smp_86112
Aug 18, 2009Cirrostratus
Slow AD Auth LTM MGMT GUI
I have the management interfaces of a GTM and an LTM configured to use Active Directory authentication. Based on the admin GUI settings, both units are configured exactly the same. When I authenticate with the GTM, my AD credentials are accepted and I am immediately presented with the admin interface. However on the LTMs, there is a 1-minute delay before I am presented with the admin interface.
I took a tcpdump on the LTM during my auth attempt. I can see the LTM bind with an account I specify in the auth settings, and immediately get a successful response. Next I see the searchRequest for my account, and immediately I get a response. At this point, I see an (almost exactly) 60-second delay before a bindRequest is made with my ID. Once the request is made, the reponse is successful and I log in.
I do not see this 60-second delay between the LDAP search result and bindRequest with my ID on my GTM. The GTM and the LTMs are in the same network, both using the same DNS server, both configured to look at the same AD domain controller.
I took my trace without any capture filters, and have pared it down slowly to ensure I don't strip out anything important. I don't see any strange DNS responses or anything like that. Since the delay is exactly 60 seconds, this seems to be a config problem - like it's looking at some internal auth scheme before AD and timing out. But the config directive(s) must not be in an obvious place, since from what I can see the units are configured the same.
If you have any other places to look, I would appreciate your thoughts. Thanks.