Currently we are trying to use Active Directory authenication and Workgroup Manager to manage all of our clients. We have recently had to upgrade our Open Directory Server to 10.4 Server to resolve many problems that we were seeing with 10.3.9 server crashing. After upgrading to 10.4 Server we have run into a problem were the client computers (10.3.9) will only write one piece from the Directory Access Directory Node search order. If LDAPv3 is over Active Directory in the Search order the LDAPv3 settings will be written to the mcx_cache. If Active Directory is over LDAPv3 the AD information is written.
Here's what happens if LDAPv3 is over AD the settings from Workgroup Manager is written to the mcx_cache so if the computer is offline it keeps the managed settings, but If you log in before WGM updates the cache Your auto-mounted server space isn't mounted.
If AD is over LDAPv3 in the directory node order then your server space will mount all the time, but the Workgroup Manager settings won't be there when the computer doesn't have a network connection.
Also since our Apple SE had us put the LDAPv3 ( Workgroup Manager ) over AD we get are getting a ton of "You cannot login at this time, Please contact your system administrator" Error messages. I have check the /etc/hostconfig file and the FQDN is correct and DNS is working correctly.
Also when our Apple SE was in to look at this problem they also had to disable Kerberos on the Open Direcotory Workgroup Manager server as well as have us move LDAPv3 over AD. ***They said it was a Bug*** If anyone has seen any of these problems or have any idea what would cause this problem or could cause this problem that would be great.
Also this problems happens with 10.4.2 client computer and a 10.3.9 client computer. I'm not sure before that but I would guess it would. We never saw anything like this before we upgraded tot Tiger server either, but 10.3 Server was so unstable we had to move to 10.4. Also we are managing 49 different computer lists and around 1200 computers with WGM. Does anyone think that this could be a load problem. It doesn't appear to be taxing the server in anyway.
Thank You for any information you provide
David