10.5.x can bind to AD, but 10.4 cannot

My organization is ready to leverage AD authentication for the Mac. I've done this before on 10.4 at other places without much trouble, so I'm quite familiar with the process (at least from the Mac side). Our problem is that the 10.3 and 10.4 Macs cannot bind to AD, but a 10.5.x Mac did bind sucessfully with no special accomodations. The bind process is failing at the 5th step. I enabled the Directory Service debug verbose logging, and here are a few of the lines where I'm seeing failure, I just don't know how to interpret it. It's a small organization with a vanilla implementaion of AD. 2009-03-05 13:07:05 EST - ADPlugin: Calling CustomCall 2009-03-05 13:07:05 EST - ADPlugin: Good credentials for administrator@PNCO.COM 2009-03-05 13:07:05 EST - ADPlugin: No existing connection in connection mgr for administrator@PNCO.COM@pnco.com:389 2009-03-05 13:07:05 EST - ADPlugin: GSSAPI FAILED doing gss_init_sec_context: Server not found in Kerberos database 2009-03-05 13:07:05 EST - ADPlugin: Secure BIND Session FAILED with server dns03.hbg.pnco.com:389 2009-03-05 13:07:06 EST - ADPlugin: GSSAPI FAILED doing gss_init_sec_context: Server not found in Kerberos database 2009-03-05 13:07:06 EST - ADPlugin: Secure BIND Session FAILED with server dns02.vdc.pnco.com:389 2009-03-05 13:07:06 EST - Client: Directory Access, PID: 1013, API: dsDoPlugInCustomCall(), Active Directory Used : DAR : Node Ref = 16777794 : Request Code = 85 : Result code = -14006 2009-03-05 13:07:06 EST - Plug-in call "dsDoPlugInCustomCall()" failed with error = -14006. 2009-03-05 13:07:06 EST - Port: 0 Call: dsDoPlugInCustomCall() == -14006 2009-03-05 13:07:06 EST - ADPlugin: Calling CloseDirNode I suspected a DNS problem so I populated the Macs network prefs with our search domain and DNS server IP's, but that made no difference. What stumps me is that the Leopard Mac bound without a hitch. Anyone? thanks, Darrin