[Samba] Samba 4.1 as member server, problems doing password authentication using CentOS/RedHat 7 packages

[Rowland Penny]

On 21/04/15 18:24, Ty! Boyack wrote:
> On 04/20/2015 05:30 PM, Andrey Repin wrote:
>> Greetings, Ty! Boyack!
>
> Thanks, and Hi!
>> I dumped (using testparm -v) all of the default settings, and found that
>> With Samba 4, I've found the output of "samba-tool testparm" to be 
>> different
>> from "testparm". The former looks more trustworthy to me.
>
> I feel really foolish here -- but I don't see samba-tool as an 
> installed binary or in any of the packages available via the 
> repositsories we use for CentOS or Fedora. Is this part of the 
> standard suite or samba

You will not get samba-tool on any red-hat distro, you cannot set up a 
samba AD DC on red-hat with distro packages because they want to use MIT 
kerberos.

>
>> Following smb.conf compare, I would compare krb5.conf, particularly 
>> the realm
>> name and capitalization.
>> Been bitten by that >.<
>>
>>
>
> Good thought.  I use 'net ads join' to join the active directory 
> domain, so that creates it's krb5 file on the fly in 
> /var/lib/samba/smb_krb5.  The contents of the files on each server is 
> almost the same -- it is the same information (including 
> capitalization -- you are right on that!) but the order of the KDCs is 
> different.  I changed the order to make sure that is not the issue and 
> confirmed that the behavior is the same.
>
> I wonder if the package compilation invokes substantially different 
> options for this behavior?  I don't know how to tell what configure 
> options are used by the package creators.  Does anyone know if that is 
> easy to discover?

running 'smbd -b' will give you the build spec, but beware, it is 
usually very long and will probably scroll off screen, pipe it to a text 
file and read that.

Rowland
>
> Thanks,
>
> -Ty!
>
>