Help

suspect AD binding/Kerberos issue

blackholemac
Valued Contributor III

Posted on ‎05-09-2017 08:18 AM

So, I was recently asked to change the URL of the data share that is mapped for all users district wide Mac or Windows. I was able to achieve that in the JSS no problem, but I seem to have a minor pesky issue that is somewhat annoying.

So on a machine that successfully received the new share profile and removed the old one, I log as a user that has never logged in before and everything is hunky dory....works great..share mounts automagically, users is able to get going. The problem is when I log in as an existing user on that Mac (a hard-wired desktop Mac)...immediately upon login, the user is presented with a credentials window for the new share instead of relying on Kerberos tickets. I will note that I also tried mapping manually in the Finder and again am asked for creds.

I have tried running kdestroy and kinit for the user and we still seem to have the problem, though on a new user we don't. I'll be honest...I don't like AD binding, but we need to use it for one more year here. We are only bound to AD and not any other directory system. I have double checked authorizations for the share on the AD side. I'm running out of ideas and would love to have to avoid recreating people's local profiles. If anyone has ideas or needs me to post the products of commands, I can do that to help.

Thank you folks in advance,
blackholemac

0 Kudos
8 REPLIES 8

mm2270
Legendary Contributor III

Posted on ‎05-09-2017 08:41 AM

@blackholemac are these cached AD mobile accounts we're talking about? If so, although I've never experienced this issue myself, I'm wondering if there is something in the local cached record that is causing this? I would do a comparison of a dscl . read /Users/username output from an account that is working with the new share and one that isn't to see if there is some very obvious difference between them.

As an experiment, what happens if you do the following steps to recreate the cached AD mobile account record (not the home directory)?

  1. Log out of user and log back into a local admin account
  2. Delete the local directory services record for the affected user
    • dscl . delete /Users/username
  3. Recreate the cached AD mobile account
    • sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -h /Users/username
  4. Log back in as the user and see if the share mounts automagically

If the above works, then there is something in the previous cached record in local directory services it's hanging on to that is likely the culprit.
Maybe before running through the above steps you can capture a dscl . read output from the same account before, and then again after and compare them. I'm thinking if you find what is causing it, you can probably script a change to the local record without needing to fully recreate it.

Let us know what happens.

0 Kudos

blackholemac
Valued Contributor III

Posted on ‎05-09-2017 10:18 AM

Well...I'll be honest...not getting anywhere on this yet. I have captured the output of a working user vs. a non-working user...still trying to parse through it all, but I did try the experiment as well as one of my own.

The experiment, login as the local admin, run the two commands you posted above on a non-working user, log back in as said user and report the results. Unfortunately, I must report that the share did NOT map.

Where I went a step further...because this particular user is mostly done for the year and backed up, I had permission to delete it and the local home folder for it. I did that and it STILL persisted in asking for creds. Logged out and in as a never before logged in user and it still works.

I captured the output you requested and quite honestly it's a mile long and I don't quite know whether to post both sets of output from a working vs. non-working. I am going to start reviewing it and looking for what I know, but I may not know much. I'm willing to post it but it is seriously very long.

Also interesting if it helps...after all that...I tried logging in as what I thought to be a known working user on that machine and after a reboot, it's now asking for creds on that previously working user. In desperation, I also tried double checking the DNS on the Windows server...for proper Kerberos authentication is it required that the server have both forward and reverse DNS lookup. I noticed the Windows server only had forward lookup and no reverse. <sighs>

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎05-09-2017 10:38 AM

Huh, that's odd. So if it's even failing when you blow the entire account away and recreate it, home directory and all, that means it's not something in the local record causing this, but if not there, then what?

Let me ask, when you recreated the existing user, did you do it by simply trying to log back into the computer after removing the account, and letting the OS create it again, or did you pre-create the AD cached mobile account with the createmobileaccount binary? It sounds like when it's working the account is being created on the fly by simply logging in to the machine as the user while wired to the network. Does it also fail that way after you've deleted the previous account?

Don't worry about posting the dscl output. I know those can be crazy long. Sometimes the UserCertificate shows up there which displays as lines and lines of encoded data.

0 Kudos

blackholemac
Valued Contributor III

Posted on ‎05-09-2017 11:14 AM

Alright...I'm ready to post the two, but it may be for naught...so I've also discovered that apparently I didn't quite throughly observe the problem. On first login to a box it always maps...not on reboot though...even a suspected working login doesn't mount the share credential free after a reboot...UGH.

Anyway, I'll respond to your follow up...when I blew away the profile, I merely went to System Preferences - Users and Groups and blew it away from there telling the prompt to delete the home folder and then I logged back in...nothing more nothing less.

