The error "the ticket isn't for us" indicates a mismatch between Kerberos realms between the client
and the server. google that error message and you will find more.
Some issue either in your krb5.conf on the clients, or in the condor_mapfile. Don't have time to look at it more at the moment. It has been about 10 years since we did kerberos authentication in condor around here, although we were one of the first to request the feature.