OD user can authenticate for access to machine, but can’t connect to file server

[Demani]

I have the machines set up for network OD authentication, with local accounts. I can login to the user’s account on her machine, but I can’t connect to the AFP or SMB shares. When looking in the AFP access I see a full listing of attempts as
[code]IP 10.65.2.201 – – [10/Jun/2011:10:24:44 -0500] “Logout amys” -5023 0 0
[/code]
When I tried today, I got no logging that I could find, but the last time I looked at this the AFP access log kept showing the immediate logout listed above (never a login like any other account would get).

The local OS always displays the “You have entered an incorrect username or password.” even though I have verified account info and reset the password.
I can’t login with the admin password under her account either, and have tested connecting to the server on other machines and verified the same result. Other accounts login just fine.

Logging in with Kerberos on the initial login to the machine-here is this morning’s login as marked on the server:
[code]
Jun 22 2011 10:13:39 KERBEROS-LOGIN-CHECK: user {0x4dd96467075836cd0000007b00000079, amys} is in good standing.
Jun 22 2011 10:13:39 KERBEROS-LOGIN-CHECK: user {0x4dd96467075836cd0000007b00000079, amys} authentication succeeded.
Jun 22 2011 10:13:39 AUTH2: {0x4dd96467075836cd0000007b00000079, amys} DIGEST-MD5 authentication succeeded.
Jun 22 2011 10:13:39 GETPOLICY: user {0x4dd96467075836cd0000007b00000079, amys}.[/code]

and from the Kerberos server log:
[code]
Jun 22 10:13:38 od.bny.com krb5kdc[155](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.65.2.140: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required
Jun 22 10:13:38 od.bny.com krb5kdc[155](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.65.2.140: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required
Jun 22 10:13:39 od.bny.com krb5kdc[155](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.65.2.140: ISSUE: authtime 1308752019, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
Jun 22 10:13:39 od.bny.com krb5kdc[155](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.65.2.140: ISSUE: authtime 1308752019, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]
[/code]

But when attempting to connect to the share the credentials she enters aren’t accepted. The file server is an OD replica of the main OD server, and it has been synchronizing without a problem.

User is in all needed groups (compared against other users). No SACL are configured.

When logging in to the file server from a different machine I get a perpetual “Connecting…” in the login window, even when using the Admin password to masquerade.

[Author]

Posts