As for the DSCL output, I have it but had to spend a bit of time obfuscating some things:

Suspected working (may not be working after a reboot though):

dsAttrTypeNative:_writers_hint: staffuser
dsAttrTypeNative:_writers_jpegphoto: staffuser
dsAttrTypeNative:_writers_LinkedIdentity: staffuser
dsAttrTypeNative:_writers_passwd: staffuser
dsAttrTypeNative:_writers_picture: staffuser
dsAttrTypeNative:_writers_realname: staffuser
dsAttrTypeNative:_writers_UserCertificate: staffuser
dsAttrTypeNative:account_instance: ACEBF82F-30C9-4122-B353-1518A51F4D89
dsAttrTypeNative:accountPolicyData:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>creationTime</key>
    <real>1466090370.58746</real>
    <key>passwordHistoryDepth</key>
    <integer>0</integer>
    <key>passwordLastSetTime</key>
    <real>1466090371.3216381</real>
    <key>policies</key>
    <dict>
        <key>policyCategoryPasswordChange</key>
        <array>
            <dict>
                <key>policyContent</key>
                <string>FALSEPREDICATE</string>
                <key>policyIdentifier</key>
                <string>com.apple.policy.legacy.newPasswordRequired</string>
            </dict>
        </array>
    </dict>
    <key>storeLastLoginTime</key>
    <false/>
</dict>
</plist>

dsAttrTypeNative:cached_auth_policy:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
    <data>
    aXNEaXNhYmxlZD1mYWxzZSBuZXdQYXNzd29yZFJlcXVpcmVkPWZhbHNlIA==
    </data>
</array>
</plist>

