Active Directory users are unable to logon to Apple computers when the ‘Create mobile account at login’ box is ticked for OSX 10.6 users. The computer is bound to the domain, in the correct OU, and you can get user information from directory services with commands like id, su
Common log messages you see around this issue:
com.apple.DirectoryServices[15] Enter machine password:
com.apple.DirectoryServices[15] DNS update failed!
SecurityAgent[735] Could not get user record for 'username' from Directory Services
SecurityAgent[735] User infor context values set for usernameSecurityAgent[735] unknown-user (username) login attempt PASSED for auditing
SecurityAgent[735] Could not get the user record for 'username' from Directory Services
Work around:
To still have the mobile accounts enabled (for users who are not always connected to the network for authentication) mobile accounts need to be manually created for each user of a computer.
The following should be run in a terminal window to do this:
cd /System/Library/CoreServices/ManagedClient.app/Contents/Resources
sudo ./createmobileaccount –n
sudo createhomedir -c -u
http://discussions.apple.com/thread.jspa?threadID=2131654
