Slow network accounts

Similar Messages

• New Snow Leopard Server, Slow Network Accounts

  We've installed Snow Leopard Server on our XServe quite a while ago and since then all users who work with network accounts are complaining about serious perfomance issues. These issues are for instance logins which may very well take up to several minutes, or applications like Adobe InDesign which take their time to load files from the users network shares.
  Our System consist of:
  1 XServe running OS X 10.6.8 Snow Leopard Server
  48 iMacs running OS X 10.5
  1 Windows Server 2008
  The XServe serves as an OpenDirectory and Fileserver, while the Windows Server delivers DNS.
  We have created ~500 users and 25 groups in the OpenDirectory. All user files are located in their roaming profiles on the Xserve. Additionaly every user has access to one group folder, which is located on the Xserve as well.
  All group folders are Sharepoints and added to the dock of all users in the appropriate group.
  I have already checked DNS settings, user accounts, network connectivity in general, network load during peak hours, the ACLs on the group folders....
  By now im simply out of ideas what my cause the problem, let alone how to solve it.
  Any hints are greatly appreciated.

  Are you using any redirections?  Redirecting the cache folder from the network home to the /tmp should improve speed.  Use this white paper from apple.  http://images.apple.com/education/docs/Apple-ClientManagementWhitePaper.pdf The redirections are on page 53.

• IChat over slow network

  Hello,
  I'm not really good with network stuff, so I know very little about my problem here. I'm working on an offshore drilling rig and they've recently set up a wi-fi system for personal use. It's very slow and governed by the nanny Websense.
  I know some people are able to use their IM chats and I was wondering if there is a way to set up my iChat to work on such a slow network. It won't connect at all when I'm here. I know I won't be able to video or audio chat, but I should at least be able to text chat, shouldn't I? Or is it possible that Websense has blocked certain IM's and not others?
  Any suggestions would be appreciated!
  Lawrence

  Hi,
  In iChat go to the Preferences > Account section
  GO to the Server Settings tab
  Whilst logged off of AIM chnage the port to 443
  Log in to AIM.
  This is because the regular Login port is 5190.
  The AIM Application on a PC or in fact the AIM for Mac application will automatically try other ports including the web browsing port (80) to make a connection.
  The port 5190 is above a Threshold of 1024 where ports have to be opened specifically. Using port 443 is below this and also used fro Secure Mail by mail applications so is likely to be open.
  6:55 PM Saturday; December 15, 2007

• Network Account - Contacts loosing all icloud records randomly

  From time to time, my network accounts loose all icloud contacts. The contacts application download them authomatically. Does anybody have the same problem? Any idea where the problem could be?

  An update: I deleted the users via the Server app, then deleted the corresponding home directoires via the Finder on the server.
  I then recreated the users in the Server app and all seems to work fine. Also, on another note I realized that when a network user logs into a computer for the first time, Spotlight indexes the entire computer. We have a couple Mac Pros in here with over 8 TB of data and this indexing slows things down for the network user.
  One issue remains and it may be a bug: the Mail app will not save signatures and rules that network users create. Once the user logs out those settings are lost. This is a bummer...
  Anyone else experiencing this? Anyone know a fix?
  Thanks,
  Max

• Server 10.8 Network Account Users with iCloud Accounts

  Hello,
  I have a server running OS 10.8.2 and a few client Macs all running 10.8.2
  Two people in the office login to network accounts stored on the server. When these users enter their personal iCloud credentials to use the various services (Contacts, Calendar, Mail, etc.) they run into issues...
  Each time the Contacts app is launched it reloads all information from iCloud – this takes a few minutes; launching the Mail app is extremely slow as well – it does not recognize the iCloud contacts and will not save custom signatures when entered into the Mail preferences; the Calendar app acts sporadically as well based on the fact that the Contacts are sporadic – birthdays are duplicated and the notification center notifies the user of the same birthday over and over again.
  I'm not sure what's going on... Is the use of iCloud supported by network hosted home folders??
  I'm appreciative of all your help!
  Thanks so much,
  Max

