Yes, the samba server is located on the freeipa master server.
# kvno cifs/myserver.mydomain.local(a)MYDOMAIN.LOCAL
cifs/myserver.mydomain.local(a)MYDOMAIN.LOCAL: kvno = 16
I ran ipa-adtrust-install
# ipa-adtrust-install
The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup components needed to establish trust to AD domains for
the FreeIPA Server.
This includes:
* Configure Samba
* Add trust related objects to FreeIPA LDAP server
To accept the default shown in brackets, press the Enter key.
Configuring cross-realm trusts for IPA server requires password for user 'admin'.
This user is a regular system account used for IPA server administration.
admin password:
Do you want to enable support for trusted domains in Schema Compatibility plugin?
This will allow clients older than SSSD 1.9 and non-Linux clients to work with trusted
users.
Enable trusted domains support in slapi-nis? [no]: yes
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
Configuring CIFS
[1/24]: validate server hostname
[2/24]: stopping smbd
[3/24]: creating samba domain object
Samba domain object already exists
[4/24]: creating samba config registry
[5/24]: writing samba config file
[6/24]: adding cifs Kerberos principal
[7/24]: adding cifs and host Kerberos principals to the adtrust agents group
[8/24]: check for cifs services defined on other replicas
[9/24]: adding cifs principal to S4U2Proxy targets
cifs principal already targeted, nothing to do.
[10/24]: adding admin(group) SIDs
Admin SID already set, nothing to do
Admin group SID already set, nothing to do
[11/24]: adding RID bases
RID bases already set, nothing to do
[12/24]: updating Kerberos config
'dns_lookup_kdc' already set to 'true', nothing to do.
[13/24]: activating CLDAP plugin
CLDAP plugin already configured, nothing to do
[14/24]: activating sidgen task
Sidgen task plugin already configured, nothing to do
[15/24]: map BUILTIN\Guests to nobody group
[16/24]: configuring smbd to start on boot
[17/24]: adding special DNS service records
[18/24]: enabling trusted domains support for older clients via Schema Compatibility
plugin
[19/24]: restarting Directory Server to take MS PAC and LDAP plugins changes into
account
[20/24]: adding fallback group
Fallback group already set, nothing to do
[21/24]: adding Default Trust View
Default Trust View already exists.
[22/24]: setting SELinux booleans
[23/24]: starting CIFS services
[24/24]: restarting smbd
Done configuring CIFS.
=============================================================================
Setup complete
You must make sure these network ports are open:
TCP Ports:
* 135: epmap
* 138: netbios-dgm
* 139: netbios-ssn
* 445: microsoft-ds
* 1024..1300: epmap listener range
* 3268: msft-gc
UDP Ports:
* 138: netbios-dgm
* 139: netbios-ssn
* 389: (C)LDAP
* 445: microsoft-ds
See the ipa-adtrust-install(1) man page for more details