Error binding to AD (Tiger, Leopard and Leopard server), log attached

Hi, I have serious trouble binding _any_ OSX machine to our corporate W2003 AD. I've heard that there are a lot of people having problems with Leopard and AD integration so right now I'm only focusing on getting one Tiger machine to bind. I've tried "everything" the last few days and still no success. I get the (in)famous "Unable to access Domain controller" after step 4/5 using the AD Plugin. I have verified that my client is registered in the DNS ok. I have set the client to sync time with one of the domain controllers. We have 4 DC:s in our AD. I even tried to change the hosts-file on the client to emulate that all of them (and the domains FQDN) were acutally pointing to the same ip address without it makaing any diffrence. (Changed it back since then). Here is the debug log (from the "killall -USR1 DirectoryService" slightly anonymized: [quote] 2008-03-12 16:11:12 CET - ADPlugin: Calling CustomCall 2008-03-12 16:11:12 CET - ADPlugin: Calling CustomCall 2008-03-12 16:11:12 CET - ADPlugin: Calling CloseDirNode 2008-03-12 16:12:41 CET - ADPlugin: Calling OpenDirNode 2008-03-12 16:12:41 CET - ADPlugin: Calling CustomCall 2008-03-12 16:12:41 CET - ADPlugin: Doing CheckServerRecords...... 2008-03-12 16:12:41 CET - ADPlugin: my.domain.com - Start checking servers for site "any" 2008-03-12 16:12:41 CET - ADPlugin: Total Servers "any" LDAP - 4, Kerberos - 4, kPasswd - 4 2008-03-12 16:12:42 CET - ADPlugin: Server #1 picked - "dcserver1.my.domain.com" 2008-03-12 16:12:42 CET - ADPlugin: Server #2 picked - "dcserver2.my.domain.com" 2008-03-12 16:12:42 CET - ADPlugin: Got rootDSE for server dcserver2.my.domain.com to determine forest 2008-03-12 16:12:42 CET - ADPlugin: Determined Forest of my.domain.com from Domain Controller dcserver2.my.domain.com 2008-03-12 16:12:42 CET - ADPlugin: Found Default Domain my.domain.com 2008-03-12 16:12:42 CET - ADPlugin: Global Catalogs - Start checking servers for site "any" 2008-03-12 16:12:42 CET - ADPlugin: Total Servers "any" LDAP - 4, Kerberos - 4, kPasswd - 4 2008-03-12 16:12:42 CET - ADPlugin: Server #1 picked - "dcserver2.my.domain.com" 2008-03-12 16:12:42 CET - ADPlugin: Server #2 picked - "dcserver1.my.domain.com" 2008-03-12 16:12:42 CET - ADPlugin: Found Forest Domain GC my.domain.com 2008-03-12 16:12:42 CET - ADPlugin: Something wrong, unable to determine domain information from Config container...... 2008-03-12 16:12:42 CET - ADPlugin: Finished CheckServerRecords...... 2008-03-12 16:12:42 CET - ADPlugin: Created KerberosClient record Generation ID 227027562 2008-03-12 16:12:42 CET - ADPlugin: Rebuilt Kerberos File 2008-03-12 16:12:42 CET - ADPlugin: Calling CloseDirNode 2008-03-12 16:12:42 CET - ADPlugin: Calling OpenDirNode 2008-03-12 16:12:42 CET - ADPlugin: Calling CustomCall 2008-03-12 16:12:42 CET - ADPlugin: Doing CheckServerRecords...... 