  An update: I deleted the users via the Server app, then deleted the corresponding home directoires via the Finder on the server.
  I then recreated the users in the Server app and all seems to work fine. Also, on another note I realized that when a network user logs into a computer for the first time, Spotlight indexes the entire computer. We have a couple Mac Pros in here with over 8 TB of data and this indexing slows things down for the network user.
  One issue remains and it may be a bug: the Mail app will not save signatures and rules that network users create. Once the user logs out those settings are lost. This is a bummer...
  Anyone else experiencing this? Anyone know a fix?
  Thanks,
  Max

• Slow Network Login - If at all

  Hi Guys,
  I am not that used to Mac enviroment so please be gentle
  Looking for some help on an issue I am currently having with a Standalone Open Directory, slow client log in.
  The site is setup running 10.4.11 on Server & Workstations. If the workstation is set to obtain the LDAP information via DHCP and the system is restarted, it will not list all the network users that are on the server. However If Directory Access on the client is set manually and restarted the network usernames list correctly on the client.
  Then when you attempt to log to the workstation using the Network account, it will sometimes hang from 10 to 20 minutes and log in, or not log on at all.
  Any thoughts or ideas would be much appreciated.

  ok, so you updated to 10.4.3 and you did all of the following - correct?
  1) updated OS
  2) repaired permissions
  3) zap PRAM
  4) reset Open Firmware
  if these are correct, which OS installer did you use? the smaller 93M file or the Combo Updater?

• Cannot login with Network account.

  Hi,
  I am an experimented Mac user, but quite new with Snow Leopard Server.
  I've just purchased the brand new MacMini Server.
  I have configured my server with the name server.local and installed OpenDirectory as Master.
  I wanted to try the network login, so I created a Test1 account in Open Directory. Then from my iMac I joined my server.local through System Preferences/Accounts/Options/... then I log off and try to use the newly created account test1.... I asked the system to change the password from first loggin... which works, but then I receive a message saying that I cannot log in for the moment... I tried everything but I just can't use the network account.
  Any hints?
  Cheers.

  You should avoid .local at all costs when configuring an OS X Server.
  .local is reserved for zeroconfig/Bonjour, and will cause conflicts.
  There's an excellent tutorial for new users here
  http://www.wazmac.com/serversnetwork/fileservers/osxserver_setup/osxserver106setup.htm
  Jeff

• Cannot login to network account (leopard client and server)

  Up until now, I have used local accounts on my leopard server. I want to start experimenting with OD prior to implementing. I created a new user account in the /LDAPv3/127.0.0.1 domain, and have bound my leopard client to the server using directory utility. On the login screen, "Network Accounts Available" has a green button to the left of it. When I try and login to the server account, the login window just shakes. At first, I could enter the password and then it would prompt me for a new password. Trying to enter a new password would not allow me to login. I went back to server admin and disabled the "require new password" setting, (as well as the other good security policies)...
  I have also reset the password in WGM, and made sure to disable all the security stuff there too...
  Lastly, I have deleted the server in directory utility, rebooted, then added it back in, and rebooted again...
  I still cannot login to the server account, the login screen just shakes
  Does anyone have an idea of what settings and or logs I can check to try and narrow down what is going on?
  Thanks in advance....

  to close out the thread, I have working dns on my network, but I did not have dns enabled on my server. I enabled the dns service and entered just the info for my server, then assigned my server and client to use the server's ip addy as the primary dns server. Next, I created the home directory.
  Once both steps were done, I was able to log in from my client to my server based account...
  FYI-I found a document on afp548.com called "leopard server: advanced setup, rsync backup and automated reporting" that walks you right thru the process...Here is the link, it's a very useful doc....
  http://www.afp548.com/filemgmt_data/files/Leopard%20Server%20Quickstart%20Guide. pdf
  thanks again boomboom_uk and woVi, your suggestions were spot on....

