We (Vet School/UPENN) have figured out the little nuances of getting machines bound and multiple smb shares to mount since 10.3.4 rolled out. We wish Apple would provide more of a step-by-step to configure this for its user base as we spent a lot of time figuring it out.
For those who can't get it to work, make sure you add the custom paths in the active directory plugin under authentication and contacts once you have bound the machine. To get additional smb shares to mount, add your domain to the relms 'out of the box' kerberos settings:
After that, we just made a run only applescript application to add additional smb shares by adding it to the startup items per account.
Works like a champ, unless your users' login is under four characters. It seems that three character logins (I haven't tested two or one) create an unusual circumstance where somehow the AD plugin doesn't jive with the GobalCatalogue. The end result? Your user will not be able to empty their trash from the GUI. (it's not locked files, immutable flags, improper permissions either). No joke. While you can simply add a character to the users login name to fix this it is still a little bizarre.
The user can open a terminal and rm any files in the .Trash folder, just not through the Finder. This affects 10.3.4 and 10.3.5 and has been reported to Apple by yours truley but so far there has been no aknowledgement from Cupertino.
I'm curious if anyone else has run across this.