Slow Login Issues AD Integrated Servers

1. Login to the server and switch to root
 
2. Review the /etc/pam.d/crond file.  It should look similar to the following:
 
auth       sufficient pam_env.so
auth       required   pam_rootok.so
auth       include    system-auth
account    required   pam_access.so
account    include    system-auth
session    required   pam_loginuid.so
session    include    system-auth
 

3. Change the following line in /etc/pam.d/system-auth:

         account [default=bad success=ok user_unknown=ignore] pam_winbind.so
  TO
         account sufficient pam_winbind.so cached_login
 
4. Review the /etc/pam.d/system-auth.  It should look similar to the following:
 
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so cached_login use_first_pass require_membership_of=wheel
auth        required      pam_deny.so
 
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     sufficient    pam_winbind.so cached_login
account     required      pam_permit.so
 
password    requisite     pam_cracklib.so try_first_pass retry=6 minlen=8 lcredit=-1 dcredit=-1
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok remember=8
password    sufficient    pam_winbind.so cached_login use_authtok
password    required      pam_deny.so
 
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_mkhomedir.so skel=/etc/skel umask=0022
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so 
 
5. Review the /etc/krb5.conf file.  It should look similar to the following:
 
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
[libdefaults]
 default_realm = domain.example.com
 dns_lookup_realm = false
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes
 
[realms]
 
 domain.example.com = {
   kdc = wdc1.domain.example.com
   kdc = wdc2.domain.example.com
   admin_server = wdc1.domain.example.com
   master_kdc = wdc1.domain.example.com
   default_domain = domain.example.com
 }
 
[domain_realm]
 domain.example.com = domain.example.com
 .domain.example.com = domain.example.com
 
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
 
6. Review the /etc/samba/smb.conf file.  It should look similar to the following:
 
[global]
 
   workgroup = wdc
   password server = *
   realm = domain.example.com
   security = ads
   idmap uid = 10000-20000
   idmap gid = 10000-20000
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = yes
   winbind offline logon = yes
 
server string = Samba Server Version %v
 
passdb backend = tdbsam
 
load printers = yes
cups options = raw
 
[homes]
comment = Home Directories
browseable = no
writable = yes
 
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes  
 
7. Install the following bind updates:
# yum install bind-utils.x86_64 bind-libs.x86_64 bind-utils bind-libs
 
8. Restart the winbind and samba services.
 # service winbind restart; service smb restart