• One iMac cannot login to network accounts

  We have a small network with Lion (10.7.5) Server running on a Mac Pro and a variety of 8 iMacs and Mac minis that use the server for file sharing and network accounts. The client Macs are running a mix of Mountain Lion (10.8) and Mavericks (10.9). They have all 'joined' the 'Network Account Server' using the 'Login Options' section of the Users & Groups preference pane. And, except for one iMac, all the clients can log into network (or mobile) accounts from the server -- both ones that have previously been logged into on that machine and ones that haven't. However, one of the iMacs will not log into a network account. There are a few local accounts and logging into them is no problem. But every time we try to log into a network account on this iMac, the login dialogue just does the 'invalid login' shake. It seems not to check the login credentials with the server.
  As far as I can tell, this iMac is set up the same as all the others. It is certainly joined the Network Account Server and there is a green dot by the server name in the Users & Groups preference pane. I have removed and re-added the server from there a few times, and I've even reinstalled Mavericks on this iMac (it is running 10.9.2). I haven't been able to find anything that has helped to solve this problem. Does anyone know why one iMac would refuse to use the network logins from the server when the others work? Or what I can do to gain further information?
  Many thanks.

  On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
  Taylor

• Cannot login to network accounts from client computer

  Hi. I'm setting up my first OS X Server setup for home use...I'm not creating a very complicated setup, but I've been working through the setup one step at a time.
  Right now, I'm just running the DNS, File Sharing, and Open Directory services. I setup a couple of Network User accounts, and I wanted to try using one of the accounts to log in to a Mac client (running Mountain Lion) on the network. When the machine first comes up, I get a message that says 'Network Accounts Unavailable,' and if I try to log in, I get the error message saying 'You are unable to log in to the user account "xxxxx" at this time. Logging in to the account failed because an error occurred.'
  If I stop and restart the Open Directory service, I get the following messages in the Open Directory Log:
  2013-02-15 09:11:01.017801 EST - Unregistered node with name '/LDAPv3/127.0.0.1'
  2013-02-15 09:16:19.139744 EST - Registered subnode with name '/LDAPv3/127.0.0.1'
  Not sure if this is the source of the problem, but these are the only messages that are coming up if I turn the Open Directory off and then on again.
  If anyone has any experience with this, or any suggestions, I'd greatly appreciate it!
  Thanks!
  If it helps:
  Running OS X Mountain Lion (10.8.2) with Server (v2.2.1)
  Client Machine is a VMWare Fusion VM Running Mountain Lion (10.8.2)

  On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
  Taylor

• Cannot login into network accounts when there is no network connectivity

  Hey guys
  quick question here if anyone can help.
  What has been done: backuped user's home folder, binded the mac to AD, logged in as the user's AD name, copied everything from the backup into the new user's home folder, users can work flawlessly.
  What is wrong is when they leave the office, after a few hours they cannot login anymore to their AD username. Is there something i missed?
  The network accounts do not appear in system preferences.
  Thanks

  On your client machine login screen, type in ">console" (without quotes) in the username field and hit enter. Try and login with your network account username and password. What error messages do you get in console?
  Taylor

• Can't Login With Network Account After Upgrade To Yosemite Server 4

  I've been putting off this troubleshooting for a while now, and after trying everything I could find, decided to post.
  - After upgrading my server to Yosemite with Server 4, and my MacBook to Yosemite, I can no longer login with any network accounts.
  - I was on clean installs of Mavericks before the upgrade.
  - I'm using SSL for the OD, with a GoDaddy cert, the same one that was working on Mavericks.
  - I've tried removing the laptop's binding using the Users and Groups preferences dialog, which does not remove the laptop's entry from Open Directory, so I manually deleted the record on the server.
  - I then choose to Join again, and it looks as though everything goes through, but I still cannot login with a network account.  Also, when rejoining, it does not create a binding on the server.
  - If I use the Directory Utility->Services->LDAPv3, and add it that way, entering the FQDN and checking Encrypt..., Use for auth and Use for contacts, it asks me for the directory admin username and password, and does in fact create the binding on the server, but I still cannot login.  What's strange about that method, is that it forces the use of the IP address of the server, rather than the FQDN, like I entered it, which would of course have problems, because the certificate's common name is the server's FQDN.  It does not allow me to change from using the IP address, graying out that field.
  - I've also tried destroying the OD and restoring from archive to no avail.
  It looks like many users have hit dead ends with this, with some having success by completely formatting and setting up a new iteration of the server, but I will not be doing that.  However, I'll be happy to try any other suggestions.
  Thanks for your time,
     -- Mike

