Network user login - can't create new user, probably related to home folder


I have a persistent problem with our Network Accounts at work. I took over here after the server was set up, so didn't build it from the ground up.

The problem I have is that when I add a new network user, I can add them to a group, 'set' their home folder, enable login, do everything you would expect. They appear in the list of network users absolutely fine.

However, every time they try to login, the box simply 'shakes' as though the password is incorrect. If I login to the server as them, that works fine, it's just on a network machine that it doesn't work.

Previous research into this has suggested that it may have been a problem with the home folder creation - however I've checked both the ACL and Posix permissions, and they appear the same as for other users.

Any advice on how to go about resolving this would be gratefully received - we have a new staff member who is limited on the work they can do while I resolve it! I'm not that clever on OSX (recent PC convert!) but learn quickly...
So, some more web digging has led me to do a number of things.

I've tried adding a new user (Test User 1) using, and also tried adding a new user (Test User 2) using the Workgroup Manager. Again, both show up in the Network Users list on the client machines, but I can log in to neither.

I don't know if this is a Kerberos issue, and LDAP issue, an Active Directory issue, or quite what, and I'm also not really sure how to investigate the logs etc to find out.

I've also tried unbinding a client machine from the server, and then rebinding in Login Options, but still no joy.
I'm no further along, but have discovered something else.

If I try and access the file sharing service on the server, using 'connect as', then the new users created don't work - i.e. I can't authenticate as them. This suggests to me a Kerberos issue?