2008-03-12 16:12:43 CET - ADPlugin: Good credentials for useraccountxxx@MY.DOMAIN.COM 2008-03-12 16:12:43 CET - ADPlugin: No existing connection in connection mgr for useraccountxxx@MY.DOMAIN.COM@my.domain.com:389 2008-03-12 16:12:44 CET - ADPlugin: GSSAPI FAILED doing gss_unwrap: No error 2008-03-12 16:12:44 CET - ADPlugin: Secure BIND Session FAILED with server dcserver1.my.domain.com:389 2008-03-12 16:12:44 CET - ADPlugin: GSSAPI FAILED doing gss_unwrap: No error 2008-03-12 16:12:44 CET - ADPlugin: Secure BIND Session FAILED with server dcserver2.my.domain.com:389 2008-03-12 16:12:44 CET - ADPlugin: my.domain.com - Start checking servers for site "any" 2008-03-12 16:12:44 CET - ADPlugin: Total Servers "any" LDAP - 4, Kerberos - 4, kPasswd - 4 2008-03-12 16:12:44 CET - ADPlugin: Server #1 picked - "dcserver2.my.domain.com" 2008-03-12 16:12:44 CET - ADPlugin: Server #2 picked - "dcserver1.my.domain.com" 2008-03-12 16:12:45 CET - ADPlugin: Got rootDSE for server dcserver1.my.domain.com to determine forest 2008-03-12 16:12:45 CET - ADPlugin: Determined Forest of my.domain.com from Domain Controller dcserver1.my.domain.com 2008-03-12 16:12:45 CET - ADPlugin: Found Default Domain my.domain.com 2008-03-12 16:12:45 CET - ADPlugin: Global Catalogs - Start checking servers for site "any" 2008-03-12 16:12:45 CET - ADPlugin: Total Servers "any" LDAP - 4, Kerberos - 4, kPasswd - 4 2008-03-12 16:12:45 CET - ADPlugin: Server #1 picked - "dcserver1.my.domain.com" 2008-03-12 16:12:45 CET - ADPlugin: Server #2 picked - "dcserver3.my.domain.com" 2008-03-12 16:12:45 CET - ADPlugin: Found Forest Domain GC my.domain.com 2008-03-12 16:12:45 CET - ADPlugin: Good credentials for useraccountxxx@MY.DOMAIN.COM 2008-03-12 16:12:45 CET - ADPlugin: No existing connection in connection mgr for useraccountxxx@MY.DOMAIN.COM@my.domain.com:389 2008-03-12 16:12:45 CET - ADPlugin: Finished CheckServerRecords...... 2008-03-12 16:12:45 CET - ADPlugin: Created KerberosClient record Generation ID 227027565 2008-03-12 16:12:45 CET - ADPlugin: Rebuilt Kerberos File 2008-03-12 16:12:45 CET - ADPlugin: Closing All Connections - Connection Manager 2008-03-12 16:12:45 CET - ADPlugin: Closing All Connections - Connection Manager Completed 2008-03-12 16:12:45 CET - ADPlugin: Calling CloseDirNode 2008-03-12 16:12:45 CET - ADPlugin: Calling OpenDirNode 2008-03-12 16:12:45 CET - ADPlugin: Calling CustomCall 2008-03-12 16:12:45 CET - ADPlugin: Verify called for useraccountxxx@MY.DOMAIN.COM 2008-03-12 16:12:45 CET - ADPlugin: Verify successful for useraccountxxx@MY.DOMAIN.COM 2008-03-12 16:12:45 CET - ADPlugin: Calling CloseDirNode 2008-03-12 16:12:45 CET - ADPlugin: Calling OpenDirNode 2008-03-12 16:12:45 CET - ADPlugin: Calling CustomCall 2008-03-12 16:12:45 CET - ADPlugin: Good credentials for useraccountxxx@MY.DOMAIN.COM 2008-03-12 16:12:45 CET - ADPlugin: No existing connection in connection mgr for useraccountxxx@MY.DOMAIN.COM@my.domain.com:389 2008-03-12 16:12:45 CET - ADPlugin: GSSAPI FAILED doing gss_unwrap: No error 2008-03-12 16:12:45 CET - ADPlugin: Secure BIND Session FAILED with server dcserver2.my.domain.com:389 2008-03-12 16:12:46 CET - ADPlugin: GSSAPI FAILED doing gss_unwrap: No error 2008-03-12 16:12:46 CET - ADPlugin: Secure BIND Session FAILED with server dcserver1.my.domain.com:389 2008-03-12 16:12:46 CET - ADPlugin: Calling CloseDirNode [/quote] If anyone has any idea where I should start looking I would be most grateful! Best regards, Daniel, Sweden