Issues with AD suddenly not allowing user login...

ega
Contributor III

We recently started to see intermittent issues with macOS devices that are bound to our campus AD and working suddenly stop allowing users to login. If we login with a local account we find that directory lookups to the AD all fail. In about 30% of the cases a reboot cures the issue. For another 30%, unbinding and rebinding fixes it. While we see the issue happen in the directory services logs we can’t see why. Anyone else seeing this kind of issue and are there any fixes?

2 REPLIES 2

thoule
Valued Contributor II

Is your computer naming different in the first 13 characters? Could be stepping on computer records... How's time drift? clocks are set right? Do you have an /etc/krb5.conf file?

ega
Contributor III

@thoule Our naming is either serial number or short dns hostnames which we require to be unique. Time is set from a time server on premises. We are binding using macOS configuration profile (or jamf prestage equiv) but I don't see that this creates krb5.conf in /etc like we would use if we were setting up MIT kerberos
Other ideas?