When diagnosing login problems it can be very helpful to generate a packet capture during log-in. Unfortunately tools like Wireshark or PacketPeeper do not run at start-up.
Following are the commands to enable DS debugging and a packet capture during log-in. You will need another computer connected via SSH to the one on which you want the packets captured.
1. Run the following command to set the debug level to seven (all one line):
sudo defaults write /Library/Preferences/DirectoryService/DirectoryServiceDebug "Debug Logging Priority Level" -integer 7
NOTE: Only run this command if you are running 10.5 or later
2. Enable Directory Service Debugging by running the following command:
sudo /usr/bin/killall -USR1 DirectoryService
3. SSH to the client and start a packet capture:
sudo /usr/sbin/tcpdump -vvv -n -s 0 -w /Library/Logs/`date +%Y%m%d-%H%M%S`.pcap
4. Reproduce the issue by attempting to login.
5. Stop the packet capture using Control+C.
6. Disable Directory Service Debugging by running the following command again:
sudo /usr/bin/killall -USR1 DirectoryService
The capture will be in the /Library/Logs with a ".pcap" extension.
