- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: LDAP-UX: First ldap login takes about 5 minut...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-14-2009 05:37 AM
тАО12-14-2009 05:37 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
Were you able to do an ssh -vvv from the client perspective?
Do you have glance (OV Perf tools) installed, can you pull it up, find the process and select it (g to list all processes, s to select one in particular) It should be able to tell you what the process state is.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-14-2009 05:41 AM
тАО12-14-2009 05:41 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-14-2009 06:05 AM
тАО12-14-2009 06:05 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
It happens with or without a home directory. I tried it both ways.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-14-2009 08:34 AM
тАО12-14-2009 08:34 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
I just meant that it seemed odd not to have a home dir. From a security perspective, it is highly recommended to have a home dir for each user, and disallow logins to users that it does not exist.
This type of thing doesn't tend to slow logins, it tends to prevent them entirely.
I think the ssh -vvv from the client and, as recommended by Bob, pam debug logging on the ssh items is the next step.
Don
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-14-2009 11:30 AM
тАО12-14-2009 11:30 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
These are only test users, so we don't bother with the home directory because once it logs in the once, then it is fine. So another account has to be created for further testing. I will continue with the recommendations. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 07:56 AM
тАО12-15-2009 07:56 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
Does a reboot, or restart of sshd, ldapclientd, pwgrd or anything else seem to have an impact?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 07:57 AM
тАО12-15-2009 07:57 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-15-2009 08:49 AM
тАО12-15-2009 08:49 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
I have now reached the conclusion that there is no problem with this system.
There probably is a patch for the server that will make this perform better, but a lot of things get checked for first time login and it might be best just to ignore the problem or look for an update for the LDAP server.
Do the basics such as make sure network traffic is flowing freely.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2009 04:58 AM
тАО12-16-2009 04:58 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
Anyway, the AD folks watched it come in from their end and it came in for a second. So it seems to be on the HP end.
I know an initial login will take a little more time but 5 minutes is unacceptable. If there were network problems, they would show in subsequent logins. There are no network problems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2009 05:18 AM
тАО12-16-2009 05:18 AM
Re: LDAP-UX: First ldap login takes about 5 minutes, others are fine
No problem. So we need the PAM debug log (just add " debug" to the end of every pam line in your /etc/pam.conf, in /etc/syslog.conf, add a *.debug entry to an output file (don't forget that whitespace must be TAB), touch the file, then kill -HUP your syslogd.
And we also need the ssh -vvv from the client.
Is the response the same for other login methods other than ssh? (can you temporarily turn on telnet for example?), does restarting pwgrd, ldapclientd, sshd, or rebooting the host have an impact on previously working users?
Don