Auth problem 10.5.8 Leopard bound to Active Directory

[lexah]

I recently got two 24″ iMacs into my environment and have the same problem with both machines.

They’re both running 10.5.8. I thought it was my image, however the same problem occured a day after I did a clean install on one of the machines (it worked fine the first day)

They’re bound to Active Directory for network home purposes. Browsing via DSCL takes me right through to Active Directory users no problems.

However, when trying to log on using an AD user, I just get the screen shake indicating bad password. Same problem occurs if I try and su in the command line to an AD user (auth fails)

Unbinding/rebinding did not work. The ONLY thing so far that has worked is a complete clean re-install of the OS.

This was the closest I could find on the Apple website as a fix however after trying all the steps its still broken.

http://support.apple.com/kb/TS2691

Tailing the system.log or secure.log shows nothing at all when I attempt to log in as the user (should I be looking at a different log?)

Further to this, we’ve (as in my network admin and I since I’m a bit of a n00b with command line stuff still) tested running ntlm_auth to test authentication against AD and it tests OK…

So is there something broken in the Mac OS that’s causing it to not send the correct info to AD or even send any info?

If anyone can help point me in the right direction with regards to fixing it it would be most appreciated!

[md10024]

Make sure your search policy in the Directory Utility has the AD entry first in the list

[Macleod]

You mention they are bound for network home reasons. Are you mapping anything else?
For instance, static UID/GID attributes, or shell attributes?
If any of those are mapped to invalid values, you experience logon failure.
It might be informative to use dscl to read the user accounts, and look at the values for those fields.

–DH

[mosa]

Keeping it simple, make sure the “Net Logon” service is not paused on any of your DC’s.

[Author]

Posts