Not clear why this happens but if we use the forked lsasd daemon the MS-LSAT testsuite from Microsoft fails to run against samba/freeipa The symptom according to the logs I reviewed in the labs were that for each new LSA request smbd would try to open a new pipe to the lsasd daemon instead of resuing the existing pipe where the RPC BIND was previously performing, causing the new request to run unauthenticated (and then failing with ACCESS DENIED of course).
This is probably a samba bug, and will probably need to be fixed upstream, but I am noting it here for tracking purposes.
Note that it seem that a real Windows client is not triggering this behavior so far.
Upstream bug: https://bugzilla.samba.org/show_bug.cgi?id=9273
Rename "trusts" component to "Trusts" to achieve correct sorting.
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Login to comment on this ticket.