b) Make sure your local samba setup is joined to the domain. Make sure it writes an appropriate krb5.keytab (/etc/krb5.keytab in my setup) as part of its password management, etc.
net ads keytab add smtp/mail_server_fqdn net ads keytab add imap/mail_server_fqdn
You may have to edit the sam.ldb on your S4 server as many times S3 doesn't create the principals ( /usr/local/samba/bin/ldbedit -H /usr/local/samba/private/sam.ldb sAMAccountName=mailserverhostname$ should do the trick and add userPrincipalName so that it has imap/MAILSERVER_FQDN and smtp/MAILSERVER_FQDN, each being its own userPrincipalName, this should give the machine account 3 userPrincipalName lines) Sorry to anyone who was following what I wrote. I made a mistake. This should NOT be userPrincipalName, it should be servicePrincipalName. (There should already be 1 or 2 such lines that says HOST/host or HOST/host.fqdn)
Trever