I have inherited an OES2 Linux SP1 AFP environment that is only working for certain users. The others receive errors stating that the username or password is incorrect.

The error in the afptcp.log states:

[debug] Ldap user name: cn=*****,ou=TEACHERS,ou=LMS,o=***
[error] Failed to map user FDN to GUID. MapDNToGuid error: -601
[error] Failed to get GUID for user *.ou=TEACHERS.ou=LMS.o=* with error 1
[debug] socket received 0 number of bytes
[debug] Session received a KILL REQUEST
[debug] Close was successful for socket <49> for session # 163
[status] AFP 0: AnnihilateSession (use count = 0)

To make matters worse, I am not sure which account is designated as the AFPProxyUser. A search for that in our tree did not find anything promising so it looks like we used an existing account.

How can I determine which account is the AFPProxyUser? I'd rather find out for certain rather than relying on potentially hazy recollection of the contractor that set it up.

The account that I suspect is the proxy appears to have permission to retrieve passwords from the UP policy of the users who can't login.

I've checked that the user's UP is set using the diagpwd.exe utility. I've also run CASAcli -l and verified a credential store.

Can anyone offer any additional info on that "Failed to map user FDN to GUID" error?