Hello

I have fixed the problem myself.
As it complained about the 2 records on LDAP, I did a bk of LDAP database and I deleted both records. I ran again ipa-adtrust-install and it created just 1 of them.
Then I had another error: "Attribute [ipaNTSecurityIdentifier] not found", that is because I didn't put the parameter "--add-sids", so I reran ipa-adtrust-install with the parameter and it worked.

Thanks & Regards.
______________________________

From: SOLER SANGUESA Miguel
Sent: Tuesday, April 11, 2017 8:51
To: 'freeipa-***@redhat.com' <freeipa-***@redhat.com>
Subject: Problem starting smb service after ipa-adtrust-install

hello

I'm unable to start smb after executing ipa-adtrust-install.
the execution of ipa-adtrust-install is:
[***@hostname ~]# ipa-adtrust-install --enable-compat --add-agents -d

The log file for this installation can be found in /var/log/ipaserver-install.log
ipa : DEBUG /sbin/ipa-adtrust-install was invoked with options: {'enable_compat': True, 'add_agents': True, 'no_msdcs': False, 'rid_base': 1000, 'secondary_rid_base': 100000000, 'netbios_name': None, 'debug': True, 'add_sids': False, 'unattended': False}
ipa : DEBUG missing options might be asked for interactively later

ipa : DEBUG IPA version 4.4.0-14.el7_3.6
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipa : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
==============================================================================
This program will setup components needed to establish trust to AD domains for
the IPA Server.

This includes:
* Configure Samba
* Add trust related objects to IPA LDAP server

To accept the default shown in brackets, press the Enter key.

ipa : DEBUG importing all plugin modules in ipaserver.plugins...
...
ipa : DEBUG importing plugin module ipaserver.plugins.hbac
ipa : DEBUG ipaserver.plugins.hbac is not a valid plugin module
...
ipa : DEBUG importing plugin module ipaserver.plugins.otp
ipa : DEBUG ipaserver.plugins.otp is not a valid plugin module
...
ipa : DEBUG importing plugin module ipaserver.plugins.pkinit
ipa : DEBUG ipaserver.plugins.pkinit is not a valid plugin module
...
ipa : DEBUG Starting external process
ipa : DEBUG args=klist -V
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=Kerberos 5 version 1.14.1

ipa : DEBUG stderr=
ipa : DEBUG importing plugin module ipaserver.plugins.rabase
ipa : DEBUG ipaserver.plugins.rabase is not a valid plugin module
...
ipa : DEBUG importing plugin module ipaserver.plugins.sudo
ipa : DEBUG ipaserver.plugins.sudo is not a valid plugin module
...
ipa : DEBUG importing plugin module ipaserver.plugins.virtual
ipa : DEBUG ipaserver.plugins.virtual is not a valid plugin module
ipa : DEBUG importing plugin module ipaserver.plugins.xmlserver
IPA generated smb.conf detected.
Overwrite smb.conf? [no]: yes
Configuring cross-realm trusts for IPA server requires password for user 'admin'.
This user is a regular system account used for IPA server administration.

admin password:

ipa : DEBUG Starting external process
ipa : DEBUG args=kinit admin
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=Password for ***@MY.IPA.SUBDOMAIN<mailto:***@MY.IPA.SUBDOMAIN>:

ipa : DEBUG stderr=
ipa.ipaserver.plugins.ldap2.ldap2: DEBUG Created connection context.ldap2_48972688
ipa.ipaserver.plugins.user.user_show: DEBUG raw: user_show(u'admin', version=u'2.213')
ipa.ipaserver.plugins.user.user_show: DEBUG user_show(u'admin', rights=False, all=False, raw=False, version=u'2.213', no_members=False)
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4c4c9e0>
ipa.ipaserver.plugins.group.group_show: DEBUG raw: group_show(u'admins', version=u'2.213')
ipa.ipaserver.plugins.group.group_show: DEBUG group_show(u'admins', rights=False, all=False, raw=False, version=u'2.213', no_members=False)
ipa : DEBUG Searching for objects with missing SID with filter=(&(objectclass=ipaobject)(!(objectclass=mepmanagedentry))(|(objectclass=posixaccount)(objectclass=posixgroup)(objectclass=ipaidobject))(!(ipantsecurityidentifier=*))), base_dn=dc=my,dc=ipa,dc=subdomain

WARNING: 12 existing users or groups do not have a SID identifier assigned.
Installer can run a task to have ipa-sidgen Directory Server plugin generate
the SID identifier for all these users. Please note, the in case of a high
number of users and groups, the operation might lead to high replication
traffic and performance degradation. Refer to ipa-adtrust-install(1) man page
for details.

