AD Magic Triangle: Users with different paths cannot log in

[kielrene]

We are integrating 16 Macs (with 10.6.3) into a University-wide Active Directory. For these Macs we have our own Mac-Server and we have set up a Magic Triangle, with augmented records that override the home directory entry. This works fine so far. But we have a huge problem and we can’t really figure out what is causing it. We have two groups of users:

Group 1: This contains the bulk of user. They are sitting in the path ADDOMAIN.TLD/users on the AD server. These users can log in every time, without problems. They can also log in when the client has just rebooted.

Group 2: We also have a couple of users in the path ADDOMAIN.TLD/departments/departmentname/users. These can only log in if a user from group 1 has just logged in and logged out, or if the client has been running for at least 5-10 Minutes. Otherwise the login window will just shake and the user is unable to log in.

We do not understand what is causing this. The only difference between those two groups are the paths.

Any idea what the problem is and how we can solve it? Thanks!

[piperspace]

If you are getting the message:

“Your are unable to log in to the user account at this time.”

Its a bug.

The period of time during which login is denied can be reduced by editing the file /etc/autofs.conf on the Mac and reducing the value of AUTOMOUNT_TIMEOUT.

[Author]

Posts