Several AFP automounts

Similar Messages

• AFP automount sharing broken in Lion Server?

  Network rundown:
  Mac Mini running Server
  two MBPs (one upgraded to Lion, the other still running Snow Leopard)
  The Mini is the OD Master for the three Macs and runs a number of services (Mail, Web, Wiki, VPN, etc.). The important service for this thread is that it serves out three shares via AFP, configured to be automounted on the two laptops. Normally all three shares are set up (via Workgroup Manager / Directory Utility) to use the Kerberos v2 UAM; however, for testing purposes I've temporarily adjusted the UAMs as follows:
  /Groups -> afp://myserver/Groups
  /Volumes/Attic -> afp://;AUTH=No%20User%20Authent@myserver/Attic
  /Volumes/Multimedia -> afp://;AUTH=Client%20Krb%20v2@myserver/Multimedia
  When the Mini is running Snow Leopard Server (10.6.8), the automounting behavior works as expected when connecting from a laptop without a valid Kerberos ticket:
  lionmbp:~>klist -f
  klist: krb5_cc_get_principal: No credentials cache file found
  lionmbp:~>ls /Groups
  ls: Groups: Invalid argument
  lionmbp:~>ls /Volumes/Attic
  [snip - file listing]
  lionmbp:~>df -h /Volumes/Attic
  Filesystem                                Size   Used  Avail Capacity  Mounted on
  afp_000000004oMw0oYHtK4AvcMP-1.2d00010a  466Gi  277Gi  189Gi    60%    /Volumes/Attic
  lionmbp:~>ls /Volumes/Multimedia
  ls: Multimedia: Invalid argument
  and then with a valid Kerberos ticket:
  lionmbp:~>sudo umount /Volumes/Attic
  Password:
  lionmbp:~>df -h /Volumes/Attic
  Filesystem    Size   Used  Avail Capacity  Mounted on
  map -static    0Bi    0Bi    0Bi   100%    /Volumes/Attic
  lionmbp:~>klist -f
  [snip]
  Sep 19 23:27:17  Sep 21 23:27:17  FPRIA  krbtgt/DOMAIN@DOMAIN
  lionmbp:~>ls /Groups
  [snip - file listing]
  lionmbp:~>ls /Volumes/Attic
  [snip - file listing]
  lionmbp:~>ls /Volumes/Multimedia/
  [snip - file listing]
  However, after upgrading the Mini to Lion Server (10.7.1), attempting to automount the same shares does not work at all, regardless of whether a valid Kerberos ticket exists or not
  lionmbp:~>klist -f
  klist: krb5_cc_get_principal: No credentials cache file found
  lionmbp:~>ls /Groups
  ls: Groups: Authentication error
  lionmbp:~>ls /Volumes/Attic
  ls: Attic: Input/output error
  lionmbp:~>ls /Volumes/Multimedia/
  ls: : Invalid argument
  lionmbp: /usr/bin/kinit
  [snip - provide password]
  lionmbp:~>klist -f
  [snip]
  Sep 19 23:15:09  Sep 21 23:15:09  FPRIA  krbtgt/DOMAIN@DOMAIN
  lionmbp:~>date
  Mon Sep 19 23:17:03 CDT 2011
  lionmbp:~>ls /Groups
  ls: Groups: Authentication error
  lionmbp:~>ls /Volumes/Attic
  ls: Attic: Input/output error
  lionmbp:~>ls /Volumes/Multimedia/
  ls: : Invalid argument
  Anyone else encountering the same issues with AFP on Lion Server? Is AFP simply broken, or is there some poorly documented configuration/troubleshooting procedure that can resolve this issue?
  Notes:
  I only tried the automounting from the Lion MBP, I would expect that a Lion <-> Lion AFP connection would have fewer issues than Snow Leopard <-> Lion
  The issue originally presented itself several weeks ago when I atttempted to upgrade the server; this AFP problem was a showstopper so I restored SL from a backup. I have since been testing by cloning the server drive to a USB drive, booting from it, and running the upgrade there.
  In performing the Lion Server upgrade, I follow all the defaults. The server is booted off the USB drive to ensure it is in a working state before starting the upgrade. The only post-upgrade changes are to run Software Update (mainly to capture the recent security update) and then to follow the single signon instructions posted here

