I have seven 10.6 machines connected to active directory, all work great. We have a new 10.8 machine now connected to active directory which is working for all users except one (the main user of course). Everyone but him can login using AD credentials, which he can as well until they change…which leads me to believe that it's actually authenticating against a local account.
I have tried re-building his account multiple times by deleting his user directory and then logging in again. The one thing that I did when he first logged in was tell 10.8 to create a mobile account since he's on a laptop and he needs to be able to login away from the network. I've disabled automatic creation of mobile accounts upon login and rebuilt the account (as described above) but it still logs in locally.
I know it's logging in locally because if I disconnect the network I'm still able to login.
Does anyone know how I can remove the "mobile account" setting from this account or have any ideas of what else could be causing this problem?
Thank you for any assistance you can provide, I'm stumped.
Danny
Best Answer
I think Keychain Access is caching the old login info and causing problems each time the info changes. Try deleting the existing login keychain and creating a new one and see if that resolves the problem. Everytime the AD login info changes the keychain needs to be manually updated to reflect those changes or this kind of problem will persist.