dsAttrTypeNative:cached_groups:
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 42443035 43464233 2d424230 372d3438 41312d38 4131432d 45384541 44373236 38323335 a10b5f10 214c5343 57414e5c 436c6561 7220496e 7465726e 65742050 6f727420 41636365 7373a10d 5f104543 4e3d436c 65617220 496e7465 726e6574 20506f72 74204163 63657373 2c4f553d 46616369 6c697469 65732c44 433d6c73 632c4443 3d6b3132 2c44433d 696e2c44 433d7573 a10f5f10 262f4163 74697665 20446972 6563746f 72792f4c 53435741 4e2f6c73 632e6b31 322e696e 2e7573a1 115f1018 64735265 63547970 65537461 6e646172 643a4772 6f757073 a1135a31 30323337 39313032 37a1155f 101a436c 65617220 496e7465 726e6574 20506f72 74204163 63657373 00080017 00390059 008200ad 00cd00f1 010f0111 0138013a 015e0160 01a801aa 01d301d5 01f001f2 01fd01ff 00000000 00000201 00000000 00000016 00000000 00000000 00000000 0000021c
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 34434446 31463036 2d303538 462d3446 35332d38 3842312d 33324539 45363639 42363832 a10b5f10 154c5343 57414e5c 436f6d70 75746572 20546563 6873a10d 5f103943 4e3d436f 6d707574 65722054 65636873 2c4f553d 46616369 6c697469 65732c44 433d6c73 632c4443 3d6b3132 2c44433d 696e2c44 433d7573 a10f5f10 262f4163 74697665 20446972 6563746f 72792f4c 53435741 4e2f6c73 632e6b31 322e696e 2e7573a1 115f1018 64735265 63547970 65537461 6e646172 643a4772 6f757073 a1135a31 32383936 39303838 36a1155e 436f6d70 75746572 20546563 68730008 00170039 00590082 00ad00cd 00f1010f 01110138 013a0152 01540190 019201bb 01bd01d8 01da01e5 01e70000 00000000 02010000 00000000 00160000 00000000 00000000 00000000 01f6
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 44463932 41413836 2d373037 302d3442 31412d41 4344362d 38303438 32343531 36324545 a10b5f10 154c5343 57414e5c 544d4143 6c69656e 74557365 7273a10d 5f103943 4e3d544d 41436c69 656e7455 73657273 2c4f553d 46616369 6c697469 65732c44 433d6c73 632c4443 3d6b3132 2c44433d 696e2c44 433d7573 a10f5f10 262f4163 74697665 20446972 6563746f 72792f4c 53435741 4e2f6c73 632e6b31 322e696e 2e7573a1 115f1018 64735265 63547970 65537461 6e646172 643a4772 6f757073 a1135a31 36303334 34373433 30a1155e 544d4143 6c69656e 74557365 72730008 00170039 00590082 00ad00cd 00f1010f 01110138 013a0152 01540190 019201bb 01bd01d8 01da01e5 01e70000 00000000 02010000 00000000 00160000 00000000 00000000 00000000 01f6
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 33463139 37433731 2d373739 352d3442 41432d41 4542422d 39363731 46443831 37413643 a10b5f10 134c5343 57414e5c 446f6d61 696e2055 73657273 a10d5f10 32434e3d 446f6d61 696e2055 73657273 2c434e3d 55736572 732c4443 3d6c7363 2c44433d 6b31322c 44433d69 6e2c4443 3d7573a1 0f5f1026 2f416374 69766520 44697265 63746f72 792f4c53 4357414e 2f6c7363 2e6b3132 2e696e2e 7573a111 5f101864 73526563 54797065 5374616e 64617264 3a47726f 757073a1 135a3130 35383633 34383635 a1155c44 6f6d6169 6e205573 65727300 08001700 39005900 8200ad00 cd00f101 0f011101 38013a01 50015201 87018901 b201b401 cf01d101 dc01de00 00000000 00020100 00000000 00001600 00000000 00000000 00000000 0001eb
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 39433936 37454338 2d384639 442d3430 32302d38 3633342d 30324433 37353233 44453542 a10b5f10 0f4c5343 57414e5c 46414373 74616666 a10d5f10 33434e3d 46414373 74616666 2c4f553d 46616369 6c697469 65732c44 433d6c73 632c4443 3d6b3132 2c44433d 696e2c44 433d7573 a10f5f10 262f4163 74697665 20446972 6563746f 72792f4c 53435741 4e2f6c73 632e6b31 322e696e 2e7573a1 115f1018 64735265 63547970 65537461 6e646172 643a4772 6f757073 a1135934 37393632 34393034 a1155846 41437374 61666600 08001700 39005900 8200ad00 cd00f101 0f011101 38013a01 4c014e01 84018601 af01b101 cc01ce01 d801da00 00000000 00020100 00000000 00001600 00000000 00000000 00000000 0001e3
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 44313130 39374332 2d364133 312d3434 36342d41 4438362d 37393042 41373333 46433345 a10b5f10 0f4c5343 57414e5c 4c534353 74616666 a10d5f10 33434e3d 4c534353 74616666 2c4f553d 46616369 6c697469 65732c44 433d6c73 632c4443 3d6b3132 2c44433d 696e2c44 433d7573 a10f5f10 262f4163 74697665 20446972 6563746f 72792f4c 53435741 4e2f6c73 632e6b31 322e696e 2e7573a1 115f1018 64735265 63547970 65537461 6e646172 643a4772 6f757073 a1135a31 33363030 34313932 32a11558 4c534353 74616666 00080017 00390059 008200ad 00cd00f1 010f0111 0138013a 014c014e 01840186 01af01b1 01cc01ce 01d901db 00000000 00000201 00000000 00000016 00000000 00000000 00000000 000001e4
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 35364238 33464430 2d323144 422d3436 30322d42 4643392d 38453434 38344646 34303630 a10b5f10 124c5343 57414e5c 4c534372 65537461 666673a1 0d5f1031 434e3d4c 53437265 53746166 66732c43 4e3d5573 6572732c 44433d6c 73632c44 433d6b31 322c4443 3d696e2c 44433d75 73a10f5f 10262f41 63746976 65204469 72656374 6f72792f 4c534357 414e2f6c 73632e6b 31322e69 6e2e7573 a1115f10 18647352 65635479 70655374 616e6461 72643a47 726f7570 73a1135a 31343534 39313535 3336a115 5b4c5343 72655374 61666673 00080017 00390059 008200ad 00cd00f1 010f0111 0138013a 014f0151 01850187 01b001b2 01cd01cf 01da01dc 00000000 00000201 00000000 00000016 00000000 00000000 00000000 000001e8
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 44413932 32443834 2d374536 442d3442 44412d41 4531462d 39433142 32333930 34393431 a10b5f10 164c5343 57414e5c 50617065 72437574 20416363 657373a1 0d5f103a 434e3d50 61706572 43757420 41636365 73732c4f 553d4661 63696c69 74696573 2c44433d 6c73632c 44433d6b 31322c44 433d696e 2c44433d 7573a10f 5f10262f 41637469 76652044 69726563 746f7279 2f4c5343 57414e2f 6c73632e 6b31322e 696e2e75 73a1115f 10186473 52656354 79706553 74616e64 6172643a 47726f75 7073a113 5a313531 39353239 333438a1 155f100f 50617065 72437574 20416363 65737300 08001700 39005900 8200ad00 cd00f101 0f011101 38013a01 53015501 92019401 bd01bf01 da01dc01 e701e900 00000000 00020100 00000000 00001600 00000000 00000000 00000000 0001fb
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 41453643 44303142 2d333330 302d3436 33342d38 3431452d 30353446 32323744 45414643 a10b5f10 124c5343 57414e5c 4c534376 706e5573 657273a1 0d5f1036 434e3d4c 53437670 6e557365 72732c4f 553d4661 63696c69 74696573 2c44433d 6c73632c 44433d6b 31322c44 433d696e 2c44433d 7573a10f 5f10262f 41637469 76652044 69726563 746f7279 2f4c5343 57414e2f 6c73632e 6b31322e 696e2e75 73a1115f 10186473 52656354 79706553 74616e64 6172643a 47726f75 7073a113 59373738 38383330 3939a115 5b4c5343 76706e55 73657273 00080017 00390059 008200ad 00cd00f1 010f0111 0138013a 014f0151 018a018c 01b501b7 01d201d4 01de01e0 00000000 00000201 00000000 00000016 00000000 00000000 00000000 000001ec
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 30324441 45413037 2d364538 312d3441 43352d38 3245452d 38444439 45314244 32444545 a10b5f10 0f4c5343 57414e5c 53524155 73657273 a10d5f10 33434e3d 53524155 73657273 2c4f553d 46616369 6c697469 65732c44 433d6c73 632c4443 3d6b3132 2c44433d 696e2c44 433d7573 a10f5f10 262f4163 74697665 20446972 6563746f 72792f4c 53435741 4e2f6c73 632e6b31 322e696e 2e7573a1 115f1018 64735265 63547970 65537461 6e646172 643a4772 6f757073 a1135834 37393031 313931a1 15585352 41557365 72730008 00170039 00590082 00ad00cd 00f1010f 01110138 013a014c 014e0184 018601af 01b101cc 01ce01d7 01d90000 00000000 02010000 00000000 00160000 00000000 00000000 00000000 01e2
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 44383639 36353832 2d384545 412d3437 42312d39 4444432d 30394539 41373638 32463536 a10b5f10 124c5343 57414e5c 54656368 2041646d 696e73a1 0d5f103f 434e3d54 65636820 41646d69 6e732c4f 553d4164 6d696e2c 4f553d46 6163696c 69746965 732c4443 3d6c7363 2c44433d 6b31322c 44433d69 6e2c4443 3d7573a1 0f5f1026 2f416374 69766520 44697265 63746f72 792f4c53 4357414e 2f6c7363 2e6b3132 2e696e2e 7573a111 5f101864 73526563 54797065 5374616e 64617264 3a47726f 757073a1 135a3134 38333330 32323734 a1155b54 65636820 41646d69 6e730008 00170039 00590082 00ad00cd 00f1010f 01110138 013a014f 01510193 019501be 01c001db 01dd01e8 01ea0000 00000000 02010000 00000000 00160000 00000000 00000000 00000000 01f6
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 32433142 42373244 2d343433 372d3435 38462d39 3634432d 38343643 33394642 37444637 a10b5f10 0f4c5343 57414e5c 57412d55 73657273 a10d5f10 4e434e3d 57412d55 73657273 2c4f553d 57697265 6c657373 20557365 72732c4f 553d5374 6166662c 4f553d46 6163696c 69746965 732c4443 3d6c7363 2c44433d 6b31322c 44433d69 6e2c4443 3d7573a1 0f5f1026 2f416374 69766520 44697265 63746f72 792f4c53 4357414e 2f6c7363 2e6b3132 2e696e2e 7573a111 5f101864 73526563 54797065 5374616e 64617264 3a47726f 757073a1 13593734 30303133 383639a1 15585741 2d557365 72730008 00170039 00590082 00ad00cd 00f1010f 01110138 013a014c 014e019f 01a101ca 01cc01e7 01e901f3 01f50000 00000000 02010000 00000000 00160000 00000000 00000000 00000000 01fe
dsAttrTypeNative:original_realname:
 Staff User
dsAttrTypeNative:original_shell: /bin/bash
dsAttrTypeNative:preserved_attributes: dsAttrTypeStandard:RealName dsAttrTypeStandard:AuthenticationAuthority dsAttrTypeStandard:NFSHomeDirectory dsAttrTypeStandard:HomeDirectory dsAttrTypeStandard:UserShell dsAttrTypeStandard:Picture dsAttrTypeStandard:JPEGPhoto dsAttrTypeStandard:AppleMetaNodeLocation dsAttrTypeStandard:CreationTimestamp dsAttrTypeStandard:ModificationTimestamp dsAttrTypeStandard:PasswordPolicyOptions accountPolicyData dsAttrTypeNative:ShadowHashData dsAttrTypeStandard:SMBHome
AltSecurityIdentities: Kerberos:staffuser@myorghere.org
AppleMetaNodeLocation: /Local/Default
AppleMetaRecordName:
 CN=Staff User,OU=Clear Port Users,OU=Facilities,DC=myorghere,DC=org
AuthenticationAuthority:
 ;LocalCachedUser;/Active Directory/MYORGDOMAIN/myorghere.org:staffuser:E0B4D5ED-68BB-42F0-AE1B-E39BA3E669E2
 ;Kerberosv5;;staffuser@MYORGHERE.ORG;MYORGHERE.ORG;
 ;ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2>
Comment:
 9030 - FAC
CopyTimestamp: 2016-06-16T15:19:30Z
EMailAddress: staffuser@myorghere.org
FirstName: Staff
GeneratedUID: E0B4D5ED-68BB-42F0-AE1B-E39BA3E669E2
JobTitle: Staff
LastName: User
MCXFlags:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>has_mcx_settings</key>
    <true/>
</dict>
</plist>