  Some more testing hints in the direction of the problem:
  aragorn:~>kinit -l 48h -r 48h -p -f [email protected]
  [email protected]'s Password:
  aragorn:~>klist -fCredentials cache: API:1501:10
          Principal: [email protected]
    Issued           Expires        Flags    Principal
  Oct  1 17:05:53  Oct  3 17:05:50  FPRIA  krbtgt/[email protected]
  aragorn:~>ls /Volumes/Multimedia
  ls: Multimedia: Invalid argument
  aragorn:~>mkdir /tmp/test; chmod 777 /tmp/test
  aragorn:~>sudo mount_afp "afp://;AUTH=Client Krb [email protected]/Multimedia" /tmp/test
  mount_afp: AFPMountURL returned error -50, errno is -50
  Looking in MacErrors.h reveals
  paramErr                      = -50,  /*error in user parameter list*/
  That both ways of mounting AFP seem to be complaining of argument/parameter errors indicates something isn't being passed across the network correctly or is not being parsed properly on one end or the other. At the moment my dtrace-fu isn't strong enough to delve into this more deeply.
  With 10.7.2 due out soon, I think I'll wait to see if Apple engineering caught this already. If not, I'll raise a bug ticket.

• AFP automounts and Authentication error

  Hi all,
  Slight issue that i cannot for the life of me work out!
  I have set up my OD to work fine. I have shared a folder in Shared Items called Homes
  When i enable automount for directory /LDAPv3/127.0.0.1, over AFP for User Homes folders and group folders, it then prompts for authentication to the LDAP however when i put in diradmin or server admin username and password it says incorrect user name or password
  any ideas, i have even created a new super admin in WGM but to no avail
  Rgds,
  timaceuk

  Have you had any luck with this? I am having the same issue. Wondering if I need to enable root access or make sure administrators are allowed access to Open Directory in Services.
  I got this working sometime ago, but I am now having the same problem.

• InDesign CS4 (ver.6) can not package all images from afp mounted server

  I'm experiencing an issue on multiple Intel Mac's running OS 10.6.8 when packaging files some of the server based art does not collect.
  In some folers some of the art collects and in the same folder some other files don't.
  The missing files are generally .jpg or .eps and it's a combination of these files that are not being collected.
  Images are sometimes shared between users but the missing images do not appear to be open elsewhere.
  The docuemtns are stored across several AFP mounted server hosted on a Windows 2004 Server running ExtremeZIP to allow AFP cpnnection.
  Moving the files to different volumes on the server does not appear to resolve this issue.
  Any thoughts or questions? Apologies if this isn't clear.

  I just had this happen again with a new InDeslgin CS4 file, I took the missing images and relinked them to a new folder I just created on my desktop and it still does nt collect these files. So not only the server, but now my desktop, and it's not just my computer, I can reproduce on other macs in 10.6.8
  I convertd the files from .EPS (from Photoshop: they're flattned) to .PDF (from Apple Preview) and relinked them, and I was not able to package either.
  I did find the solution:
  I checked off "Include Fonts and Links Hidden and Non-Printing Content"
  even though these items were on visible layers and not on the pasteboard they were excluded before I checked it off.
  Thanks for your help!

• AFP Slow authentication

  In a high school enviroment...
  The server...
  Xserve Dual 2.3 / 2GB Ram / 3 - 250GB HD / Link Aggragate 2GB uplink
  Providing AFP/DHCP/LDAP/WINDOWS on 10.4.8 Server
  The clients...
  Mixture of 125 managed Intel / G4 iMac units on 10.4.8 connected to 100MB managed switch untis. Additonal 125 Windows XP clients with roaming profiles.
  The issue...
  When all my clients are authenticating and attempting to open applications at about the same time, the managed AFP clients drop speed dramtically. A normal 20 second login goes to two minutes and application launch speed drops to an additional four minutes. I have only two AFP automounts per user and some managed client settings coming from the server. The Home folder location is one of the automounts and sits by itself on one of the 250GB drives. My switch units show very little utilization or network traffic. I was wondering is my bottleneck is max TCP connections? or Poor performance on my SATA drive?
  The school is very frustrated as it takes over 10 minutes to get a class logged in and functional in any MAC lab or PC lab during this time. Any ideas appreciated!
  PowerBook 1.67ghz   Mac OS X (10.4.8)  

