Snow Leopard clients unable to connect to AFP share on Lion Server (10.7.2) using Kerberos

Hi all, I'm seeing a problem where I've migrated a domain from a Linux server to a Lion-based Mac Mini Server, effectively re-establishing EVERYTHING on the Lion Server, but migrating the domain name and Kerberos Realm name. So in theory, all I would need to do to make Kerberos work with my new Lion OD Master would be to change the KDC hostname in my client's edu.mit.Kerberos file - but it does not work with Finder! I can get a ticket through Ticket Viewer, but when I try to pass it back to the server for access to an AFP share, I get the username/password fallback dialog [which works - yeeha'] ... -I even get the correct Kerberos service principal after having typed in my username and password ... I've seen something similar with a cross realm setup used for authenticating users in two different Windows Forests, but it got resolved by adding the appropriate domain-realm mappings in edu.mit.Kerberos. I have of course made sure that all mappings are correct for my Lion realm, but still I get the fallback dialogue ... [code][domain_realm] .domain = REALM domain = REALM[/code] If I try accessing the SAME server and the SAME share through the command line interface, IT WORKS! I get the correct Kerberos service principal and everything is fine, but I simply can't get the same thing to work directly from Finder! Has anyone experienced anything similar with Snow Leopard and Lion? Best regards, Søren