MCXSettings:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>mcx_application_data</key>
    <dict>
        <key>com.apple.MCX</key>
        <dict>
            <key>Forced</key>
            <array>
                <dict>
                    <key>mcx_precedence</key>
                    <integer>500</integer>
                    <key>mcx_preference_settings</key>
                    <dict>
                        <key>com.apple.cachedaccounts.CreateAtLogin</key>
                        <true/>
                        <key>com.apple.cachedaccounts.WarnOnCreate</key>
                        <false/>
                    </dict>
                </dict>
            </array>
        </dict>
        <key>com.apple.dock</key>
        <dict>
            <key>Forced</key>
            <array>
                <dict>
                    <key>mcx_precedence</key>
                    <integer>500</integer>
                    <key>mcx_preference_settings</key>
                    <dict>
                        <key>AppItems-Raw</key>
                        <array/>
                        <key>DocItems-Raw</key>
                        <array/>
                        <key>MCXDockSpecialFolders-Raw</key>
                        <array>
                            <string>AddDockMCXOriginalNetworkHomeFolder</string>
                        </array>
                    </dict>
                    <key>mcx_union_policy_keys</key>
                    <array>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>AppItems-Raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>static-apps</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>DocItems-Raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>static-others</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>MCXDockSpecialFolders-Raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>MCXDockSpecialFolders</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                    </array>
                </dict>
            </array>
        </dict>
        <key>loginwindow</key>
        <dict>
            <key>Forced</key>
            <array>
                <dict>
                    <key>mcx_precedence</key>
                    <integer>500</integer>
                    <key>mcx_preference_settings</key>
                    <dict>
                        <key>AutoLaunchedApplicationDictionary-raw</key>
                        <array>
                            <dict>
                                <key>AuthenticateAsLoginUserShortName</key>
                                <true/>
                                <key>MCX-NetworkHomeDirectoryItem</key>
                                <true/>
                            </dict>
                        </array>
                    </dict>
                    <key>mcx_union_policy_keys</key>
                    <array>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>AutoLaunchedApplicationDictionary-raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>AutoLaunchedApplicationDictionary-managed</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                    </array>
                </dict>
            </array>
        </dict>
    </dict>
</dict>
</plist>