  Thanks for some ideas...
  I have tried Network Home Relocator but it completely slowed down my login times from 4 mins to 15 mins! I had no success in my attempts to make it work and speed up the login or the application launch.
  The windows PC's login a little faster but they are not pulling as much data off the server so I expected that to be the case. If a MAC unit takes 4 mins to login the PC takes 2. Normally the login speed for MAC is 15 seconds and the PC about one minute even though the MAC is pulling more data from the server, but that is why I suspect this to be an AFP issue.
  My thoughts were to goto some type of RAID setup but alas I have no money for testing gear and as this is a production server I can't just take it down, backup data, reconfigure to RAID and re-load. I have an engineer sending me some test equipment in the next few weeks and I will try to move my HOMES to RAID array.
  The network switch units are all CISCO 3750 units.
  The funny part is, in Period two classes everything is slowwww... But anyother time of the day, same load on the server and network, everything is OK. I can find nothing that would clog the network or slow the server down. Very frustrating...

• 10.8 Server - AFP Guest access not working

  Hi Folks
  I have a brand new Mac Mini server running the latest 10.8.4 and Server.app from the app store (10.8 / v2 / whatever it's called these days).  I have everything up and running perfectly except that no matter what I do when users connect via AFP there is no option for them to connect as guest.  It literally just does not even show up in the login dialog.
  I have several AFP share points setup to allow guest access, I have enabled the option in System Prefs->Users and Groups->Guest User->Allow guests to connect to shared folders.  I have even also enabled it via command line tool; serveradmin settings afp:guestAccess = yes
  But no matter what I do any machines connecting (either via browsing to the server via finder and connecting or directly from "Connect to server" using the afp:// URI approach) the login dialog doesn't give us the option to select to connect as guest -- it's just not there at all in the dialog box.
  This is fairly urgent, a few more days and this server needs to go into production at our school here and this is essential for the way we need to do things.  A little more background information:  we are bound to both a local OD setup and a campus wide AD setup (not sure if any of this matters or not).
  Help and thanks!

  And I guess toggling File Sharing on and off about a dozen times it seems to have finally picked up and is allowing guest access to work :/  Answer my own question!

• ServerAdmin fails to load file lists for shares when bound to OD

  Hello,
  We're experiencing an issue on a couple of our Mac servers recently with Server Admin.  We're an all Open Directory environment with DNS running on BIND on a Linux.
  When using Server Admin (even locally on the server), browsing file shares in AFP, SMB, or NFS fails to load lists and permissions.  Sometimes it does, after a long wait and a spinning gear.  I've narrowed it down to only occuring when connected to our Open Directory master, either as a replica or simply authenticating against it.  As soon as I disconnect from OD, things are as fast as expected.
  This isn't limited to share points - even browsing the local volumes in Server Admin is extremely slow to load, if it even loads at all.
  This issue doesn't occur on the server running the OD master, however (browsing its own file shares).
  Using the command line (sharing -l) is instant on those servers, too.
  DNS seems to be fine on each server - A records point to the correct addresses and PTRs point back.  A "changeip --checkhostname" returns successful.
  In addition, I have the following DNS records:
  _kerberos-adm._tcp  SRV 0 0 749 odmaster.example.tld.
  $ORIGIN _udp.odmaster.example.tld.
  _kerberos       SRV 10 0 88 odmaster.example.tld.
  _kerberos-master    SRV 0 0 88 odmaster.example.tld.
  _kpasswd        SRV 0 0 464 odmaster.example.tld
  Additionally, both servers with the issues have been completely reinstalled from scratch without importing any preferences or settings.  Initially, I thought it might be 10.6.7+, so I only applied the 10.6.6 combo update, but the issue persists.
  Any insight here?
  Thanks
  Edit:  When it occurs, I have a bunch of the following in my system.log:
  8/10/11 2:48:51 PM          Server Admin[376]          gotServerError:kNetworkError forTransaction:<XSAdminTransaction: 0x118a2d8e0>

  Fixed!
  I was watching my DNS logs for one of the hosts in question and noticed it was looking up another server that's been offline for a few months.
  I looked on the OD master for what it had for automounts and noticed it had several "stale" automounts for a few servers that are offline.
  dscl -u diradmin -p /LDAPv3/127.0.0.1 -list /Mounts
  I deleted those (e.x. dscl -u diradmin -p LDAPv3/127.0.0.1 -delete /Mounts/server1.tld:\\/sharename)
  Now things are snappy again.  Hope this helps someone else that may encounter such an issue.

