I've pulled the name stuff out...
I assumed you would
Here's the thing. Mine is blank - completely blank. This is the one thing, that a lot of instructions will tell you to put all the information you have in your krb5.conf. However, if you just leave it blank, then it automatically detects all that based on the realm you have set in smb.conf. This may be why your system is not resilient to system changes (such as a downed domain controller). But that's just a guess.
Basically the steps I use for setting up a Red Hat 5 file server on a Windows domain are:
1. sudo open firewall ports UDP: 137, 138 and TCP: 139,445
2. sudo yum install krb5-workstation pam_krb5 samba attr acl
3. sudo mv /etc/krb5.conf /etc/krb5.conf.original
4. sudo touch /etc/krb5.conf
test it with: sudo kinit Administrator@DOMAIN
It should not return any errors. I don't believe this is necessary for the setup, but I always do it.
5. sudo nano /etc/pam.d/samba
Add the following lines:
auth required pam_winbind.so
account required pam_winbind.so
6. sudo nano /etc/nsswitch.conf
Add “winbind” without the quotes to the end of the passwd and group lines.
7. sudo /sbin/ldconfig –v | grep winbind
8. write out the smb.conf
The important global settings are:
realm = DOMAIN
workgroup = DOMAIN
security = ADS
encrypt passwords = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = no
winbind enum groups = no
winbind cache time = 900
server signing = auto
client signing = auto
9. sudo net ads join -U Administrator@DOMAIN
This joins it to the domain and you are ready to go.
read 'man selinux_samba' for what to do with selinux.