NFSHomeDirectory: /Users/staffuser
OriginalAuthenticationAuthority: ;Kerberosv5;;staffuser@MYORGHERE.ORG;MYORGHERE.ORG; ;NetLogon;staffuser;MYORGDOMAIN
OriginalNodeName:
 /Active Directory/MYORGDOMAIN/myorghere.org
Password: ********
PasswordPolicyOptions:
 62706c69 73743030 d6010203 04050607 0f101112 1358706f 6c696369 65735f10 126c6173 744c6f67 696e5469 6d657374 616d705f 10127374 6f72654c 6173744c 6f67696e 54696d65 5c637265 6174696f 6e54696d 655f1013 70617373 776f7264 4c617374 53657454 696d655f 10147061 7373776f 72644869 73746f72 79446570 7468d108 095f101c 706f6c69 63794361 7465676f 72795061 7373776f 72644368 616e6765 a10ad20b 0c0d0e5d 706f6c69 6379436f 6e74656e 745f1010 706f6c69 63794964 656e7469 66696572 5e46414c 53455052 45444943 4154455f 102b636f 6d2e6170 706c652e 706f6c69 63792e6c 65676163 792e6e65 77506173 73776f72 64526571 75697265 643341bd 12fb03cf a3a90923 41d5d8b0 e0a598f2 2341d5d8 b0e0d495 b8100000 08001500 1e003300 48005500 6b008200 8500a400 a600ab00 b900cc00 db010901 12011301 1c012500 00000000 00020100 00000000 00001400 00000000 00000000 00000000 000127
PhoneNumber: 772-4789
PrimaryGroupID: 1058634865
PrimaryNTDomain: MYORGDOMAIN
RealName:
 Staff User
RecordName: staffuser
RecordType: dsRecTypeStandard:Users
SMBGroupRID: 513
SMBPasswordLastSet: 130979438794076428
SMBPrimaryGroupSID: S-1-5-21-343818398-1563985344-1177238915-513
SMBScriptPath: login.bat
SMBSID: S-1-5-21-343818398-1563985344-1177238915-11941
UniqueID: 1622463981
UserShell: /bin/bash

Known not working account info:

dsAttrTypeNative:_writers_hint: testuser
dsAttrTypeNative:_writers_jpegphoto: testuser
dsAttrTypeNative:_writers_LinkedIdentity: testuser
dsAttrTypeNative:_writers_passwd: testuser
dsAttrTypeNative:_writers_picture: testuser
dsAttrTypeNative:_writers_realname: testuser
dsAttrTypeNative:_writers_UserCertificate: testuser
dsAttrTypeNative:account_instance: 5838EA55-E5C5-4BBF-8992-CF922FAB502D
dsAttrTypeNative:accountPolicyData:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>creationTime</key>
    <real>1494349501.105552</real>
    <key>passwordHistoryDepth</key>
    <integer>0</integer>
    <key>passwordLastSetTime</key>
    <real>1494349501.863389</real>
    <key>policies</key>
    <dict>
        <key>policyCategoryPasswordChange</key>
        <array>
            <dict>
                <key>policyContent</key>
                <string>FALSEPREDICATE</string>
                <key>policyIdentifier</key>
                <string>com.apple.policy.legacy.newPasswordRequired</string>
            </dict>
        </array>
    </dict>
    <key>storeLastLoginTime</key>
    <false/>
</dict>
</plist>

dsAttrTypeNative:cached_auth_policy:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
    <data>
    aXNEaXNhYmxlZD1mYWxzZSBuZXdQYXNzd29yZFJlcXVpcmVkPWZhbHNlIA==
    </data>
</array>
</plist>

