-
Title
Troubleshooting slow logins -
Description
Things to check when experiencing slow logins
-
Resolution
There are many reasons slow authentications can occur such as DNS issues, product defect, network slowness, NFS mounts, configuration setup, addition of large amount of unix enabled users to AD. To troubleshoot slow logins narrow down the issue
(1) When is the delay happening for example:
Is it slow after a user logs in once, and is cached, is this latency still associated with the user account (during re-logins)?
Also test if a home directory is NFS mounted having it local instead. time ls /{path-to-user-home-directory}
(2) Is it all methods of authentication slow such as telnet, ftp, sshd , su - username and then su -username? or is it only a certain method? When do you notice the slowness? For example : it is slow to get the intial prompt or slow after you typing password? Please time the response and send the output from your login indicating where it is slow and the time.
(3) How long does getting a Kerberos ticket request take?
# time vastool -u host/ kinit -S host/
(2) Caution this will stop QAS authentications.For testing purposes, you could try this: unconfigure NSS and PAM, as root
# vastool unconfigure
* see how long it takes for a local user to log in (use multiple login methods e.g. console, su, ssh, etc.)
* configure NSS and PAM again, as root
# vastool configure nss; vastool configure pam; vastool flush
(3) Re-join the same machine (above) to your Active Directory domain by specifying a particular DC during the join (and put this DC in the /etc/hosts file, along with the local hosts). As a result, you will be bypassing DNS. Test if it impacts the login times.(4) Check DNS setup. You can use nslookup to do this. On linux if a reverse lookup does not exist for the machine that you are sshing from there will be a delay in login. nslookup to see if it resolves.
(5) Capture vasd debug as per the instructions here(6) On the client machine please go to the /opt/quest/libexec/vas/scripts directory and run the vas_snapshot.sh script. It will create vas_snapshot.(machine-name).tar.gz file in your /tmp directory.
For assistance on diagnosing why it is slow open up a Service Request with One Identity Technical Support and provide the above information by going to https://support.oneidentity.com/contact-support and logging in with your email address and password.
To add attachments go to Service Request | My Service Request | SR Number: SR title and click on it and then Add Attachments.