We have a 10.3.9 server and windows 2003 AD server. The mac clients are running 10.3.7 and 10.3.9. The machines are imaged, then joined to the AD, and also use the osx server for management. They work fine for about 1 or 2 days, then refuse to login any AD users…
The only way around this is to delete the following files:
[Quote]
/Library/Preferences/DirectoryServices/ActiveDirectory.plist
/Library/Preferences/DirectoryServices/SearchNodeConfig.plist
/Library/Preferences/DirectoryServices/ContactsNodeConfig.plist
[/Quote]

Then I have to run dsconfigad and redirect the home folder to a network drive and also change the mountstyle to afp.

Then I can rejoin the domain and login again for a while. If I do not delete these files, directory access indicates the machines are bound to the domain, but are unable to unbind due to the username and password supplied being incorrect.

The following is content of the system log when this login issue occurs:
[Quote]
Aug 8 09:42:59 localhost /System/Library/CoreServices/SecurityAgent.app/Contents/MacOS/SecurityAgent: DSOpenNode(): dsOpenDirNode(“/Active Directory/our.domain.name”) == -14002
Aug 8 09:42:46 localhost DirectoryService[200]: Active Directory DS Plugin: Could not determine site for closest DC!
[/Quote]

I have checked the dns and the clients are able to ping the DC by name and number and also perform full reverse DNS lookup on the domain controller. So it does not seem to be a dns issue.

I have deleted the machine accounts of the AD server and rejoined the machines to the domain – but the issue still occurs.

I have run the following command to see if it may be a cache issue. “lookupd -flushcache” but still no change.

Apart from the workaround of deleting the preference files and rejoining the machines to the domain, does anyone have any ideas??

Thanks
Francois