[Samba] Samba 3.0.33 joining Samba 4 domain

[Kristofer]

Hello,

I am testing Samba 4's active directory with the latest master copy.

I have joined a Windows 7 desktop to it fine without any issues.  From Windows 7, I can browse to the AD controller IP address in Windows and see the standard Active Directory shares.

I attempted to join Samba 3.0.33 (CentOS 5.8) to Samba 4's active directory, and the join worked as expected.  I can browse to the CentOS file shares using a Macintosh that is NOT joined to the domain, but when I use the Windows 7 machine, it prompts me for my password over and over.  The logs on the CentOS client are showing NT_STATUS_ACCESS_DENIED.

One step further, from the CentOS client, I attempted to list the file shares on itself:

[root at fs-ad-test samba]# smbclient -L <sambaclientip> -U username
Password: 
Domain=[XYZ] OS=[Unix] Server=[Samba 3.0.33-3.39.el5_8]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root at fs-ad-test samba]# 

and that also fails with a NT_STATUS_ACCESS_DENIED

Kerberos tests fine, I can authenticate with kinit.  I am also using winbind on the CentOS machine for logins, so that users can use their active directory logins and that works without an issue as well.

Does anyone have any thoughts of what might be causing this to not work?

This is what my smb.conf looks like:

[global]
   workgroup = XYZ
   realm = AD.XYZ.COM
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = true
winbind refresh tickets = yes
valid users = kpettijohn
log level = 16
server string = Samba Server Version %v
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
	comment = Home Directories
	browseable = no
	writable = yes
[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	guest ok = no
	writable = no
	printable = yes