We support quite a few macOS systems that are bound to an AD (Active Directory) domain. Occasionally, one, two, or perhaps several would lose the ability to authenticate users with AD credentials. Often this was with one of the FileMaker Servers, where external authentication was being used for either user access or FMS Admin Console access. I’ve explored ways to fix this, without restarting or disrupting other services.
Recently I noticed a trend, and that was that the issue would often occur after one of our AD servers was restarted. Presumably, the macOS systems having the issue were paired to the server that was restarted (bound systems can typically use any AD server in their domain). For whatever reason, the client systems were not communicating correctly with the AD server, even after it had completed its reboot.
In the past, I had used the not-so-subtle approach of restarting the macOS systems having this problem. But that is fairly disruptive, and I’ve found that running the following could restore the access without disrupting any other services:
sudo killall opendirectoryd
I’d love to have a better idea why this is occurring, but my searches so far haven’t found anyone discussing a similar issue. So, the next time this happens I’ll hopefully have some time to go spelunking in the logs to see if there are any hints to the cause there.
—Simon