We recently had multiple Nutanix Blocks installed and I have started configuring them for Active Directory Authentication; however, logging on using AD Accounts is super slow and takes several minutes to logon.
I have configured the Authentication to IP Addresses, FQDN's and DOMAIN but all are still unacceptably slow.
ldap://192.168.1.1:389
ldap://server.domain.org:389
ldap://domain.org:389
For the Prism Role mapping, I have configured AD Groups and Single Users and the logon is still super slow.
There was a post about change recursive authentication to be off; however, there was no command string associated with NCLI.
Anyone experiencing this issue? Would like to know the best practice for configuration AD Authentication.
Thanks for any assistance...
David
Page 1 / 1
I'd place a small bet that recursive lookups is the problem here.
That said, send us a support ticket (portal.nutanix.com for NX or SX, your respective OEM for HX/XC) and we'll get on a WebEx with you and hammer it out.
Jon
That said, send us a support ticket (portal.nutanix.com for NX or SX, your respective OEM for HX/XC) and we'll get on a WebEx with you and hammer it out.
Jon
Jon,
Thanks for the post.. I will open a case with Dell and work with them. Thanks again.
David
Thanks for the post.. I will open a case with Dell and work with them. Thanks again.
David
Resolution to AD Logon Slowness (If you are experiencing)
NOTE: Do not use Nested AD Groups and only explicitly add the users to the AD Group you want grant User/Cluster/Read Roles to.
Configure Authentication Configuration:
Name: TEST
DOMAIN: TEST.org
URL: ldap://TEST.org:389
Configure Role Mapping:
Remember you can only have one ROLE Type (Viewer/User Admin/Cluster Admin) per LDAP Type)
Execute the following command on a CVM:
ncli authconfig edit-directory name=NAME group-search-type=NON_RECURSIVE directory-type=ACTIVE_DIRECTORY connection-type=LDAP directory-url=ldap://TEST.org:389 domain=TEST.org
Good Luck,
David
NOTE: Do not use Nested AD Groups and only explicitly add the users to the AD Group you want grant User/Cluster/Read Roles to.
Configure Authentication Configuration:
Name: TEST
DOMAIN: TEST.org
URL: ldap://TEST.org:389
Configure Role Mapping:
Remember you can only have one ROLE Type (Viewer/User Admin/Cluster Admin) per LDAP Type)
Execute the following command on a CVM:
ncli authconfig edit-directory name=NAME group-search-type=NON_RECURSIVE directory-type=ACTIVE_DIRECTORY connection-type=LDAP directory-url=ldap://TEST.org:389 domain=TEST.org
Good Luck,
David
good stuff, glad you were able to get that sorted.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.