Network accounts can't login to Server.
It was working at the beginning of the year. Now it isn't working. I tried updating to 10.9.1 and 10.9 Server, but that did not fix it.
When I attempt to log in a teacher account, it just does the truffle shuffle and doesn't log in. Console on the server reads:
2/5/14 12:18:12.274 PM kdc[51]: AS-REQ teacher@SERVER.EGAN from 10.4.180.245:58581 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:18:12.278 PM kdc[51]: AS-REQ teacher@SERVER.EGAN from 10.4.180.245:58581 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:18:12.279 PM kdc[51]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
2/5/14 12:18:12.317 PM kdc[51]: AS-REQ teacher@SERVER.EGAN from 10.4.180.245:51043 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:18:12.321 PM kdc[51]: AS-REQ teacher@SERVER.EGAN from 10.4.180.245:51043 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:18:12.322 PM kdc[51]: Client sent patypes: ENC-TS
2/5/14 12:18:12.322 PM kdc[51]: ENC-TS pre-authentication succeeded -- teacher@SERVER.EGAN
2/5/14 12:18:12.322 PM kdc[51]: Client (teacher@SERVER.EGAN) has invalid bit set
When I attempt to log in a studen account, it actually gives a not helpful error dialog:
You are unable to log in the user account "%account" at this time
Logging in to the account failed because an error occurred.
The server console reads:
2/5/14 12:08:46.226 PM kdc[51]: AS-REQ student@SERVER.EGAN from 10.4.180.245:57832 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:46.247 PM kdc[51]: AS-REQ student@SERVER.EGAN from 10.4.180.245:57832 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:46.248 PM kdc[51]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
2/5/14 12:08:46.285 PM kdc[51]: AS-REQ student@SERVER.EGAN from 10.4.180.245:60009 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:46.289 PM kdc[51]: AS-REQ student@SERVER.EGAN from 10.4.180.245:60009 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:46.290 PM kdc[51]: Client sent patypes: ENC-TS
2/5/14 12:08:46.290 PM kdc[51]: ENC-TS pre-authentication succeeded -- student@SERVER.EGAN
2/5/14 12:08:46.290 PM kdc[51]: Client (student@SERVER.EGAN) has invalid bit set
2/5/14 12:08:47.059 PM kdc[51]: AS-REQ student@SERVER.EGAN from 127.0.0.1:55043 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:47.063 PM kdc[51]: AS-REQ student@SERVER.EGAN from 127.0.0.1:55043 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:47.064 PM kdc[51]: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
2/5/14 12:08:47.067 PM kdc[51]: AS-REQ student@SERVER.EGAN from 127.0.0.1:54644 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:47.071 PM kdc[51]: AS-REQ student@SERVER.EGAN from 127.0.0.1:54644 for krbtgt/SERVER.EGAN@SERVER.EGAN
2/5/14 12:08:47.072 PM kdc[51]: Client sent patypes: ENC-TS
2/5/14 12:08:47.072 PM kdc[51]: ENC-TS pre-authentication succeeded -- student@SERVER.EGAN
2/5/14 12:08:47.072 PM kdc[51]: Client (student@SERVER.EGAN) has invalid bit set
2/5/14 12:08:47.075 PM AppleFileServer[1092]: _Assert: /SourceCache/afpserver/afpserver-643/afpserver/FPSession.cpp, 700
2/5/14 12:08:47.075 PM AppleFileServer[1092]: Logged out 0x7fac5283d000
I could really use some help because this seems so completely random, and I need to get it working before the next semester. In the past I just threw up my hands and did a fresh install, but it's not an option right now since we're mid-semester.
Mac mini, OS X Server, 10.9.1 OS X Server