TL;DR I want to force mount.cifs (or smbclient) to use specific ticket (e.g. cifs/server@DOMAIN2 instead of cifs/server@DOMAIN).

Long Story

I have two smb servers (both are windows): server-a and server-b. I have no problem mounting a share from server-a:

$ sudo mount -t cifs //server-a.domain-a/share /mnt/a -o "sec=krb5,cruid=$UID"
# uses cifs/server-a@DOMAIN-A

However, trying to mount a share from server-b results in error (emphasis mine after sudo smbclient...):

$ sudo mount -t cifs //server-b.domain-b/share /mnt/b -o "sec=krb5,cruid=$UID"
mount error(126): Required key not available
$ sudo dmesg|tail
[7267002.391319] CIFS VFS: Send error in SessSetup = -126
[7267002.391504] CIFS VFS: cifs_mount failed w/return code = -126
$ sudo smbclient //server-b.domain-b/share
ads_krb5_mk_req: smb_krb5_get_credentials failed for **cifs/server-b.domain-b@DOMAIN-A** (Server not found in Kerberos database) <- note wrong domain
cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: Server not found in Kerberos database
session setup failed: SUCCESS - 0
$ klist |grep "Default principal"
Default principal: user@DOMAIN-A

My diagnosis

mount.cifs mistakenly uses DOMAIN-A (my principal domain) instead of DOMAIN-B. Hence, I want to force it to use the right ticket.

1. Can I force mount.cifs or smbclient to use specific ticket? If so, then how?
2. What are rules for ticket selection in mount.cifs / smbclient?
3. How can I check which ticket is being used for connection?