Do you want to run the ipa-sidgen task? [no]:

The following operations may take some minutes to complete.
Please wait until the prompt is returned.

ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4d5ccf8>
ipa : DEBUG Configuring CIFS
Configuring CIFS
ipa : DEBUG [1/22]: stopping smbd
[1/22]: stopping smbd
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl is-active smb.service
ipa : DEBUG Process finished, return code=3
ipa : DEBUG stdout=failed

ipa : DEBUG stderr=
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl stop winbind.service
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl stop smb.service
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [2/22]: creating samba domain object
[2/22]: creating samba domain object
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4d5bd40>
ipa : DEBUG Samba domain object already exists
Samba domain object already exists
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [3/22]: creating samba config registry
[3/22]: creating samba config registry
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/bin/net conf import /tmp/tmpTiRBM4
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [4/22]: writing samba config file
[4/22]: writing samba config file
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [5/22]: adding cifs Kerberos principal
[5/22]: adding cifs Kerberos principal
ipa.ipaserver.plugins.service.service_add: DEBUG raw: service_add(u'cifs/***@MY.IPA.SUBDOMAIN', version=u'2.213')
ipa.ipaserver.plugins.service.service_add: DEBUG service_add(<ipapython.kerberos.Principal object at 0x4d63110>, force=False, all=False, raw=False, version=u'2.213', no_members=False)
ipa.ipaserver.plugins.host.host_show: DEBUG raw: host_show(u'hostname.MY.IPA.SUBDOMAIN', version=u'2.213')
ipa.ipaserver.plugins.host.host_show: DEBUG host_show(u'hostname.MY.IPA.SUBDOMAIN', rights=False, all=False, raw=False, version=u'2.213', no_members=False)
ipa : DEBUG found 1 A records for hostname.MY.IPA.SUBDOMAIN.: XX.XX.XX.XX
ipa : DEBUG The DNS response does not contain an answer to the question: hostname.MY.IPA.SUBDOMAIN. IN AAAA
ipa : DEBUG Starting external process
ipa : DEBUG args=ipa-rmkeytab --principal cifs/***@MY.IPA.SUBDOMAIN<mailto:cifs/***@MY.IPA.SUBDOMAIN> -k /etc/samba/samba.keytab
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=Removing principal cifs/***@MY.IPA.SUBDOMAIN<mailto:cifs/***@MY.IPA.SUBDOMAIN>

ipa : DEBUG Removing service credentials cache
ipa : DEBUG Ccache path: '/var/run/samba/krb5cc_samba'
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/bin/kdestroy -c /var/run/samba/krb5cc_samba
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args=ipa-getkeytab --server hostname.MY.IPA.SUBDOMAIN --principal cifs/***@MY.IPA.SUBDOMAIN<mailto:cifs/***@MY.IPA.SUBDOMAIN> -k /etc/samba/samba.keytab
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=Keytab successfully retrieved and stored in: /etc/samba/samba.keytab

