It is important that the user account authenticating to AD for the bind not be a member of too many groups. This apparently causes too much information to be sent along on the data.
Is it possible someone at your organization instituted a firewall change and didn’t inform you? When I recently encountered this problem it was because only port 464 TCP was open to the AD Domain Controllers; that is fine for Windows PCs but Macs and everything else using standard kerberos will also need 464 UDP. Your bind attempt will fail at the point where it attempts to change the machine password – I saw the exact same error log you’ve reported (if your hunch about “where things are going wrong” is correct and there’s nothing indicative of a different problem earlier in the log.
Hope that helps.
g=
Recent Comments