       Okay, I've finally resolved the issue, thanks to the Apple Enterprise tech support team.  I'm thinking they wouldn't mind if I share this information, but I can't guarantee that this will work on your system or, worse yet, degrade your system further.  However, that's fairly unlikely, just make sure you have plenty of backups before you begin any troubleshooting session.
       So I was told to perform the following instructions, which I did, line for line.  The part about closing Server.app seems a given, but I'm not sure why they want you to open Server.app at the the end (maybe taken out of context from some other instructions?).  I did it anyway, but you should be able to begin testing, on a client workstation, right after rekerberizing is complete.  I did, however, need to reboot my client, login as local admin, and then binding would proceed, and network users are able to login again.  The engineer also let me know to expect an error, something like the following: "2015-03-11 21:58:38 +0000 Error synchronizing removal of attribute draft-krbPrincipalACL from record 72519e4c-7ac7-15e4-bd42-10adb1944cbc: 77013 result: 16 No such attribute" - this is apparently normal, and did in fact happen in my experience.
  So here's the fix:
  - Quit Server.app (don’t just close the window)
  - On the Open Directory Server, execute these Terminal commands:
    - sudo mkdir /var/db/openldap/migration/
    - sudo touch /var/db/openldap/migration/.rekerberize
    - sudo slapconfig -firstboot
  - Open Server.app
  And that's it.  I did nothing else on my OD server, just logged out.  Immediately tried binding on my MacBook client, it failed, I rebooted, tried again, it worked quickly, and I'm able to login with network user accounts again.

• I am trying to figure out how to merge my AD network account.

  I am trying to figure out how to merge my AD network account with my Mac account. The main reason for this is wanting to log into my admin account on the Mac, and have it also log into my network account so I do not have to log into differing accounts depending on wether I am on the network or not. And I am going to be running VMware fusion with windows on top, so having one account would be essential to this.
  Thanks.
  P.S. I am brand new to Apple, not by choice. ;-)

  Basically I want to link a network account to a local account, so that I always log into the same account, even if I do not have network access....

• Cant login multiple network accounts on the same client?

  Setup:
  I have created a simple Lion Server on a new i7 Mac Mini. I have configured Open Directory in Master mode and have setup 4 user accounts. I have enabled the File Sharing service and checked the "Make available for home directories" option on the "Users" file share. I have configured each of the 4 user accounts to use this location as the home folder. I have connected my client machines (all OSX Lion) to the Network Account Server.
  Problem:
  I can log one user into the client machine, but when using "Fast User Switching" and logging on as the second user I get the following error:
  "You are unable to log in to the user account "guestaccount" at this time. Loggin to the account failed because an error occured"
  In the console if I search for that user account the related error message is:
  11-07-31 12:30:54.993 PM authorizationhost: ERROR | -[HomeDirMounter mountNetworkHomeWithURL:attributes:dirPath:username:] | PremountHomeDirectoryWithAuthentication( url=afp://inntaserver01.local/Users, homedir=/Network/Servers/inntaserver01.local/Users/guestaccount, name=guestaccount ) returned 16
  Any thoughts as to why the Home Folder "mounter" failed in this scenario?

