Cannot Login Using Kerberos Authentication

I have a plain vanilla Mac Mini with SLS setup, the mini is the OD master, the DNS checks out OK. The OD says Kerberos up and running with the proper all caps FQDN. I can bind to the OD from the SL client just fine. I can even got to ticket viewer and create a ticket using my user login.

However, if I set Authentication to Kerberos in AFP, on the client when I go to Go -> Connect to Server and select afp://<fqdn>, I get a user ID and password screen, and no matter what I put in for user ID and password, I get "User ID or Password Invalid". If I change AFP to "Any Method" I can log in without problems.

Neither of the AFP logs point to a failed login.

Looking at the Kerberos log I get:

Mar 14 18:35:08 ,<FQDN> krb5kdc[74](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 1<ip address>: NEEDED_PREAUTH: <computer name>$@<FQDN realm name> for krbtgt/<FQDN realm name>@<FQDN realm name>, Additional pre-authentication required

Followed by:

Mar 14 18:35:09 <FQDN> krb5kdc[74](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) <IP address>: ISSUE: authtime 1300142108, etypes {rep=18 tkt=16 ses=18}, <computer name>$@<FQDN realm name> for ldap/<FQDN>@<FQDN realm name>

Both the server and the client are using time.apple.com to time synch, and I even put both clocks up on the screen at the same time and they were visibly identical.

Searched everything on this board related and nothing points to this problem as far as I can tell.

Help?