Try going into Directory Utility and editing your AD configuration. Click the Show Advanced Option arrow and on the User Experience tab, uncheck the "Use UNC path from ...." Save the config, reboot the machine, and try loging in again with an account that you have not tried on the machine before. If this is successful, try the original account.
Are you getting any error at the login window that can be of assistance? If not, have you tried enabling SSH on the suspect machine? Then ssh into this machine from another systems and monitor the actions of the login. Recall that OpenDirectory can provide a debug log if enabled (sudo odutil set log debug). Then tail the debug log file from the monitoring machine and watch what happens during an attempted login.
Are you on a .local domain? By any chance does the user already exist on the machine in short name form? Can you confirm domain access via id or dscl?
Thanks for your reply. No error message at login just get the shaky screen. We are not using a .local domain and can confirm domain access via the GUI and dsconfigad. I checked the console and the message I see for that log is
SecurityAgent: Unknown user "user" login attempt PASSED for auditing
SecurityAgent: User info context values set for user
User does not exist at all on machine but when attempting to is the user on the domain it says no such user. This happens on any 10.8 machine, clean install just bound to the domain using the gui. No problem with any 10.7 machines in my organization. Thanks in advance for any assistance
Ok. That is a start. If the unit is claiming to be bound but you are unable to ID users, then you may have failed the device trust. Try this.
1: Unbind the Mac, if possible, from Directory Utility.
2: Connect to the DC and make sure the computer record has been removed from the domain. Manually delete it if it lingers.
3: Force a replication to ensure the record is purges across all DCs (if you have more than one).
Ok, with the environment cleaned up, confirm that all the SRV records are in place on the DC. This can be done with (let's assume your domain is krdell.com) the following lookups. Use terminal and enter the commands below (replacing with your valid domain).
host -t SRV _ldap._tcp.krdell.com
host -t SRV _kerberos._tcp.krdell.com
host -t SRV _kerberos._udp.krdell.com
host -t SRV _kpasswd._tcp.krdell.com
host -t SRV _kpasswd._udp.krdell.com
host -t SRV _gc._tcp.krdell.com
Next, make sure that you have your Mac's time synchronized to the DC or a mutually accepted time server. Go into System Preferences > Date & Time and set the time server address to the proper value. Once done, stop and start time services but unchecking and checking the box. What about 30 seconds to a minute and then run this command in Terminal to confirm you are syncing your time:
With DNS and time correct, then try and bind again. After binding, run the id command against a domain user again and let's see if you get a result.
try binding the device to the domain again.