Open Directory accounts are unable to log in to OS X 10.6 client machines, but are able to log in to OS X 10.5 clients. The login window accepts the username and password and expands, briefly showing the username and icon, but then fails to complete the login and shakes.
In my case, Snow Leopard choked because my users' "Home"s in Workgroup manager were set to
Set the user's Home in WGM (or
NFSHomeDirectoryin the inspector view) to
shortnameis the user's shortname (given in the Basic panel in WGM).
When logging in to a network account, OS X 10.6 clients are prompted for credentials when connecting to a share point on the Open Directory Master. This defeats the point of single sign-on, since the credentials are the same. (OS X 10.5 clients connect to the server successfully without prompting for a username and password.)
OS X 10.6 clients do not create a Kerberos ticket for network accounts until the user's second login on the client machine. (OS X 10.5 clients create a Kerberos TGT immediately on first login)
/etc/authorizationfile as described in this article from Apple's KBase:
Locate this key:
Add this string at the end of that block:
This solution says it is for Active Directory users, but it successfully solved the identical issue for Open Directory accounts.