• Remove some mounted device from Desktop

  Hi People,
  i have several AFP/CIFS share on my home network.
  And i'd like that some one do not appear on desktop when mounted, while others should.
  (For example, i'd like to see "music" share, but not "backup" one, and so on).
  Is it possible to do this ?
  thanks in advice,
  Eugenio

  I don't know any way to do that except by using afp automount as described here
  http://rajeev.name/blog/2007/11/23/autofs-goodness-in-apples-leopard-105-part-ii /
  any share automounted this way won't show up on the desktop but will show up in the sidebar. however, when I try to do it, I have to drill a long way to get from the sidebar to the share so I don't know if you'll find that more convenient. I wouldn't.

• Tiger PPC clients with Snow Leopard Server

  I installed Snow Leopard Server (10.6.4) on an XServe.
  DNS - AFS - DHCP are set up correctly and have been checked several times.
  Clients have an AFP automount for network home directory. This share point is set up correctly as well and has been checked by Server's gurus.
  Everything is fine for Leopard clients but when it comes to connect to the Server with Tiger clients (PPC 10.4.11) something strange happens :
  - the first connection is correct and the home directory mounts normally
  - when the user disconnects and tries to connect a second time the folder home directory is not mounted and therefore the user can't have access to his/her home
  - although it's possible to mount the folder home directory using the "Connect to server…" command and then choose the user's home directory folder this isn't very handy with young students
  I have done extensive researches on Apple's documentation and on the forums but nobody seems to mention such a problem.
  Any idea what's wrong ? Already encountered the same issue ?
  Any help would be appreciate

  We have reported an automount bug which "may" be related to your problem to Apple. Our symptoms occurred in Leopard 10.5.8 and also in Snow Leopard 10.6.2 and resulted in user's seeing a message "You are unable to log in to the user account <account> at this time." This was due to an apparent problem in Mac OS X when reusing a share via automount.
  In our case we found that the period of time during which login is denied can be reduced by editing the file /etc/autofs.conf on the Mac and reducing the value of AUTOMOUNT_TIMEOUT.
  Hope this helps.

• Anyone know how InDesign (or other CS4 software can interact with a Mainframe computer?

  We print a lot of form letters, tax forms etc off of our main frame. Sometimes in large quantities.
  Currently we are using a prgram called Elixir Design Pro tools to get the jobs done via the maineframe.
  Is there any way that we can somehow incorporate InDesign to get forms printed without having to hassle around with this program? (Think giant mial merge off data stings on a main frame.
  In the book, the background information on the program states:
  The print process begins with the submission of a JCL (Job Control Language) statement. This JCL statement includes the instructions to start the job, along with the primary resources the job needs. These resources might typically include the data source, the PageDef and the Form Def.
  These pieces are used by the PSF (Print Service FAcility,) a printer driver that resides in the host. PSF finds and retrieves all necesary resources, then has a two-way conversation with the printer using IPDS (Omtellegent Print Data Stream). IPDS is the language used for PSF and the printer to communicate with each other.
  In addition to the Elixer fomrats, Visual PPFA allows the use of various overlay, fonts and images formats for your document desing.
  Extensions on these include:
  DOCUMENTS:obj; .src; .pfa; .dbf; efd; epd;
  OVERLAYS: ove; ovt; 01; ogl; efr; elx;
  FONTS: Several AFP and Adobe Type Manager Fonts, True type fonts
  IMAGES; AFP; bitmap; Elixer Legacy(.LP3; JPEG; JPG; PC Paintbrush . pcx; Portab;e netwrok .png; and tif
  Anyone know more about this that I am ever goign to?  We print large volume and are tyring (I beleive ) to get this to somehow print on something similar to a Docutech (maybe???) Thank you. I will realy any info (i'm sure there will be questions asked of me) to our head IT guru.

  Where does the need for your mainframe come in to play then? If your goal is the use InDesign and not use the Elixir solution that you've already got and you want variable data printing you're going to look into something such as an XMPie or similar sort of VDP package. As is with your solution (of if you are using the lighter version of Elixir) you can put InDesign in and assign whatever dynamic goodness you want and spit out what you need.
  If you've already got an expensive and supported solution that works on your mainframe and in your system I just don't see the sense in finding another expensive solution. You could maybe get it done with InDesign server or via a VDP solution, but why? What do you gain with it? Elegance maybe?
  It sounds like something that is $10,000–50,000 deep as is with the combination of hardware and software that you have. Why would you want to dump another $20,000 minimum to get another solution that doesn't bring anything to the table?
  InDesign server is for lightweight servers, not the big iron and will only run on Windows or Mac OS X, not on AIX or any of the big blade solutions as far as I know.

