PDA

View Full Version : Active Directory integration slow login



grebar
13-Jun-2014, 21:54
Hi,
I have a network with two Windows Server 2008 R2 that acts as Domain Controller and DNS server, in my network there are some (about 10) workstation with SLED 11, the Suse workstations are joined to Active Directory domain, all goes well when both Windows Servers are ups, when a Domain controller is down the Suse workstations takes a very long time to login. I have configured, as DNS the addresses, of both servers, the joining to the domain was made using the FQDN of domain.
Any one has a suggestion on the problem described?

jmozdzen
15-Jun-2014, 14:27
Hi grebar,

Hi,
I have a network with two Windows Server 2008 R2 that acts as Domain Controller and DNS server, in my network there are some (about 10) workstation with SLED 11, the Suse workstations are joined to Active Directory domain, all goes well when both Windows Servers are ups, when a Domain controller is down the Suse workstations takes a very long time to login. I have configured, as DNS the addresses, of both servers, the joining to the domain was made using the FQDN of domain.
Any one has a suggestion on the problem described?

could you please define "a very long time"? Such descriptions immediately ring my "DNS lookup problems" bell - you might want to verify that both the forward lookup (resolving the AD server names from the Linux machines) and the reverse lookup (resolving the IP addresses and names of the Linux machines from the remaining AD server) works without delay.

Or is is that the Linux machines try to contact the unavailable server first and have a too high time-out until they notice that server isn't responding? Looking at a network trace from the Linux machines might give according clues.

Regards,
Jens

grebar
16-Jun-2014, 13:48
Hi Jens,
thank you for your reply!
The "very long time" is around 10 seconds (login in runlevel 3 or by ssh client).
How do I look the network trace from Linux machine?
In your assumption were true, how do I change the DNS time out?
Thanks

jmozdzen
24-Jun-2014, 18:39
Hi grebar,

sorry for the late response.

> How do I look the network trace from Linux machine?

As root, use "tcpdump -s1500 -i YourNetworkInterface -nvv" (if you're using eth0, then you needn't specify that via "-i", it's the default). Depending on the usage pattern of the machine, you may see tons of output and will have to dig through it. "tcpdump" supports filtering, so you can specify that certain traffic, identified as "noise", should not be traced. See "man tcpdump" for options and more.

> In your assumption were true, how do I change the DNS time out?

You cannot (hardcoded in glibc), and the delay is expected behaviour.

Regards,
Jens