I've been troubleshooting this problem for two years and it keeps coming back. Our Mac users authenticate to our Active Directory server which is running Windows Server 2008 Standard. One of the Mac users in particular has had a recurring problem where she can't log on and causes her AD account to lock before the maximum log-in attempts has been reached. The problem started again two weeks ago and I reconfigured her networking and Active Directory settings. I thought I had the problem fixed but last week I was in the office early and decided to install Mac updates which required a reboot. When the user tried logging in twenty minutes later, her account was locked. Her security log shows this message, "authorizationhost[96] Failed to authenticate user (tDirStatus: -14090)."
This happened again this morning even though I didn't do anything to her computer and she tried logging in 1.5 hours after the computer turned on.
This also happened after I have successfully logged with her ID and password only to have the account lock after I've logged out.
The only thing I can think of that it's trying to connect to is LDAP on our AD PDC, but I've never entered any credentials and no one else has this problem.
All Macs have Snow Leopard 10.6.7 and they all have the same network and AD settings, but this particular Mac continues to have a problem.
Best Answer
So, if I read this correctly, you've never witnessed this yourself and it continues to happen. Sometimes, immediately after you leave? Is it possible that the user is problematic and can never remember her password? Have you looked in the console to see exactly how many failed logins there are?
AD won't lock an account unless it has failed x number of times over x minutes (set by your password policy). If there is no automated/saved process on the Mac causing this, then all that's left is the user.