I'm attempting to use samba 3.01pre3 (on RedHat 9) and an AD domain
with kerberos. Samba machines are member servers only.
smbd/nmbd/winbindd all running and behaving as advertised.

I've made these changes to the smb.conf file;

workgroup = XXXXX
realm = xxxxx.REALM
security = ads
idmap uid = 10000-50000
idmap gid = 10000-50000

And these changes to the krb5.conf file;

[libdefaults]
deafult_realm = XXXXX.REALM

[realms]
XXXX.REALM {
admin_server = servername.xxxxx.realm:749
kdc = servername.xxxxx.realm:88
default_realm = xxxxx.realm
}

[domain_realm]
..XXXXX.REALM = xxxxx.realm
xxxxx.realm = XXXXX.REALM

The join command seemed work an told me I had been successful in
joining the domain/realm.

I assume that things now are at least partially working, as when I do
'kinit -V username@XXXXX.REALM', I am asked for my AD password. If I
type it, I am returned to the prompt, and kinit informs me that;

'Authenticated to Kerberos V5'.

If, however, I then do 'smbclient -k -L -U '
(and type my AD password), I am told;

'session setup failed: NT_STATUS_MORE_PROCESSING REQUIRED
Did you forget to run kinit?'

Obviously I didn't forget to run kinit, but klist tickets returns;

'No credentials cache found (ticket cache FILE:tickets)'

If I rerun smbclient without the '-k' (using W2K native mode), there
are no problems with listing or connecting.

Where have I gone wrong?

Thanks in advance

Bryan Tonnet