[Freeipa-users] Re: Hardship setting up samba share that depends on IPA trust with AD

Hello everyone, I am attempting to setup a samba file server that uses IPA as a proxy to authentication AD users. I am using the document below as a template but its not working as currently documented. I am wondering if something has changed on the code since that time but the doc hasn't had any update. https://www.freeipa.org/page/Howto/Integrating_a_Samba_File_Server_With_IPA For the samba client, this is the version of binaries that I am using: [root@samba4 ~]# rpm -qa | grep samba samba-common-tools-4.7.1-6.el7.x86_64 samba-common-libs-4.7.1-6.el7.x86_64 samba-common-4.7.1-6.el7.noarch samba-4.7.1-6.el7.x86_64 samba-client-libs-4.7.1-6.el7.x86_64 samba-client-4.7.1-6.el7.x86_64 samba-libs-4.7.1-6.el7.x86_64 For IPA server, this is the version I am running: ipa-server-4.5.4-10.el7_5.1.x86_64 There is a trust relationship between the IPA and the Active directory. The AD is on corp.example.com domain and the IPA is on eng.example.com. When I point any of the IPA clients to \\samba4.eng.example.com, all works as expected. However, when I point any of the AD clients (Windows 10) to \\samba4.eng.example.com, I am not having any joy. After parsing the logs, the section below looks like the most relevant part of the logs. What would cause this issue? Any pointer on how to overcome it would be highly appreciated.