dsAttrTypeNative:cached_groups:
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 33463139 37433731 2d373739 352d3442 41432d41 4542422d 39363731 46443831 37413643 a10b5f10 134c5343 57414e5c 446f6d61 696e2055 73657273 a10d5f10 32434e3d 446f6d61 696e2055 73657273 2c434e3d 55736572 732c4443 3d6c7363 2c44433d 6b31322c 44433d69 6e2c4443 3d7573a1 0f5f1026 2f416374 69766520 44697265 63746f72 792f4c53 4357414e 2f6c7363 2e6b3132 2e696e2e 7573a111 5f101864 73526563 54797065 5374616e 64617264 3a47726f 757073a1 135a3130 35383633 34383635 a1155c44 6f6d6169 6e205573 65727300 08001700 39005900 8200ad00 cd00f101 0f011101 38013a01 50015201 87018901 b201b401 cf01d101 dc01de00 00000000 00020100 00000000 00001600 00000000 00000000 00000000 0001eb
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 37414339 43303046 2d393243 322d3431 45462d41 3233462d 37313332 33424444 34414645 a10b5f10 1c4c5343 57414e5c 4d494120 496e7465 726e6574 20537475 64656e74 73a10d5f 1047434e 3d4d4941 20496e74 65726e65 74205374 7564656e 74732c4f 553d5374 7564656e 74732c4f 553d4d69 616d692c 44433d6c 73632c44 433d6b31 322c4443 3d696e2c 44433d75 73a10f5f 10262f41 63746976 65204469 72656374 6f72792f 4c534357 414e2f6c 73632e6b 31322e69 6e2e7573 a1115f10 18647352 65635479 70655374 616e6461 72643a47 726f7570 73a1135a 32303630 30343232 3535a115 5f10154d 49412049 6e746572 6e657420 53747564 656e7473 00080017 00390059 008200ad 00cd00f1 010f0111 0138013a 0159015b 01a501a7 01d001d2 01ed01ef 01fa01fc 00000000 00000201 00000000 00000016 00000000 00000000 00000000 00000214
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 35444444 32423838 2d384545 302d3444 41312d38 4442412d 36333432 32373234 37464246 a10b5f10 124c5343 57414e5c 4d494173 74756465 6e7473a1 0d5f1031 434e3d4d 49417374 7564656e 74732c4f 553d4d69 616d692c 44433d6c 73632c44 433d6b31 322c4443 3d696e2c 44433d75 73a10f5f 10262f41 63746976 65204469 72656374 6f72792f 4c534357 414e2f6c 73632e6b 31322e69 6e2e7573 a1115f10 18647352 65635479 70655374 616e6461 72643a47 726f7570 73a1135a 31353734 37373536 3838a115 5b4d4941 73747564 656e7473 00080017 00390059 008200ad 00cd00f1 010f0111 0138013a 014f0151 01850187 01b001b2 01cd01cf 01da01dc 00000000 00000201 00000000 00000016 00000000 00000000 00000000 000001e8
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 34394146 32313434 2d444443 332d3445 32322d41 3542422d 36363338 34343333 45373846 a10b5f10 124c5343 57414e5c 4c534353 74756465 6e7473a1 0d5f1036 434e3d4c 53435374 7564656e 74732c4f 553d4661 63696c69 74696573 2c44433d 6c73632c 44433d6b 31322c44 433d696e 2c44433d 7573a10f 5f10262f 41637469 76652044 69726563 746f7279 2f4c5343 57414e2f 6c73632e 6b31322e 696e2e75 73a1115f 10186473 52656354 79706553 74616e64 6172643a 47726f75 7073a113 5a313233 36323134 303834a1 155b4c53 43537475 64656e74 73000800 17003900 59008200 ad00cd00 f1010f01 11013801 3a014f01 51018a01 8c01b501 b701d201 d401df01 e1000000 00000002 01000000 00000000 16000000 00000000 00000000 00000001 ed
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 36374138 31304630 2d343444 422d3431 35392d42 3043362d 46374538 30343430 33454438 a10b5f10 164c5343 57414e5c 4c534372 65454c53 74756465 6e7473a1 0d5f1035 434e3d4c 53437265 454c5374 7564656e 74732c43 4e3d5573 6572732c 44433d6c 73632c44 433d6b31 322c4443 3d696e2c 44433d75 73a10f5f 10262f41 63746976 65204469 72656374 6f72792f 4c534357 414e2f6c 73632e6b 31322e69 6e2e7573 a1115f10 18647352 65635479 70655374 616e6461 72643a47 726f7570 73a1135a 31373339 30363736 3332a115 5f100f4c 53437265 454c5374 7564656e 74730008 00170039 00590082 00ad00cd 00f1010f 01110138 013a0153 0155018d 018f01b8 01ba01d5 01d701e2 01e40000 00000000 02010000 00000000 00160000 00000000 00000000 00000000 01f6
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 43313443 38353231 2d363836 432d3444 39322d41 3535392d 33314333 39463641 36434233 a10b5f10 194c5343 57414e5c 53746166 6620616e 64205374 7564656e 7473a10d 5f103843 4e3d5374 61666620 616e6420 53747564 656e7473 2c434e3d 55736572 732c4443 3d6c7363 2c44433d 6b31322c 44433d69 6e2c4443 3d7573a1 0f5f1026 2f416374 69766520 44697265 63746f72 792f4c53 4357414e 2f6c7363 2e6b3132 2e696e2e 7573a111 5f101864 73526563 54797065 5374616e 64617264 3a47726f 757073a1 135a3130 39353533 33383537 a1155f10 12537461 66662061 6e642053 74756465 6e747300 08001700 39005900 8200ad00 cd00f101 0f011101 38013a01 56015801 93019501 be01c001 db01dd01 e801ea00 00000000 00020100 00000000 00001600 00000000 00000000 00000000 0001ff
 62706c69 73743030 d7010203 04050607 080a0c0e 1012145f 101f6473 41747472 54797065 5374616e 64617264 3a47656e 65726174 65645549 445f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 644e616d 655f1026 64734174 74725479 70655374 616e6461 72643a41 70706c65 4d657461 5265636f 72644e61 6d655f10 28647341 74747254 79706553 74616e64 6172643a 4170706c 654d6574 614e6f64 654c6f63 6174696f 6e5f101d 64734174 74725479 70655374 616e6461 72643a52 65636f72 64547970 655f1021 64734174 74725479 70655374 616e6461 72643a50 72696d61 72794772 6f757049 445f101b 64734174 74725479 70655374 616e6461 72643a52 65616c4e 616d65a1 095f1024 41363139 36323834 2d303445 432d3445 43432d38 4234322d 45324534 41463646 34423041 a10b5f10 114c5343 57414e5c 68537461 66664465 6e79a10d 5f103043 4e3d6853 74616666 44656e79 2c434e3d 55736572 732c4443 3d6c7363 2c44433d 6b31322c 44433d69 6e2c4443 3d7573a1 0f5f1026 2f416374 69766520 44697265 63746f72 792f4c53 4357414e 2f6c7363 2e6b3132 2e696e2e 7573a111 5f101864 73526563 54797065 5374616e 64617264 3a47726f 757073a1 13593633 39313937 383238a1 155a6853 74616666 44656e79 00080017 00390059 008200ad 00cd00f1 010f0111 0138013a 014e0150 01830185 01ae01b0 01cb01cd 01d701d9 00000000 00000201 00000000 00000016 00000000 00000000 00000000 000001e4
dsAttrTypeNative:original_realname: testuser
dsAttrTypeNative:original_shell: /bin/bash
dsAttrTypeNative:preserved_attributes: dsAttrTypeStandard:RealName dsAttrTypeStandard:AuthenticationAuthority dsAttrTypeStandard:NFSHomeDirectory dsAttrTypeStandard:HomeDirectory dsAttrTypeStandard:UserShell dsAttrTypeStandard:Picture dsAttrTypeStandard:JPEGPhoto dsAttrTypeStandard:AppleMetaNodeLocation dsAttrTypeStandard:CreationTimestamp dsAttrTypeStandard:ModificationTimestamp dsAttrTypeStandard:PasswordPolicyOptions accountPolicyData dsAttrTypeNative:ShadowHashData dsAttrTypeStandard:SMBHome
AltSecurityIdentities: Kerberos:testuser
AppleMetaNodeLocation: /Local/Default
AppleMetaRecordName: CN=testuser,OU=2025,OU=Students,OU=Miami,DC=myorghere,DC=org
AuthenticationAuthority:
 ;LocalCachedUser;/Active Directory/MYORGDOMAIN/myorghere.org:testuser:5B65A254-E8C9-4637-83AA-68A0ABAE186B
 ;Kerberosv5;;testuser@MYORGHERE.ORG;MYORGHERE.ORG;
 ;ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2>
Comment:
 2025 student test account
CopyTimestamp: 2017-05-09T17:05:01Z
GeneratedUID: 5B65A254-E8C9-4637-83AA-68A0ABAE186B
JobTitle: 2025_MIA
MCXFlags:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>has_mcx_settings</key>
    <true/>
</dict>
</plist>

