Found the client config on a USD stick.
So, here's my pam_mount.conf.xml
"FRITZ" should be replaced with your workgroup, i.e. the domain name! Usually, it's kind of a prefix used in the home directory path.
"FRITZ.BOX" should be replaced with your realm, i.e. the complete AD domain
<pam_mount>
<debug enable="0" />
<volume
fstype="cifs"
server="zentyal"
path="%(USER)"
mountpoint="/home/local/FRITZ/%(USER)"
user="*"
options="sec=krb5,cruid=%(USERUID),domain=FRITZ.BOX,uid=%(USERUID),gid=%(USERGID),rw"
/>
<umount>umount -l %(MNTPT)</umount>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
Hope this helps.