  Historically you have never been allowed to use Fast User Switching to log in multiple network logins on the same client machine. This certainly applied with Tiger, Leopard, and Snow Leopard. I have not yet personally tried this with Lion.
  I believe that the underlying reason for this not being allowed is down to how AFP volumes are mounted. The AFP mount becomes 'owned' by the user that triggers the login. With a network login the first user becomes the owner and this means subsequent attempted network logins are denied access to that share and hence cannot access their home directories.
  With Tiger, Leopard, and Snow Leopard servers, one could configure network home directories to be shared via NFS instead of AFP. NFS gets treated a lot different in terms of mounting, and is done more at a system level than a user level. While again I have not personally tried Fast User Switching with NFS shared home directories, this approach is specifically recommended by the authors of AquaConnect (a Macintosh Terminal Server solution) in order to allow multiple logins on the same Terminal Server. This seems to be for the same underlying reason. Using NFS does certainly work for use with AquaConnect and also works for the competing iRAPP Terminal Server product as well.
  Unfortunately, Lion Server while it can be made to run an NFS server, will not let you configure using NFS for sharing home directories. I have actually reported this as a 'bug' in Lion server.
  Neither the authors of AquaConnect or iRAPP have actually tested this scenario with Lion server yet, but AquaConnect do plan to investigate it. It could make it considerably more difficult to use their products.
  So in summary, using NFS to share network home directories in theory would avoid the problem and can be done with a Tiger/Leopard/Snow Leopard server, but cannot be done with a Lion server. It is possible however to mix Lion with older server versions. This might for some people be a possible workaround.
  PS. A bonus side-effect of using NFS shared home directories was that this allowed badly written software like Adobe's applications which are otherwise notorious for having major issues with network logins and home directories to work without errors. As an example Adobe Acrobat Pro introduced a bug in version 7.0 which prevented it being able to print-to-PDF (one of the major reasons to buy Acrobat Pro). It tooks two years for them to eventually fix this in Acrobat Pro 8.1 (I know because I spent that two years nagging them to fix it and was a beta tester). Unfortunately they then reintroduced the bug in Acrobat Pro 9.0. Fortunately I discovered this side-effect got round the issue although a clunkier workaround was also possible for Snow Leopard clients by redirecting certain folder paths.

• Migrate a Local User Account to a Network Account Shell Script

  http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US
  If you are looking for an easy way to migrate local users to network users without losing data, then try this script.
  Follow steps 1-10 in the support link above before running this script.
  1) Open /Applications/Utilities/Terminal.App
  2) Type vi myscriptname.sh
  3) type "i" to edit the document
  4) Copy and paste the following text in the terminal window
  #!/bin/bash
  echo "Go to http://support.apple.com/kb/HT5338?viewlocale=en_US&locale=en_US"
  echo "Complete steps 1-10 before continuing"
  echo -n "Enter 'USER' and press enter:"
  read USER
  echo -n "Enter 'SERVER' and press enter:"
  read SERVER
  sudo scp -Epr /Users/$USER root@$SERVER:/Users/
  sudo mv -f /Users/$USER /Users/$USER.old
  ssh root@$SERVER sudo chown -R $USER:staff /Users/$USER
  5) hit (ESC) then colon : and type wq! and hit return to save the document
  6) In Terminal type: chmod +x myscriptname.sh
  7) in Finder, Right Click or Control+Click myscriptname.sh and select open with
  8) Select "Show All Applications" and Navigate to /Applications/Utilities/terminal.App
  9) in Finder, Right Click or Control+Click myscriptname.sh and select get info / Open with and click "Change All" to open all .sh files in Terminal
  10) Double Click myscriptname.sh
  11) For USER enter the name of the network account
  12) For SERVER enter your server name (server.example.com)
  13) Enter the Admin Pass for the Local Machine, Then the Server, Then the server again
  14) The user folder will be renamed to user.old (bob.old)
  15) When you login as the network user account OS X Server Will copy your data to the local machine with Portable home directories
  16) Once you verify all the info is there you can delete the user.old folder from the /Users/ folder (bob.old)

  replace sudo scp -epr with sudo rsync -auvth if you do not want to waste space copying hardlinks