me

Yes. I have been able to successfully get my Samba box to authenticate via
ADS (kerberos auth).

These are the steps which I took:

1) Installed /usr/ports/net/openldap22-server (I think that just the client
will due though)
2) Installed the /usr/ports/security/heimdal port using the make command
"make WITH_LDAP=yes"
3) Configured /etc/krb5.conf with my specfic domain and realm information
(See below).
4) Verified that kerberos worked by using the command "kinit
usernameonadsbox", the followed up with "klist -v" to verifty that I
recieved a valid ticket.
5) I had a VERY hard time getting /usr/ports/net/samba-devel to build with
ADS support (It would not build with ADS support. I posted a message to the
mailing list freebsd-questions@freebsd.org and recieved 3 files (a new
Makefile, a new pkg-plist, and a new patch-Makefile.in ) from a participant
who refers to himself as "Joerg". You will need to get these files from him
(or send me a mail to trash.trash@comcast(dot)net ) if you can't get Samba
to build correctly. After installing these three files I was successfully
able to build using the make command "make WITH_LDAP=yes, WITH_ADS=yes
KRB5_HOME=/usr"
6) I then set up my /usr/local/etc/smb.conf file to allow for ADS
authentication (see below).
7) The next step was to actually join the domain and become an ADS member
using the command "net join ads" (it so happens that my login uses the same
username as a domain admin in my domain so I did not have to provide the
username option on the command.) on the box running Samba 3.
8) Once the machine was a valid machine in the directory (the command above
does all the creation work for you) I started samba up and all was well.

References:
http://us2.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html#ads-member

http://mail-index.netbsd.org/tech-net/2001/01/12/0010.html AND
http://mail-index.netbsd.org/tech-net/2001/01/14/0002.html

http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.5/doc/install.html#SEC73


Hope that helps.
Matt
KRB5.CONF>
[libdefaults]
ticket_lifetime = 600
default_realm = HOME.LOCAL
default_domain = HOME.LOCAL
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5

[realms]
HOME.LOCAL={
kdc=kdcname.home.local
}

[domain_realm]
.home.local = HOME.LOCAL
home.local = HOME.LOCAL

[logging]
default = FILE:/var/log/krb5.log
SMB.CONF>
[global]
workgroup = HOME
realm = HOME.LOCAL #REQUIRED -UPPERCASE
server string = Matts Home Server
interfaces = rl0, lo0, 10.0.0.0/8, 127.0.0.1
security = ADS #REQUIRED
password server = kdcname.home.local #REQUIRED FQDN
log file = /var/log/smb.log
socket address = 10.0.1.1
comment = Matts SAMBA Server
path = /
hosts allow = 10.0.0.0/255.0.0.0, 127.0.0.1


[sharename]
comment = Drivers
path = /path/
read only = No