Sam4Pres, I tried finding differences. One difference is administrators have no problems any time. Non-admins do, sometimes. If I promote the user to administrators, sometimes it helps, sometimes not.
Sounds to me like a OD problem, like corruption or something.
I need to be able to read logs, can someone help me find the appropriate logs to read?
If you believe this is an OD issue, then enable OD debug logging. On server and/or client, do this:
sudo killall -USR1 OpenDirectory
This will create a a new log file in /Library/Logs/DirectoryService called DirectoryService.debug.log. Beware, this file can be rather large if allowed to continue to collect data. Try to isolate an occurrence as much as possible to limit the amount of data coming in.
Another good method is to enable ssh on a problem workstation. Then from a control device SSH into the machine that is failing to permit login and start watching system log, top, and if needed the DS debug log. Use multiple ssh sessions to view everything you are trying to see.
Note on DS debug. Apple changed the way to do this after 10.6. For future versions you can use the odutil command to change logging levels.