Anyone have experience binding a 10.5+ workstation to a 2008 active directory structure. We tested this functionality in our test domain prior to upgrading and saw no issues. Now that we've upgraded the production environment, we're getting invalid username/password errors. We are pre-creating machine accounts (as we always do) and I've tried binding with OU admin level and enterprise admin level privileges. Same error comes back from both. Communication to the domain seems to be working, as it finds a DC properly (DNS forward and reverse are fine) and it also finds my pre-created computer object and asks to bind to it. I've also tried deleting the directory service info and tried to bind from scratch with no luck. I've been beating my head over this for a while and could use some help.
UPDATE 3: Traced back to possibly an issue with the krbtgt user. As binding fails when executing a changepw command on the computer object. Microsoft and Apple are currently working together on this, and I will update with a solution when one is reached.
UPDATE 4: Hotfix to correct this issue is in the answer below.
Best Answer
Install this hotfix if you are suffering from this issue. It results from having previously performed an authoritative restore in your domain. This fixed our problem.
http://support.microsoft.com/kb/968140/