear after some delay. I can even enter a network account name in "other" and log in : it works immediately !

 

Did someone already meet this problem ? How can I investigate, the Console does not give me hints as to where look at ?

 

06/11/11 17:53:47,335 loginwindow: Login Window Application Started

06/11/11 17:53:47,536 loginwindow: **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.

06/11/11 17:53:47,739 com.apple.launchctl.LoginWindow: com.apple.findmymacmessenger: Already loaded

06/11/11 17:53:47,976 com.apple.SecurityServer: Session 100017 created

06/11/11 17:53:47,983 loginwindow: Login Window Started Security Agent

06/11/11 17:53:48,077 airportd: _doAutoJoin: Already associated to “rsf0”. Bailing on auto-join.

06/11/11 17:53:48,386 SecurityAgent: Echo enabled

06/11/11 17:53:48,386 SecurityAgent: Echo enabled

06/11/11 17:53:48,914 sandboxd: ([51]) applepushservice(51) deny file-read-data /private/etc/master.passwd

06/11/11 17:53:56,008 SecurityAgent: User info context values set for admin

06/11/11 17:53:56,008 SecurityAgent: User info context values set for admin

06/11/11 17:53:56,042 authorizationhost: Failed to authenticate user <admin> (error: 9).

06/11/11 17:54:01,333 SecurityAgent: User info context values set for admin

06/11/11 17:54:01,333 SecurityAgent: User info context values set for admin

06/11/11 17:54:01,660 SecurityAgent: Login Window login proceeding

06/11/11 17:54:01,660 SecurityAgent: Login Window login proceeding

06/11/11 17:54:01,940 loginwindow: Login Window - Returned from Security Agent

06/11/11 17:54:02,092 airportd: _doAutoJoin: Already associated to “wifi0”. Bailing on auto-join.

06/11/11 17:54:02,219 airportd: _doAutoJoin: Already associated to “wifi0”. Bailing on auto-join.

 

Thanks for your help.

 

Eric

Mac mini, Mac OS X (10.6.8), 10.6 server

Posted on Nov 6, 2011 9:02 AM

Close
Rikki49

Q: Network accounts appear after delay

  • All replies
  • Helpful answers

  • by John Lockwood,Helpful

    John Lockwood John Lockwood Nov 7, 2011 4:10 AM in response to Rikki49
    Level 6 (9,411 points)
    Servers Enterprise
    Nov 7, 2011 4:10 AM in response to Rikki49

    I would tend to say this is 'normal' behaviour but can make some comments that may be helpful.

     

    Firstly the greater the number of accounts you have on your Open Directory server, the longer the delay is likely to be on your client computers before they draw the list. This is because more accounts means more data has to be downloaded from the server in order to draw the list.

     

    Secondly, if your clients are learning the details of your Open Directory server via DHCP rather than manually, this has for me resulted in a greater delay, I have therefore for a long time always manually defined the server on clients.

     

    Thirdly, I found Mac OS X 10.4 clients to display the list faster than 10.6 clients, despite the 10.6 client machines being faster.

     

    Fourthly the speed of your Open Directory server and how busy it is is logically going to have some affect.

     

    Finally, a delay of up to 10 seconds is not I would have thought going to be a major problem, it would take a user at least that long to wonder what was happening and by then the problem would have 'gone away'.

     

    PS. In terms of security, having just an empty name and password box rather than the scrolling list of names is more secure. This is because it means hackers have to guess both the password and the user name. As you mentioned just typing the user name and password works immediately.

  • by Rikki49,

    Rikki49 Rikki49 Nov 8, 2011 4:53 AM in response to John Lockwood
    Level 1 (0 points)
    Nov 8, 2011 4:53 AM in response to John Lockwood

    Hi,

     

    Thanks for your answer. Some of my fears are confirmed.

     

    I'm using a server for home needs, to avoid accounts duplication on clients. So I don't need security and password, but they seemed to be mandatory.

     

    The second point is interesting : yes , my clients get information from OpendDirectory. What do you mean "via DHCP rather than manually" ? How do you "manually define the server on clients" ?

     

    Eric

  • by John Lockwood,Helpful

    John Lockwood John Lockwood Nov 8, 2011 6:17 AM in response to Rikki49
    Level 6 (9,411 points)
    Servers Enterprise
    Nov 8, 2011 6:17 AM in response to Rikki49

    Rikki49 wrote:

     

     

    The second point is interesting : yes , my clients get information from OpendDirectory. What do you mean "via DHCP rather than manually" ? How do you "manually define the server on clients" ?


    If you run Directory Utility/Directory Access on the client Mac under older Mac OS X versions there used to be a tickbox option to 'Add DHCP-supplied LDAP servers to search policies'.

     

    This tickbox option is not listed anymore on Snow Leopard or later clients. Whether this means it is always on or never on is something I am not certain, I suspect it means it is no longer on. A Snow Leopard Server acting as a DHCP server does however still advertise this setting via DHCP.

     

    If your using the Apple DHCP Server leaving this option empty would ensure clients would not be using DHCP to 'find' the Open Directory server and could only join Open Directory by an Administrator manually joining to the Network Open Directory server, so this is in Accounts (Snow Leopard or later), or Directory Access/Directory Utility (ealier versions).

  • by Rikki49,

    Rikki49 Rikki49 Nov 8, 2011 12:11 PM in response to John Lockwood
    Level 1 (0 points)
    Nov 8, 2011 12:11 PM in response to John Lockwood

    I'm not currently using the server DHCP. This task is done by my router. So I'm going to test Apple DHCP, as well as DHCP supplied LDAP, to see if it can improve my situation.

     

    Thank you.

     

    Eric

  • by Antonio Rocco,

    Antonio Rocco Antonio Rocco Nov 8, 2011 3:22 PM in response to John Lockwood
    Level 6 (10,616 points)
    Desktops
    Nov 8, 2011 3:22 PM in response to John Lockwood

    Hello John

     

    "This tickbox option is not listed anymore on Snow Leopard or later clients. Whether this means it is always on or never on is something I am not certain, I suspect it means it is no longer on."

     

    It is indeed no longer on. IIRC Apple removed the option with one of the 10.5 updates or possibly when 10.5 was first released? I could be wrong though? It was removed because it caused issues with AD Integration and .local domains.

     

    HTH?

     

    Tony