samba4 kinit failure, active directory and shares working

[David Lindauer]

We have been running Samba 4.0.0alpha15-GIT-04987bd, and have been 
pretty pleased with the results so far.  Initially on setup,  I was able 
to use kinit and get a krb ticket, and was in Server Manager on a domain 
connected computer and was able to administrate users.  Since then, 
we've physically moved the server to our development network, and 
changed it from a single NIC to dual (one for internal 10.x.x.x and one 
for public).

Last night I stuck around to officially migrate our IP range and AD to 
the new Samba 4 box (not using anything from the old).  I have 
successfully connected our desktops to the AD, Samba sharing is working 
(beautifully), and I have OpenVPN setup and have it bridged so my VPN 
clients can connect locally to the shares.

My active directory login and the administrator account are working when 
I connect to shares, so it is authenticating properly, BUT kinit 
user at domain (properly) is giving back "kinit: Password incorrect".  If i 
use the wrong domain I get appropriate errors.  This is the same box 
running everything.   If i use an invalid user, I get the proper 
krb_get_init_creds: Client unknown, but it is not recognizing any passwords.

In addition, inside an office PC (Not VPN, but shouldn't matter), I have 
the Server Manager app for win7, and it cannot connect.  It properly 
resolves and shows the full host name even when I use the IP, I have 
updated Samba interfaces to include the public and private IP (temp to 
test).  It gives "Connecting to remote server failed with the following 
error message: The client cannot connect to the destination specified in 
the request..."

If I can get this fixed, will be fully running and loving Samba4.  
Thanks for any insight.

-David

-- 
David Lindauer
Director of Operations
Otlay Interactive