Logged as https://pagure.io/freeipa/issue/8636


On Dec 23, 2020, at 11:01 PM, Alexander Bokovoy <abokovoy@redhat.com> wrote:

On ke, 23 joulu 2020, Alan Latteri via FreeIPA-users wrote:
Hello.

I have setup a test FreeIPA server and client, CentOS 8.3, very
minimal, exactly as the documentation.  I can successfully mount a
Samba shared from  ipaclient on MacOS, the first access. But any
subsequent share mounting fails until winbind is restarted.   Please
see this screen capture which explicitly shows the issue.

https://youtu.be/8Qd8u67WLkU

These errors appear in /var/log/messages:
Dec 23 13:31:15 ipaclient01 winbindd[1258]: [2020/12/23 13:31:15.265397,  0] ../../source3/winbindd/winbindd_util.c:175(add_trusted_domain)
Dec 23 13:31:15 ipaclient01 winbindd[1258]:  add_trusted_domain: SID [S-1-5-21-1037681751-2390144637-354493272] already used by domain [IPA], expected [ipa.instinctual.studio]
Dec 23 13:31:15 ipaclient01 winbindd[1258]: [2020/12/23 13:31:15.265462,  0] ../../source3/winbindd/winbindd_pam_auth_crap.c:169(winbindd_pam_auth_crap_done)
Dec 23 13:31:15 ipaclient01 winbindd[1258]:  winbindd_pam_auth_crap_done: add_trusted_domain_from_auth failed
Dec 23 13:31:17 ipaclient01 winbindd[1258]: [2020/12/23 13:31:17.263925,  0] ../../source3/winbindd/winbindd_util.c:175(add_trusted_domain)
Dec 23 13:31:17 ipaclient01 winbindd[1258]:  add_trusted_domain: SID [S-1-5-21-1037681751-2390144637-354493272] already used by domain [IPA], expected [ipa.instinctual.studio]
Dec 23 13:31:17 ipaclient01 winbindd[1258]: [2020/12/23 13:31:17.263985,  0] ../../source3/winbindd/winbindd_pam_auth_crap.c:169(winbindd_pam_auth_crap_done)
Dec 23 13:31:17 ipaclient01 winbindd[1258]:  winbindd_pam_auth_crap_done: add_trusted_domain_from_auth failed

Does it work for you with Kerberos authentication?

Either way, please create an issue at
https://pagure.io/freeipa/new_issue with all details, including full
samba logs.

Most of FreeIPA developers are on vacation for next week or two (I am
already and will only be back to work on Januarry 11th), so do not
expect prompt replies in this time. (This applies to most of threads on
the list).


--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland