We are also having the same problem with our lab of iMacs running 10.5.6 bound to AD. We ran DS debug. Here is the relevant log file:
008-08-12 13:24:53 EDT – T[0xB0103000] – Active Directory: Password verify for [email protected] failed with error -1765328353
2008-08-12 13:24:53 EDT – T[0xB0103000] – Client: SecurityAgent, PID: 1461, API: dsDoDirNodeAuth(), Active Directory Used : DAR : Node Ref = 16779664 : Result code = -14090
2008-08-12 13:24:53 EDT – T[0xB0103000] – Plug-in call “dsDoDirNodeAuth()” failed with error = -14090.
2008-08-12 13:24:53 EDT – T[0xB0103000] – Port: 0 Call: dsDoDirNodeAuth() == -14090
I found that -1765328353 is a Kerberos error which means “decrypt integrity check failed” which also means “password incorrect.” We believe it is the computer account’s password. We have just changed the “passinterval” on one computer to 180 days as a test.
We have found that we do not need to rebind, just delete /etc/krb5.keytab and /var/db/krb5kdc. A reboot and it is fixed. Obviously, this is not ideal.
If anybody has any other solutions we would welcome it.
I do have a bug report in with Apple, rdar://problem/6144066.
Recent Comments