• Snow leopard server

  After a brief DNS change my Server Preferences Settings (only Users ad Groups) has disapeared - the server however, is running fine. The User Passwords are still functioning fine as well - I just can not see the Users and Groups anymore displayed within Server Preferences Panel nor can I add a new User in Server Preferences. Once I click on User or Groups only a spinning wheel is shown.
  Anybody can give me some advise to remedy this situation ?

  Maybe this will help, just got the idea to copy the Server Log yesterday. The follwing list is generated after opening Server Preferences:
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Users)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Shared Items/AFP automount)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Groups)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Library/NetBoot/NetBootClients0)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Library/NetBoot/NetBootSP0)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Shared Items/NFS automount)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Shared Items/Public)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Library/PodcastProducer/Shared)
  Feb  9 18:58:56 server Server Preferences[3305]: XSActionManager: Removing queued action (Reading permissions) due to coalescing (readSettings_path_/Shared Items/SMB Share)
  Feb  9 18:58:56 server Server Preferences[3305]: The shared folder 'Users' has custom file system ACLs which cannot be displayed. Editing the permissions may replace any custom ACLs.
  Feb  9 18:58:56 server Server Preferences[3305]: The shared folder 'AFP automount' has custom file system ACLs which cannot be displayed. Editing the permissions may replace any custom ACLs.
  Feb  9 18:58:56 server Server Preferences[3305]: The shared folder 'Groups' has custom file system ACLs which cannot be displayed. Editing the permissions may replace any custom ACLs.
  Feb  9 18:58:56 server Server Preferences[3305]: The shared folder 'NFS automount' has custom file system ACLs which cannot be displayed. Editing the permissions may replace any custom ACLs.
  Feb  9 18:58:56 server Server Preferences[3305]: The shared folder 'Public' has custom file system ACLs which cannot be displayed. Editing the permissions may replace any custom ACLs.
  Feb  9 18:58:56 server Server Preferences[3305]: The shared folder 'Shared' has custom file system ACLs which cannot be displayed. Editing the permissions may replace any custom ACLs.
  Feb  9 18:58:56 server Server Preferences[3305]: The shared folder 'SMB Share' has custom file system ACLs which cannot be displayed. Editing the permissions may replace any custom ACLs.

• How do you install a Mavericks domain on two separate disks ?

  Hello troubleshooters and setup saviours,
  We are a school with 200+ users on an OD managed on a Mac Pro server.
  We decided to migrate to Mavericks, in order to fix several AFP binding bugs, from a 10.8 with server Apps.
  We decided to give our server a SSD boost, and successfully installed the OS on this disk, with the server Apps and domain users.
  So now, our system is on the SSD drive, and we want the network homes on a separate Hard Drive.
  The problem occured when we tried to create the old users folders on our server, using the server manager and workgroup manager gave the same result.
  Upon creation of the homes, a big amount of phantom data appeared on our system's disk.
  We had 100 GB of unspecified, unlabeled, unverifiable data created on this disk, and since it's a 128 GB disk, the system hang and the server crashed.
  We tried to find it with "du", and even the monitoring tools in Mavericks, but nothing helped, and this data seems to be nowhere.
  Did anybody manage to install an OD domain on two disks ?
  Thank you for your time and support,
  L. Renard

  Swap is managed automatically and is stored on the boot volume in /private/var/vm
  /private/var would not normally show up in /Volumes
  /Volumes is normally used to hold entries for either additional or external disks, or network volumes. The boot volume is however also listed so the following
  /Volumes/Macintosh HD/private/var
  would normally represent /private/var on the boot volume.
  What in /private/var is the area using up all the space? You can use the following command in terminal to list a break down
  du -h /path/to/folder
  you might want it to only list one level down which you can do as follows
  du -h -d1 /path/to/folder
  e.g. du -h -d1 /Volumes/"volume"/private/var

• Trying to Get Netwrok Users Working in a Prelude to Portable Home User

  Hi,
  Currently the standalone server has 5 local client side users. I have created another user in WGM who has a network home folder. I can't log into him. The only other network user I have is the serveradmin, setup at the start of the process, which I can log onto with now problem.
  The network user home folder is on a AFP automount share with guest access. I went to "home" on WGM and selected the AFP path (which is less than 83 characters) and successfully created the home folder. (I don't know if it is relevent but two other attemts at making home directories are still selectable in the home list, even though they no loger exist. In fact they still come up in the finder if I goto network/servers/myserver.company.co.uk/Volumes/).
  My login screen is meant to show network users (having set the preference in WGM for my Mac), but only shows my local account, gueest and other. When I try to log on with the network user, it just shakes.
  I did create a local account for this user, bound the account to the network account. The home folder automount didn't mount. When I manually mounted it the user's directory was there but with no access to the folders. I then noticed that if I logged into one local account the second local account I logged into would not show he server as a shared computer via AFP in the Finder (SMB showed up fine).
  I suspect that I've set something up odd, but I am suspicious of the AFP automount. Any ideas?
  Thanks,
  Francis.

