Active Directory – AppleShare Problem

[Shan Younker]

I’m using Active Directory for login along with OD for managing the user accounts and AFP for file sharing. Both of my XServes are kerberized so users have single sign on. I have one user that is having an issue. He can log in to any computer fine but when he tries to Connect to Server for our XServe he gets one of these two error messages: OS 10.3.9 “Connection Failed An AppleShare system error occurred.” OR OS 10.4.8 “Connection Failed 32”. Other users in my department do not have any problems connecting to our server after authenticating with Active Directory. When I check the Kerberos application, the user is getting a ticket from the AFP server.

Things I’ve tried:
-Unbind user from AD then bind again.
-Log in user from multiple Macs – same problem exists on any computer the user tries.
-Remove user from groups on the XServe then add back into groups.

My hunch is that the problem lies with the user’s account in Active Directory even though the error presents itself as a AppleShare error, but not being a AD admin I don’t know where to point our I.T. staff.

BTW – I posted this on MacMgrs but got no response.
Thanks

[mhelman]

Hi,

You do not mention where the user’s home folder is located.

Since the problem follows the user, your first observation makes sense (it may be the user’s AD account) but it also could be a problem with or in the user’s home folder.

I would suggest trying both. First, try a newely created home folder for the user (saving their files first, of course) and if that doesn’t work, delete the user’s AD account and re-create it.

Low tech, to be sure, but it sounds like one or both may be the answer.

Mark

[Shan Younker]

I’m not using portable home directories. I’ll have to contact my I.T. dept to delete and recreate the AD account. I wanted to rule out it being a ‘Mac’ problem before I contacted them.

Thanks

[mhelman]

[QUOTE][u]Quote by: Shan+Younker[/u][p]I’m not using portable home directories. I’ll have to contact my I.T. dept to delete and recreate the AD account. I wanted to rule out it being a ‘Mac’ problem before I contacted them.

Thanks[/p][/QUOTE]

If you are saying that you are using Forced Local Homes (which means a local home is created on each Mac they log into) then yes, I would delete and re-create thier AD account.

If however you are using a Network Home, then I would still suggest deleting and re-creating it.

Mark

[Shan Younker]

I can finally close this issue. I had my AD admin delete then recreate the users AD account. This did not solve the issue. I came across another post (not sure where) that suggested that the problem may be with some of the AD groups the user is a member of. I had my AD admin remove the user from several of the groups the user no longer needed access to. This cleared up the problem. As for what’s wrong with those AD groups, I’m not sure.

Thanks to all who posted suggestions.

[Author]

Posts