Samba 3.0.x does not store the kerberos keytab entries in the default file system keytab, making it impossible for other services on the system (i.e. openssh, openldap, ksu, etc) to function. In the URL field above I've specified a link to a patch that I've been working on that fixes this issue. The patch will not modify the existing internals of smbd or net, but will supplement those binaries by making them write out a keytab when doing things like joining a machine to a domain. In addition, the patch will change smbd to try to verify a kerberos message in addition to doing the routines that were previously in kerberos_verify(). The reason for this change is that with a file based keytab, samba can store both the current kvno entries and the previous kvno entries. This is useful because if a machine's password is changed, the clients that have existing kerberos session keys will be unable to connect until those session keys time out or the client reboots. Keeping the old entries in the keytab is what microsoft does to avoid this problem. Again, this behavior is implemented in a way so the smbd process will try to use the system keytab, and if that fails, it will run the previous kerberos verification routine.
I've updated the URL of the keytab patch to reflect some minor hcnages that I've made in the past few days - see the samba technical list for details.
This was included in 3.0.6
originally against 3.0.5pre1 (which became 3.0.6pre1 due to security release))
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.