Mail service on OD for AD Users

Hello all, I hope someone can point me in the right direction. I have a 2003 Active Directory Domain with around 50-60 XP Clients of which 16 are iMacs. running at least 10.4.7. I Have set up a Mac Mini running OS X Server while we set up and test settings. The Mini is connected to the AD and is set up as an OD Master. The clients are bound to the AD but not to the OD since when they are bound to both the AD Users cannot login. With this set up the AD users are able to login and the Imacs can pull their managed preferences so all seems OK. I then proceeded to set up the mail service for the AD users on the OD Master. I have enabled SACL for the mail service and have entered 2 users that are from the AD Groups. The group com.apple.access_mail is found in the groups for the users in the WGM but the mail access is not set but i assume this is correct since it cannot be set for AD Users. The problem i have is that the users cannot setup the account in mail since it fails to accept their username and password. When i try to configure the account the kerberos app accepts a ticket from the pop service for the OD Master but in the logs for the mail service under pop it says badlogin: computer-name [ipaddress] GSSAPI Generic failure. Can anyone help to resolve the issue as to why my users cannot create an email account? I have tried both mail and Outlook with the same response. Thanks in advance