My company recently upgraded its old NT 4 Domain to Windows 2000-based Active Directory. I have a PowerBook I use personally and at work, and I have a personal local account and a work account, authenticated through AD with a home local to the PowerBook. Since starting to use AD, I've had some trouble authenticating, and just some general weird things going on.
I am using 10.3.5 and I'm correctly bound to the directory via the AD plugin. A computer account and a user account exist for me in the domain, and the DNS entries for all machines, including my Mac, appear to be correct. I am caching the last user login for offline operation and I have the AD plugin set to allow administration by domain admins, of which I am one.
On my Mac, I have network locations set for home and work. Each location has a different wireless network it joins and a different set of DNS servers and search domains. I switch between the two locations as necessary.
Here's a description of some of the weirdness:
In the morning, I'll cold boot my PowerBook at work and login with my personal local account. After local login is complete, I'll select the correct network location (work) and, using fast user switching, return to the login screen where I'll attempt to login to AD. The login works fine, but I get a second window with a check box at the top labeled "Enable workgroup management". The box is checked. Below it is a tall, blank space with nothing listed (I assume workgroups would go here). There is another checkbox at the bottom of the blank box labeled "Remember my choice" and a button to "Refresh".
What is this dialog for? What is this workgroup management feature and why am I being presented with it if no workgroups exist, judging by the blank list?
When I check the "Remember my choice" box, it never remembers my choice and continues to present me with this dialog upon subsequent logins. When I click the refresh button, all check boxes and buttons, except for login, are grayed out. I am able to login without any problem.
When I'm done with work for the day, I logout of the AD account and go back to either the login screen or my personal local account and close the lid to the PowerBook, putting it to sleep. When I get home, I use my personal local account to change to the home network location. Within a few seconds, I get two dialogs telling me that my home directory share from work cannot be reached and it gives me the option to disconnect.
Should these shares have been disconnected when I logged out? Why weren't they? Why does some kind of persistent communication remain after I've logged out of my AD-based account?
I can use my personal local account all evening without a problem. The next morning, upon arriving at work, I'm never sure what I'm going to get. Using my personal local acount, I'll change network locations back to the work location. Using fast user switching, I'll go to the login screen and select my AD-based account from the list and attempt to login. Sometimes the login works fine, albeit with the workgroup management dialog. Usually, however, the login window shakes and I'm unable to login at all. All network functions in my personal local account work fine. I can surf the web, retrieve e-mail, ping any server, including the AD controller, and establish VPN connections. The only thing I cannot do it authenticate to AD. So I'll reboot the machine. After reboot, the AD authentication works fine and I'm back to the workgroup management dialog.
What's going on here? Why does AD authentication work sometimes and not others?
I appreciate any help you can offer.