[Samba] Kerberos, Samba, and XP wanting to map local users with authenticated ones

[Mauricio Tavares]

Ok, I understand if I only have kerberos and windows, if I login as a
kerberos user, I better have a local user mapped to it or I will not
be able to login. But, now I have samba involved. If I tell it about
kerberos server,

workgroup = LAZYASS
realm = MY.REALM
security = ads
kerberos method = system keytab

shouldn't it see there is local (to samba's server) user bob,
principal bob at MY.REALM, and then mount bob's homedir if I try to login
as bob? Or am I missing an important step? I did join the xp box to
LAZYASS and can see there the fileserver's home fileshare (the only
thing I am exporting). But that is as far as I get.

The exact error message I am getting is

"The system cannot log you on due to the following error:

Mapping between account names and security IDs was done."

It almost sounds like it is completely ignoring the samba side of the show.