I have a very strange Directory Services question that is causing plenty of head scratching.
The authentication server is AD running on Windows Server 2000. The Macs are bound to the domain but also have an OD server in their authentication path. The user home folders are on the OD server, which is also bound to the domain.
Most Macs can authenticate successfully and mount their home from the OD server, either directly or as a mobile account, but one user has issues when using some of the Macs. When he attempts to log on we get a report that the home folder cannot be accessed at this time and that it is on an AFP or SMB share. If another user attempts to log on to the same Mac they can without a hitch. If the first user attempts to log on to another Mac, not one of those with issues, he can.
So…
User A can log on to Mac 1 but not Mac 2
User B can log onto both Mac 1 and Mac 2
This tells me that the account for user A in AD must be good, as must permissions on his home folder, as he can log onto Mac 2, and that the Directory Services set-up on Mac 1 must be good otherwise user B could not log onto it.
If you log onto Mac 1 using a local administrator account and use dscl to get the path for the users’s home directory, then attempt to mount that directory you get the Kerberos challenge, the password is accepted and the home directory mounts without issue.
All the pieces seem to be right but I cannot fathom why we have an issue with this one user.
The server is OS X Server 10.4.7 and all the clients are OS X 10.4.8 which was installed from a disk image prior to being bound to the domain.
.
.
Comments are closed