logging in to the account failed because an error ocurred
This has just started to become an issue as we have just started using OS X more now.
I have an OS X server connected to the AD domain and it also hosts the Home dirs on the XRAID over AFP for the AD users. This all works fine apart from some random times when the login window won't authenticate anyone, or so i thought. I had a machine where i could log on as my own managed network account and i thought that maybe the problem lay with the amount of connections to a single afp share since it usually affected the pupils. I then tried a different staff account only to find that that one also failed to log in receiving the thread title as the error message. I don't know what is causing the problem since when i restarted the machine it failed again but upon the second time it worked OK.
I have not specified a preferred DC in the AD Directory Plugin. Could this be the reason. Plus it also doesn't help when the other DC is being a sh*t and keeps losing network connection every 5 minutes. It may well be this...
I haven't seen this issue at our place, but if you are encountering random login problems I would check:
1. The AFP service configuration and logs- just to make sure that nothing is being flagged there as a problem
2. Network connectivity between clients and server
3. Your flakey AD DC. It might well be that this *is* the problem- since the client can't choose (unless you specify) which DC to use it might be worth changing that setting on a couple and see if that fixes the issues.
Not much to go on there that you don't already know. But if you find out what the problem is let me know- I'm always interested in logging these things!
Well an update on what i have found out so far. The DC was messing about but it wasn't the reason my users could not login. I have since demoted the AD Dc server though as i do need to sort out the network connection.
I have found that there seems to be an error when the users tries to login. The error is reported in the console. Its a strange error though as it regards the users home dir and not authenticating to it or something like that.
This issue happens with all the users that have created AFTER the other users. These pupils cam in after the build was finished. I used the same method i did with the other users and they still can't login. I have checked the users native record attributes in WGM against another user that can login in. There was one difference which i changed but still no go.
I have also used the kerberos app in the core services folder to check if i get a ticket for the user if i try and authenticate as him and i do. So kerberos is fine as well. the AFP service is set up for kerberos only authentication and there is no guest access allowed on the shares.
So now i just don't know what to do. I have already tried re-creating the user and still nothing. But it ONLY affects the newer users. Sometimes a diffrerent user will get the message but a restart of the client resolves that one. Its now driving me crazy. I really do think that leopard is SH*T
OK so dropping the AFP access method to any method allows the users failing to login to be able to login again. But the kerberos is working fine since the user gets a ticket in the kerberos app and mounts all the other shares that he has access to on login.
Man, this is a weird one. I hope that 10.5.5 sorts these problems out.