[Caiwyn]

This issue is not fixed as of Tiger version 10.4.5. I have experienced the exact same problem on two machines now. In both cases, the computer’s name on the domain is identical to the username, and the user doesn’t even have to be logged into the machine for his account to be locked. The machine only has to be online and joined to the domain.

In the first instance, the problem began when the user was forced to change his password on an iBook with 10.3.9 installed. I upgraded to 10.4.5, I tried unbinding and rebinding to the domain, I tried deleting the user’s keychain and rebuilding it (two different ways, even)… none of these resolved the issue. I had to replace the machine entirely.

In the second instance, the problem began right when the user upgraded to 10.4.5. This time I tried unbinding and binding the machine with a different machine name. This still did not work. I then tried unbinding the machine and turning off the active directory plugin, and telling the user to log into file shares and email manually. After about an hour, the account was locked again. I’ll be reinstalling the machine entirely next week.

A third machine has had an entirely separate problem that appears to be AD-related (file sync problems with one of our network shares), which only began after an upgrade to Tiger. Because of these three instances, upgrades to Tiger are on hold now. The upgrade process will now involve unbinding and reinstalling entire workstations, which means more downtime for users.

If anybody can think of other things to try that might alleviate the lockout issue, please post a response. The issue remains unresolved.

[Author]

Posts