Hey all,
   I'm having issues getting a setting up a Samba file server using IPA as an authentication source on my network.  I followed the guide based off of the mailing list chatter.  No success.

When I try to authenticate using kerberos (or password), I get an access denied error on the client when running  "smbclient -k -L fs01.svr.ipa.domain":
session setup failed: NT_STATUS_ACCESS_DENIED

And it tries to revert to local user lookup on the server:
[2020/03/20 02:47:32.669898,  3] ../auth/kerberos/gssapi_pac.c:123(gssapi_obtain_pac_blob)
  gssapi_obtain_pac_blob: obtaining PAC via GSSAPI gss_get_name_attribute failed: The operation or option is not available or unsupported: No such file or directory
[2020/03/20 02:47:32.670131,  3] ../auth/gensec/gensec_util.c:55(gensec_generate_session_info_pac)
  gensec_generate_session_info_pac: Unable to find PAC for mddeff@<IPA.DOMAIN>, resorting to local user lookup

------ Server Config -----
[global]
        workgroup = SVR
        realm = SVR.IPA.DOMAIN
        dedicated keytab file = /etc/samba/samba.keytab
        kerberos method = dedicated keytab
        use kerberos keytab = true
        log file = /var/log/samba/log.%m
        log level = 3
        security = ads
----------

Client:
Fedora 30

File Server:
CentOS 7.7, Samba 4.9.1, ipa-client 4.6.5
selinux is enabled.

Any thoughts?  Thanks in advance!

Regards,
Mike