MCXSettings:
 <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>mcx_application_data</key>
    <dict>
        <key>com.apple.MCX</key>
        <dict>
            <key>Forced</key>
            <array>
                <dict>
                    <key>mcx_precedence</key>
                    <integer>500</integer>
                    <key>mcx_preference_settings</key>
                    <dict>
                        <key>com.apple.cachedaccounts.CreateAtLogin</key>
                        <true/>
                        <key>com.apple.cachedaccounts.WarnOnCreate</key>
                        <false/>
                    </dict>
                </dict>
            </array>
        </dict>
        <key>com.apple.dock</key>
        <dict>
            <key>Forced</key>
            <array>
                <dict>
                    <key>mcx_precedence</key>
                    <integer>500</integer>
                    <key>mcx_preference_settings</key>
                    <dict>
                        <key>AppItems-Raw</key>
                        <array/>
                        <key>DocItems-Raw</key>
                        <array/>
                        <key>MCXDockSpecialFolders-Raw</key>
                        <array>
                            <string>AddDockMCXOriginalNetworkHomeFolder</string>
                        </array>
                    </dict>
                    <key>mcx_union_policy_keys</key>
                    <array>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>AppItems-Raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>static-apps</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>DocItems-Raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>static-others</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>MCXDockSpecialFolders-Raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>MCXDockSpecialFolders</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                    </array>
                </dict>
            </array>
        </dict>
        <key>loginwindow</key>
        <dict>
            <key>Forced</key>
            <array>
                <dict>
                    <key>mcx_precedence</key>
                    <integer>500</integer>
                    <key>mcx_preference_settings</key>
                    <dict>
                        <key>AutoLaunchedApplicationDictionary-raw</key>
                        <array>
                            <dict>
                                <key>AuthenticateAsLoginUserShortName</key>
                                <true/>
                                <key>MCX-NetworkHomeDirectoryItem</key>
                                <true/>
                            </dict>
                        </array>
                    </dict>
                    <key>mcx_union_policy_keys</key>
                    <array>
                        <dict>
                            <key>mcx_input_key_names</key>
                            <array>
                                <string>AutoLaunchedApplicationDictionary-raw</string>
                            </array>
                            <key>mcx_output_key_name</key>
                            <string>AutoLaunchedApplicationDictionary-managed</string>
                            <key>mcx_remove_duplicates</key>
                            <true/>
                        </dict>
                    </array>
                </dict>
            </array>
        </dict>
    </dict>
</dict>
</plist>

