On our campus, we have about 60 Macs joined to our Active Directory domain. Most users have no problems logging into Macs, as long as their accounts are configured correctly.

However, we have one particular user who is unable to log in to just some of the Macs. He has no problem with most of them, but there is one group of them (all built from the same image) that he can't log in to. The machine in question is running OS X 10.6.2. The relevant entries from secure.log are below, with the hostname and username redacted.

Aug 16 10:32:43 hostname SecurityAgent[4411]: Could not get the user record for username from DirectoryServices.
Aug 16 10:32:43 hostname SecurityAgent[4411]: Will sleep 1 seconds and try again (retryCount = 4)
Aug 16 10:32:44 hostname SecurityAgent[4411]: Could not get the user record for username from DirectoryServices.
Aug 16 10:32:44 hostname SecurityAgent[4411]: Will sleep 2 seconds and try again (retryCount = 3)
Aug 16 10:32:46 hostname SecurityAgent[4411]: Could not get the user record for username from DirectoryServices.
Aug 16 10:32:46 hostname SecurityAgent[4411]: Will sleep 4 seconds and try again (retryCount = 2)
Aug 16 10:33:10 hostname SecurityAgent[4411]: Could not get the user record for username from DirectoryServices.
Aug 16 10:33:10 hostname SecurityAgent[4411]: Will sleep 8 seconds and try again (retryCount = 1)
Aug 16 10:33:18 hostname SecurityAgent[4411]: User info context values set for username
Aug 16 10:33:18 hostname SecurityAgent[4411]: unknown-user (username) login attempt PASSED for auditing

Everything I've found online suggests that our use of Mobile Accounts is causing the issue. I turned that feature off, but I still can't log in as that user.

id returns a record for his account, and nothing looks out of the ordinary.

Has anyone here run into this before?