We have a test environment with a FreeIPA server with a cross forest trust with an AD (that is in fact a Samba AD DC). Both servers are Rocky Linux 8.

Everything works fine when we try to login to the FreeIPA server with an AD user (and with IPA users too). However, in another Rocky Linux 8 acting as an IPA client, we cannot do that. In this case, we can login with IPA users (admin for example), but we cannot login with AD users.

More details:

 * "id userad@ad.xx.xx" and "getent passwd user@ad.xx.xx" are not working in IPA client.

 * Both are working for IPA users in IPA client.

 * "kinit userad@ad.xx.xx" is working in IPA client. It is also working for IPA users.

 * Everything is working on IPA server.

Any help is appreciated,

tizo