I'd been wrestling on and off at work for a few months with a thorny issue. Management wanted to see user's network home directories (hosted on Red Hat Enterprise Linux and manged with Windows 2003 Server and Active Directory) automounted for background syncing of select folders during user sessions.
Read on for a quick thing to check when AD integration begins to go south…
This worked fine under Windows 2000's Active Directory structure, but somehow broke when the upgrade to 2003 happened.
Finally, after hours of digging, and some helpful input from MacTroll and others in the OS X enterprise community, I figured out what was going on.
First, to test I enabled Fast User Switching on a client machine, then installed the Developer Tools, MacPorts, and Wireshark. I ran an live capture on my primary interface with Wireshark while fast-switching to a user account that exhibited the inability to automount a network home.
After logging back out (the network home, indeed, did not automount) and returning to the admin account running Wireshark, I filtered my Wireshark results to show only LDAP query packets. I saw that the client machine was asking for about 14 property values contained in the user account from Active Directory, but getting only 8 back. Conspicuously missing was the value for the 'homeDrive' property. A look at /var/log/system.log also showed errors stating that the home directory URI value was 'null'.
Firing up ADSIEdit.msc on our Active Directory domain controller, I examined properties for the CN (Common Name) record for the user account in question. I noticed, under the Security tab for this user, that the built-in group Authenticated Users did not have read access to the Read Logon Information property. Checking the Allow box for this property and then deleting/rebuilding the NetInfo user cache for the user in question brought back network home automounts on the next login.
Now to figure out how to push this setting to all the CNs in a given OU…