Re: [Fed-Talk] FileVault/AD Go Straight to Cached Credentials
Re: [Fed-Talk] FileVault/AD Go Straight to Cached Credentials
- Subject: Re: [Fed-Talk] FileVault/AD Go Straight to Cached Credentials
- From: "Campbell, Paul Madison (ARC-TH)[ASRC RESEARCH & TECHNOLOGY SOLUTIONS]" <email@hidden>
- Date: Tue, 03 Jun 2014 17:37:02 +0000
- Thread-topic: [Fed-Talk] FileVault/AD Go Straight to Cached Credentials
James,
That worked swimmingly. I did lessen it to five seconds. On our ethernet,
that¹s enough time for a proper log on and kerberos ticket grant -
possibly because we use static addressing. And when not connected, I get
the same 25 second boot.
Walter, thanks for your advice too.
Paul
--
Paul Campbell | Senior Macintosh System Administrator
ASRC Federal Research and Technology Solutions
NASA Ames Research Center
Moffett Field, CA 94035
email@hidden
W: 650.604.4014 | F: 650.604.3323
ASRC Federal | Customer-Focused. Operationally Excellent.
On 6/3/14, 9:01 AM, "Trater, James R." <email@hidden> wrote:
>We ran into this as well.
>
>There is a timeout in Directory Services where it attempts to connect to
>AD to verify the user's locally cached password matches what is in AD. If
>the passwords do not match, the system will boot to the login screen
>instead of to the desktop. We are using the command below to lower the
>timeout to 20 seconds.
>
>sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow
>DSBindTimeout -int 20
>
>
>
>
>
>
>On Jun 3, 2014, at 11:54 AM, Campbell, Paul Madison (ARC-TH)[ASRC
>RESEARCH & TECHNOLOGY SOLUTIONS]
><email@hidden<mailto:email@hidden>> wrote:
>
>Hello All,
>
>It appears as though there¹s a 30-45 second long timeout at boot for
>FileVault encrypted Macs booting with an AD account without network
>connectivity. I see this in that if I connect an Ethernet cable I get a
>26 second boot and if I am disconnected I get a boot about 70 seconds
>long.
>
>I¹m guessing it¹s because the Mac is waiting for access to the DC to
>verify the credentials for logon. Does anyone know what specifically in
>/etc/pam.d I can change to boot from the cached credentials without the
>search and timeout? The systems are Mountain Lion and Mavericks. Thanks.
>Paul
>
>--
>Paul Campbell | Senior Macintosh System Administrator
>ASRC Federal Research and Technology Solutions
>NASA Ames Research Center
>Moffett Field, CA 94035
>email@hidden<mailto:email@hidden>
>W: 650.604.4014 | F:650.604.3323
>
>ASRC Federal | Customer-Focused. Operationally Excellent.
>
>
>_______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list
>(email@hidden<mailto:email@hidden>)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden