10.4.8 Server, AD, wrong or non existing Kerberos principals

Hi, I have an Xserve G5 OD Master with an Xserve RAID that serves home directories to our Mac users. Also I have an AD domain running DHCP, DNS and Kerberos for both Macs and PCs. Every Mac is correctly bound to the AD and SSO works from the clients to the Windows W2K3 Servers via SMB and to the Xserve via AFP, but incoming SMB for the Xserve does not work at all... The Xserve is an AD member server using Kerberos for login. All of this has been trivial until this autumn. Prior to that, everything worked like a charm on 10.3.9. I have no log files to back this up, but I'm pretty sure the Kerberos principals for the Xserve are screwed on the W2K3 Server, since the afpserver/xserve.domain.com@DOMAIN.COM is working correctly whereas SMB connections receive a ticket named like this: xserve$@DOMAIN.COM which looks very much like a ticket for a machine account and not as much like a service principal ticket (unlike AFP). Now, has anyone had this kind of behavior with a similar setup? dsconfigad -enablesso does not fix anything... My best guess is that I'll need to recreate Kerberos principals on the W2K3 Server for the SMB service on the Xserve and export a new Kerberos keytab to the Xserve and see if that works... Perhaps anyone has some insight to share :) Best regards, Søren Grønning