Connection failed, no shares available

I have 1 server (out of several) running 10.6.5 as an Open Directory Master, which has had an odd problem several times now. The server was initially upgraded from 10.5 to 10.6, new users imported, etc, and all was well. Then we started having problems with users logging in. Trying to connect to server as these users would result in a "Connection failed" "There are no shares available or you are not allowed to access them on the server..." Deleting and re-creating the user's account would do nothing, but simply changing the users UID number, and fixing the permissions on their network home would work fine. (We try to user student ID numbers as UIDs). I tried Archiving and restoring the Open Directory, and that worked for a little while, but then it started happening again. I exported the staff users and groups, wiped out the directory completely, reimported the staff users, reimported the student users from an export from the Student information system, reimported groups, and all was well for a couple more weeks. Now, again, it's starting to happen. For some reason, suddenly, users (mostly students, but not always) are loosing access to their own home folders (and all the other sharepoints on the server), and the only fix I've found is to change the User ID number. Oddly, it seems to be working just fine if I connect them using SMB, but I'd rather use AFP for home directories. Some possible factors: Single intel XServe running 10.6.5, Open directory master, AFP, DNS, DHCP, Netboot (DeployStudio Server), SMB, and SUS. Access for all services is set for all users and groups, I've tried changing to select groups, and manually adding all groups, changing back, etc, no change. Workgroups and management: The tech teacher in this building does a lot of workgroup management, far more than the other two Elementaries or the middle or high school. Due to the insane amount of management, and the insane amount of time she's spent setting it all up, I have been hesitant to just dump it all, but I'm at the point where that's going to have to be my next step, I think. User IDs: Student user ids are tied to their student id numbers in the SIS, 6 digits, starting with the two digit expected year of graduation eg: 212345 Staff UIDs are generally 3-4 digits, depending primarily on when they were added to the system. It seems to me that there must be something wrong with the SACLs, but I'm not even sure where to look for that, and I can't find any evidence that there is even an SACL for afp, say nothing to that uid being blocked from access. Anyone seen anything like this, or have any ideas where to start on trying to figure out what is going on, and why these users are being blocked from AFP access?