  Thank you David & Jeff for responding.
  To David - I had setup my new user as described by the documents and by you (i.e. Created user, made a "User" sharepoint with automount set as AFP "User Home Folders", used WGM to select this share for said user and created folder). The users homefolder can be seen under the share "Users". If I create a locally managed user on a client Mac and link it with this user, I can navigate to the folder under the "My Server" directory. What I wanted to do, and believe can do, is have this user as a network account, not a local one, with its home folder mapped automounting (which I thought meant that I could go to the relevant folders by using the standard icon's on the Finder - am I wrong? will I always need to go My Server>Users>username?).
  To Jeff - this is the output:
  Primary address = 192.168.0.2
  Current HostName = myserver.mycompany.co.uk
  DNS HostName = myserver.mycompany.co.uk
  The names match. There is nothing to change.
  I have set WGM for this computer to show network accounts on the login screen. It doesn't show the user I'm trying to setup.
  Many thanks in advance for your thoughts.

• SMB Sharepoints and Spotlight

  Hello,
  we run an XServe G5 with OS 10.5.8.
  We have several AFP-Sharepoints and also several SMB-Sharepoints.
  Everything is accessible.
  Spotlight is enabled on all these Sharepoints.
  When I perform a search Spotlight only shows results on the AFP-Sharepoints!!!???
  What is wrong with Spotlight?
  Thanks for your help.

  I assume you are attempting to connect to the sharepoints via AFP?
  In Server Admin -> AFP -> Settings -> Access, is Enable Guest Access checked?
  Also for each sharepoint, under the Protocol Options, you'll need to allow Guest access on the AFP tab.

• Ssh access very slow to some accounts

  I have OS X Server 10.6.2 up and running. If I ssh from a client machine to the server as the admin user, I get a password prompt, and on entering the password I immediately get to a shell prompt. If I do the same but specify another user, I get a password prompt and then there is a long wait of about a minute after entering the password before I get a shell prompt.
  I believe I have DNS set up correctly. Both forward and reverse DNS is working for both addresses on my local network and for external addresses. Running the "sudo changeip -checkhostname" command shows no problems.
  On examining the logs I see a few worrying looking entries such as:
  Dec 14 11:10:39 mms edu.mit.Kerberos.CCacheServer[1478]: launchctl start error: No such process
  But I still see that the user that saw the long delay before logging in successfully has valid Kerberos tickets, as per the output of the "klist" command:
  mms:~ sh$ klist
  Kerberos 5 ticket cache: 'API:Initial default ccache'
  Default principal: [email protected]
  Valid Starting Expires Service Principal
  12/14/09 11:31:04 12/14/09 21:31:04 krbtgt/[email protected]
  renew until 12/15/09 11:30:33
  12/14/09 11:31:34 12/14/09 21:31:04 host/[email protected]
  renew until 12/15/09 11:30:33
  Which would imply that Kerberos is doing its job correctly?
  Any suggestions about what might be causing the delays I'm seeing and what I might do to correct the problem?

  I'm still struggling with this and drawing a blank searching for similar reports. Does anyone else see this problem? I'm beginning to suspect it might be something unique to my setup.
  To add a further piece of information, the home directory of the account which is slow to connect to is an afp mount and the first thing I see in the system log after the long delay is a line like the following:
  Feb 9 11:21:36 mms sshd[50749]: afp home directory mount succeeded
  A pwd run from this account shows:
  /Network/Servers/mms.marske.local/Users/sh
  and the mount command shows the following info:
  map -fstab on /Network/Servers (autofs, automounted, nobrowse)
  I was thinking that maybe it was the afp automount that was taking so long except for two things.
  1) The disk is local to the server, and
  2) If I logout of this account an issue the command "ls /Network/Servers/mms.marske.local/Users/sh" from another account, the directory listing returns immediately.
  Any thoughts?