ipa : DEBUG duration: 0 seconds
ipa : DEBUG [6/22]: adding cifs and host Kerberos principals to the adtrust agents group
[6/22]: adding cifs and host Kerberos principals to the adtrust agents group
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [7/22]: check for cifs services defined on other replicas
[7/22]: check for cifs services defined on other replicas
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [8/22]: adding cifs principal to S4U2Proxy targets
[8/22]: adding cifs principal to S4U2Proxy targets
ipa : DEBUG cifs principal already targeted, nothing to do.
cifs principal already targeted, nothing to do.
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [9/22]: adding admin(group) SIDs
[9/22]: adding admin(group) SIDs
ipa : DEBUG Admin SID already set, nothing to do
Admin SID already set, nothing to do
ipa : DEBUG Admin group SID already set, nothing to do
Admin group SID already set, nothing to do
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [10/22]: adding RID bases
[10/22]: adding RID bases
ipa : DEBUG RID bases already set, nothing to do
RID bases already set, nothing to do
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [11/22]: updating Kerberos config
[11/22]: updating Kerberos config
ipa : DEBUG 'dns_lookup_kdc' already set to 'true', nothing to do.
'dns_lookup_kdc' already set to 'true', nothing to do.
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [12/22]: activating CLDAP plugin
[12/22]: activating CLDAP plugin
ipa : DEBUG CLDAP plugin already configured, nothing to do
CLDAP plugin already configured, nothing to do
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [13/22]: activating sidgen task
[13/22]: activating sidgen task
ipa : DEBUG Sidgen task plugin already configured, nothing to do
Sidgen task plugin already configured, nothing to do
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [14/22]: configuring smbd to start on boot
[14/22]: configuring smbd to start on boot
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl is-enabled smb.service
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=disabled

