Kerberos and Shares

[ninjabytes]

Hello,

I have a Samba 3.0.24 running along with winbind 3.0.24 running as well to
log in our Active Directory.

/etc/pam.d/common-account looks like this:
account sufficient       pam_winbind.so krb5_auth debug try_first_pass
cached_login
account required pam_unix.so

/etc/pam.d/common-auth looks like this:
auth sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE debug
try_first_pass cached_login
auth required pam_unix.so nullok_secure

/etc/pam.d/common-password looks like this:
password    sufficient pam_winbind.so krb5_auth krb5_ccache_type=FILE
password    required   pam_unix.so nullok obscure min=4 max=8 md5

/etc/pam.d/common-session looks like this:
session required        pam_unix.so
session optional        pam_foreground.so
session required        pam_mkhomedir.so umask=0022 skel=/etc/skel

When I try to connect to a shared resource using smbclient with the "-K"
option I get:

session setup failed: NT_STATUS_LOGON_FAILURE

This is my smb.conf:

[global]
   security = ads
   realm = PAWNSHOP.LOCAL
   encrypt passwords = yes
   password server = PAWNSHOP.LOCAL
   workgroup = PAWNSHOP
   client signing = yes
   idmap uid = 500-10000000
   idmap gid = 500-10000000
   server signing = mandatory
   pam password change = yes
   winbind separator = +
   winbind enum users = no
   winbind enum groups = no
   winbind use default domain = yes
   winbind offline logon = yes
   winbind refresh tickets = yes
   winbind cache time = 10
   template homedir = /home/%U
   template shell = /bin/bash
   client use spnego = no
   domain master = no
   server string = Ubuntu WorkStation

I would also like to have winbind to remove the kerberos tickets from /tmp/
once a user logs off but I cant seem to find out how to get that done.

Thanks