I have a working trust between my IPA server and an AD domain, I can lookup accounts and login to the IPA-server using AD accounts. I am however unable to to do the same when I connect a client to the IPA-server, the local IPA-accounts are available such as admin, but not AD accounts. I have tried to to a realm join and also using the ipa-client-install directly without success. Are there any additional steps that needs to be done to access accounts over the trust? I have some debug output on pastebin also:
https://pastebin.com/xy9SbCw4