NFSHomeDirectory: /Users/testuser
OriginalAuthenticationAuthority: ;Kerberosv5;;testuser@MYORGHERE.ORG;MYORGHERE.ORG; ;NetLogon;testuser;MYORGDOMAIN
OriginalNodeName:
 /Active Directory/MYORGDOMAIN/myorghere.org
Password: ********
PasswordPolicyOptions:
 62706c69 73743030 d6010203 04050607 0f101112 1358706f 6c696369 65735f10 126c6173 744c6f67 696e5469 6d657374 616d705f 10127374 6f72654c 6173744c 6f67696e 54696d65 5c637265 6174696f 6e54696d 655f1013 70617373 776f7264 4c617374 53657454 696d655f 10147061 7373776f 72644869 73746f72 79446570 7468d108 095f101c 706f6c69 63794361 7465676f 72795061 7373776f 72644368 616e6765 a10ad20b 0c0d0e5d 706f6c69 6379436f 6e74656e 745f1010 706f6c69 63794964 656e7469 66696572 5e46414c 53455052 45444943 4154455f 102b636f 6d2e6170 706c652e 706f6c69 63792e6c 65676163 792e6e65 77506173 73776f72 64526571 75697265 643341be c22e3e57 17ad0923 41d6447d af46c15d 2341d644 7daf7741 c4100000 08001500 1e003300 48005500 6b008200 8500a400 a600ab00 b900cc00 db010901 12011301 1c012500 00000000 00020100 00000000 00001400 00000000 00000000 00000000 000127
PrimaryGroupID: 1058634865
PrimaryNTDomain: MYORGDOMAIN
RealName: testuser
RecordName: testuser
RecordType: dsRecTypeStandard:Users
SMBGroupRID: 513
SMBPasswordLastSet: 130511061835428488
SMBPrimaryGroupSID: S-1-5-21-343818398-1563985344-1177238915-513
SMBSID: S-1-5-21-343818398-1563985344-1177238915-54245
UniqueID: 1533387348
UserShell: /bin/bash

I have the original output unobfuscated here on my computer if anything seems weird to you. I also have our AD admins adding a reverse look up in DNS to the new share drive. The old one had reverse lookup, but the new one doesn't for whatever reason. I don't know if that has anything to do with this, but getting ducks in a row helps.

Kind regards,
blackholemac

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎05-09-2017 12:45 PM

@blackholemac Well, I'm not seeing anything obvious in the above output. The couple of items I was interested in seem to be identical between the two accounts, and anyway, if you're finding it's failing to automount upon the second login, but works on the first, then I suspect there's something else going on, but I'm running out of ideas on what it could be myself.

Post back if you discover anything else on this, or manage to get it fixed.

0 Kudos

blackholemac
Valued Contributor III

Posted on ‎05-09-2017 01:15 PM

@mm2270 I want to thank you for your willingness to help . It was very much appreciated. Well I don't have a working answer yet I'm going to try some more things in the next few days and if that doesn't work I'm going to give up and call support that's why we pay Apple and jamf. You are a gentleman though for trying to help .

0 Kudos

PeterClarke
Contributor II

Posted on ‎05-10-2017 01:07 AM

Please Double-Check, that your clients 'system clock', agrees with the clock on your AD system.
i.e. it's best if they both use the same ntp server.

This is a simple thing, but if wrong, will cause problems.
And if nothing else, then at least you would have eliminated another possible cause.

0 Kudos

blackholemac
Valued Contributor III

Posted on ‎05-10-2017 03:13 AM

Good thought @PeterClarke . Already checked that 2-3 times. I've had a real pesky issue 4-5 years ago and date/time/not with the DC is now the FIRST quick check for any AD binding issue.

being a Mac server guy and knowing that proper DNS is essential, I'm going to work with Windows admins this morning to get reverse dns added to the server that the share is on. We are using FQDN to mount it with. Kerberos I know doesn't like it or doesn't function at all without dns being just right. I hope the final fix is that easy.

0 Kudos