Open Directory network authentication and kerberos setup

Let me preface this entry saying that this is the first time I've posted here and I'm new to OS X but not systems administration, also apologies if this is redundant, but my problems seem almost too basic for what I've already found posted: In a small office setup we have a mac mini running OS 10.5.3 serving open directory, ical, wiki, vpn (for only a few users) and afp is turned on but no shares are mounted. When I arrived in this position users were still logging into their local machines with local accounts and only using OD accounts for mail authentication, file services, wiki, etc. My first thought was to move towards network logons and kerberos single sign on. I rebuilt the OD Master service creating what appears to be an out of the box implementation (I should note here that DNS and DHCP are open source implementations on another machine using the Webmin interface and work reliably). I then restored an archive or the directory to the freshly created OD Master and set up a number of replicas. Replication looks good, Kerberos and Password server are running, I can bind client machines to the OD Master, but I cannot authenticate a network user from the logon screen. (including the directory admin) No error message, just the shakes. Nor can I join a connected server to the kerberos realm (after following apple's documentation to do so). A few more things I should mention: on the OD Master the directory utility shows that LDAPv3/127.0.0.1 is being searched for authentication and contacts. No kerberos prinicpals were listed for users after restoring the archive to the blank database during the initial setup. Is there an easy way to create the principals or do I need to tear down tthe kerberos realm and rebuild it fresh? DirectoryService debugging is on so if anyone wants, I can provide log information, but I'm hoping there's something easy that I've missed. Again. sorry if this is redundant but thanks for any suggestions. By the way, I just went to WWDC for the first time last week, really appreciate the input from the AFP548 guys.