Installation & Configuration

Welcome to the Nutanix NEXT community. To get started please read our short welcome post. Thanks!

cancel
Showing results for 
Search instead for 
Did you mean: 

Active Directory Authentication is slow - Takes minutes to Logon

SOLVED Go to solution
Adventurer

Active Directory Authentication is slow - Takes minutes to Logon

We recently had multiple Nutanix Blocks installed and I have started configuring them for Active Directory Authentication; however, logging on using AD Accounts is super slow and takes several minutes to logon.

 

I have configured the Authentication to IP Addresses, FQDN's and DOMAIN but all are still unacceptably slow.

 

ldap://192.168.1.1:389

ldap://server.domain.org:389

ldap://domain.org:389

 

For the Prism Role mapping, I have configured AD Groups and Single Users and the logon is still super slow.

 

There was a post about change recursive authentication to be off; however, there was no command string associated with NCLI.

 

Anyone experiencing this issue? Would like to know the best practice for configuration AD Authentication.

 

Thanks for any assistance...

David

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Adventurer

Re: Active Directory Authentication is slow - Takes minutes to Logon

Resolution to AD Logon Slowness (If you are experiencing)

 

NOTE: Do not use Nested AD Groups and only explicitly add the users to the AD Group you want grant User/Cluster/Read Roles to.

 

Configure Authentication Configuration:

Name: TEST

DOMAIN: TEST.org

URL: ldap://TEST.org:389

 

Configure Role Mapping:

Remember you can only have one ROLE Type (Viewer/User Admin/Cluster Admin) per LDAP Type)

 

Execute the following command on a CVM:

ncli authconfig edit-directory name=NAME group-search-type=NON_RECURSIVE directory-type=ACTIVE_DIRECTORY connection-type=LDAP directory-url=ldap://TEST.org:389 domain=TEST.org

 

Good Luck,

David

 

4 REPLIES
Moderator Moderator
Moderator

Re: Active Directory Authenication is slow - Takes minutes to Logon

I'd place a small bet that recursive lookups is the problem here. 

 

That said, send us a support ticket (portal.nutanix.com for NX or SX, your respective OEM for HX/XC) and we'll get on a WebEx with you and hammer it out.

 

Jon

Jon Kohler | Principal Architect, Nutanix | Nutanix NPX #003, VCDX #116 | @JonKohler
Please Kudos if useful!
Adventurer

Re: Active Directory Authenication is slow - Takes minutes to Logon

Jon,

 

Thanks for the post.. I will open a case with Dell and work with them. Thanks again.


David

Highlighted
Adventurer

Re: Active Directory Authentication is slow - Takes minutes to Logon

Resolution to AD Logon Slowness (If you are experiencing)

 

NOTE: Do not use Nested AD Groups and only explicitly add the users to the AD Group you want grant User/Cluster/Read Roles to.

 

Configure Authentication Configuration:

Name: TEST

DOMAIN: TEST.org

URL: ldap://TEST.org:389

 

Configure Role Mapping:

Remember you can only have one ROLE Type (Viewer/User Admin/Cluster Admin) per LDAP Type)

 

Execute the following command on a CVM:

ncli authconfig edit-directory name=NAME group-search-type=NON_RECURSIVE directory-type=ACTIVE_DIRECTORY connection-type=LDAP directory-url=ldap://TEST.org:389 domain=TEST.org

 

Good Luck,

David

 

Moderator Moderator
Moderator

Re: Active Directory Authentication is slow - Takes minutes to Logon

good stuff, glad you were able to get that sorted. 

Jon Kohler | Principal Architect, Nutanix | Nutanix NPX #003, VCDX #116 | @JonKohler
Please Kudos if useful!