Not really sure this will help, but try purging his local Kerberos ticket cache (someone else will have to tell you how). If it is (n-2) where n=current,
AD will not give him a new one. The same thing can happen on a Windows workstation or even a DC.
From: fed-talk-bounces+paul.i.traynor=email@hidden [mailto:fed-talk-bounces+paul.i.traynor=email@hidden]
On Behalf Of Mike H
Sent: Wednesday, September 08, 2010 3:01 PM
To: Wieprecht, Karen M.
Cc: fed-talk
Subject: Re: [Fed-Talk] Particular user cannot login with AD account on oneMac - ANOTHER POSSIBLE SOLUTION FOR YOU
I am on 10.5.8 and there is only one AD user who cannot login to the Mac. Anyone else can. Additionally I have verified that he CAN login to a different Centrify-bound Mac.
I tried using /system/library/coreservices/Kerberos.app to get him a ticket, and when he tried to login, we got "Client credentials have been revoked" message. His AD account is not locked, nor is his password set to expire. I was able
to get a ticket, no problem.
Thanks for all the suggestions!