accounts log in fine if their homes are on one box but NOT if their homes are on another box.

I rebuilt our 3 XServes over the Christmas break to bring them to 10.5.x server. Long story short is that I wound up blowing away the entire ldap data and having to use Passenger to rebuild all accounts. Here is the planned basic setup. Thetkey.thet.net - authenication - OD Master properly kerberized. TAhome.thet.net - home directories for TA staff and students tehome.thet.net - home directories for TE staff and students All resolve forward and backwards in DNS. Ran in to the following issue. I can get all accounts who have homes on TAhome.thet.net to work properly. I originally coudn't get ANY accounts if their home was on tehome.thet.net I think this was due to having too many sharepoints and/or too long of sharepoint names on TAhome.thet.net To get back in business after Christmas break - I put ALL homes on TAhome.thet.net and got all accounts working. This is not a great solution as having 700+ accounts hammering 1 servers HD makes things a bit slower than we would like. We are on break this week and I came in to see if I could fix it. Here is what I have done so far. 1. Unshared all shares on tahome.thet.net with the exception of TATeachers, TETeachers and Users (I originally had shares for each year of grad (2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018) 2. Shared out the Students folder that houses all the year of graduation folders). 3. Cleared all shares off of tehome.thet.net except Users. 4. Created a new share on tehome.thet.net called TEFaculty and set it to automount for homes. 5. Created a new account teteach2 and set it to have its home in TEFaculty share created in step 4. 6. I used the "Create Home" now option in WGM to create the home (from thetkey) and then checked to see that the folder was created properly. 7. Tried to log in to a client (10.4) machine as teteach2 - I get "The home folder for user teteach2 is not located in the usual place or cannot be accessed. 8. I checked in the /Network/Servers folder and both tahome.thet.net and tehome.thet.net are there but clicking on tehome.thet.net shows it to be a broken alias. I noticed that tehome.thet.net - in server admin - open directory - settings - does not have a "Join Kerberos" button but that tahome.thet.net does have one. I decided to look at the server logs on thetkey to see if I see anything jumped out at me. I found the following of interest: Feb 16 10:26:52 thetkey.thet.net krb5kdc[381](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.5.3.255: NEEDED_PREAUTH: teteacher2@THETKEY.THET.NET for krbtgt/THETKEY.THET.NET@THETKEY.THET.NET, Additional pre-authentication required Feb 16 09:31:44 thetkey slapd[440]: Entry (uid=untitled_1,cn=users,dc=thetkey,dc=thet,dc=net): object class 'posixAccount' requires attribute 'homeDirectory' Feb 16 09:31:44 thetkey slapd[440]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory' Feb 16 09:31:59 thetkey slapd[440]: Entry (uid=teteacher2,cn=users,dc=thetkey,dc=thet,dc=net): object class 'posixAccount' requires attribute 'homeDirectory' Feb 16 09:31:59 thetkey slapd[440]: entry failed schema check: object class 'posixAccount' requires attribute 'homeDirectory' I am hoping that some on here can help me out. TIA, Glen