ipa : DEBUG stderr=
ipa : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state'
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl disable smb.service
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG service ADTRUST startup entry already enabled
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl disable smb.service
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG service EXTID startup entry already enabled
ipa : DEBUG duration: 1 seconds
ipa : DEBUG [15/22]: adding special DNS service records
[15/22]: adding special DNS service records
ipa.ipaserver.plugins.dns.dns_is_enabled: DEBUG raw: dns_is_enabled(version=u'2.213')
ipa.ipaserver.plugins.dns.dns_is_enabled: DEBUG dns_is_enabled(version=u'2.213')
ipa.ipaserver.plugins.dns.dnszone_show: DEBUG raw: dnszone_show(u'MY.IPA.SUBDOMAIN', version=u'2.213')
ipa.ipaserver.plugins.dns.dnszone_show: DEBUG dnszone_show(<DNS name MY.IPA.SUBDOMAIN.>, rights=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dns_update_system_records: DEBUG raw: dns_update_system_records(version=u'2.213')
ipa.ipaserver.plugins.dns.dns_update_system_records: DEBUG dns_update_system_records(dry_run=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.server.server_find: DEBUG raw: server_find(None, version=u'2.213', no_members=False)
ipa.ipaserver.plugins.server.server_find: DEBUG server_find(None, all=False, raw=False, version=u'2.213', no_members=False, pkey_only=False)
ipa.ipaserver.plugins.topology.topologysuffix_find: DEBUG raw: topologysuffix_find(None, all=True, raw=True, version=u'2.213')
ipa.ipaserver.plugins.topology.topologysuffix_find: DEBUG topologysuffix_find(None, all=True, raw=True, version=u'2.213', pkey_only=False)
ipa.ipaserver.plugins.serverrole.server_role_find: DEBUG raw: server_role_find(None, server_server=u'hostname.MY.IPA.SUBDOMAIN', status=u'enabled', version=u'2.213')
ipa.ipaserver.plugins.serverrole.server_role_find: DEBUG server_role_find(None, server_server=u'hostname.MY.IPA.SUBDOMAIN', status=u'enabled', all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.serverrole.server_role_find: DEBUG raw: server_role_find(None, server_server=u'OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN', status=u'enabled', version=u'2.213')
ipa.ipaserver.plugins.serverrole.server_role_find: DEBUG server_role_find(None, server_server=u'OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN', status=u'enabled', all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnszone_show: DEBUG raw: dnszone_show(<DNS name MY.IPA.SUBDOMAIN.>, version=u'2.213')
ipa.ipaserver.plugins.dns.dnszone_show: DEBUG dnszone_show(<DNS name MY.IPA.SUBDOMAIN.>, rights=False, all=False, raw=False, version=u'2.213')
ipa : DEBUG found 1 1 records for hostname.MY.IPA.SUBDOMAIN.: XX.XX.XX.XX
ipa : DEBUG The DNS response does not contain an answer to the question: hostname.MY.IPA.SUBDOMAIN. IN AAAA
ipa : DEBUG found 1 1 records for OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.: YY.YY.YY.YY
ipa : DEBUG The DNS response does not contain an answer to the question: OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN. IN AAAA
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos.MY.IPA.SUBDOMAIN.>, txtrecord=[u'"MY.IPA.SUBDOMAIN"'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos.MY.IPA.SUBDOMAIN.>, txtrecord=(u'"MY.IPA.SUBDOMAIN"',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._tcp.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos._tcp.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._tcp.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos._tcp.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos-master._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos-master._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos-master._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos-master._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._udp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._udp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._udp.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos._udp.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._udp.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos._udp.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 389 hostname.MY.IPA.SUBDOMAIN.', u'0 100 389 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 389 hostname.MY.IPA.SUBDOMAIN.', u'0 100 389 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kpasswd._udp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 464 hostname.MY.IPA.SUBDOMAIN.', u'0 100 464 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kpasswd._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kpasswd._udp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 464 hostname.MY.IPA.SUBDOMAIN.', u'0 100 464 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kpasswd._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kpasswd._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 464 hostname.MY.IPA.SUBDOMAIN.', u'0 100 464 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kpasswd._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kpasswd._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 464 hostname.MY.IPA.SUBDOMAIN.', u'0 100 464 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kpasswd._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ntp._udp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 123 hostname.MY.IPA.SUBDOMAIN.', u'0 100 123 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_ntp._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ntp._udp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 123 hostname.MY.IPA.SUBDOMAIN.', u'0 100 123 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_ntp._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name ipa-ca.MY.IPA.SUBDOMAIN.>, arecord=[u'XX.XX.XX.XX', u'YY.YY.YY.YY'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name ipa-ca.MY.IPA.SUBDOMAIN.>, arecord=(u'XX.XX.XX.XX', u'YY.YY.YY.YY'), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ldap._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 389 hostname.MY.IPA.SUBDOMAIN.', u'0 100 389 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_ldap._tcp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ldap._tcp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 389 hostname.MY.IPA.SUBDOMAIN.', u'0 100 389 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_ldap._tcp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ldap._tcp.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 389 hostname.MY.IPA.SUBDOMAIN.', u'0 100 389 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_ldap._tcp.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _ldap._tcp.dc._msdcs.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 389 hostname.MY.IPA.SUBDOMAIN.', u'0 100 389 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_ldap._tcp.dc._msdcs.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG raw: dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos-master._udp.MY.IPA.SUBDOMAIN.>, srvrecord=[u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'], setattr=[u'idnsTemplateAttribute;cnamerecord=_kerberos-master._udp.\\{substitutionvariable_ipalocation\\}._locations'], addattr=[u'objectclass=idnsTemplateObject'], version=u'2.213')
ipa.ipaserver.plugins.dns.dnsrecord_mod: DEBUG dnsrecord_mod(<DNS name MY.IPA.SUBDOMAIN.>, <DNS name _kerberos-master._udp.MY.IPA.SUBDOMAIN.>, srvrecord=(u'0 100 88 hostname.MY.IPA.SUBDOMAIN.', u'0 100 88 OTHER_IDM_SERVER.MY.IPA.SUBDOMAIN.'), setattr=(u'idnsTemplateAttribute;cnamerecord=_kerberos-master._udp.\\{substitutionvariable_ipalocation\\}._locations',), addattr=(u'objectclass=idnsTemplateObject',), rights=False, structured=False, all=False, raw=False, version=u'2.213')
ipa.ipaserver.plugins.server.server_find: DEBUG raw: server_find(None, version=u'2.213', pkey_only=True)
ipa.ipaserver.plugins.server.server_find: DEBUG server_find(None, all=False, raw=False, version=u'2.213', no_members=True, pkey_only=True)
ipa.ipaserver.plugins.topology.topologysuffix_find: DEBUG raw: topologysuffix_find(None, all=True, raw=True, version=u'2.213')
ipa.ipaserver.plugins.topology.topologysuffix_find: DEBUG topologysuffix_find(None, all=True, raw=True, version=u'2.213', pkey_only=False)
ipa.ipaserver.plugins.location.location_find: DEBUG raw: location_find(None, version=u'2.213')
ipa.ipaserver.plugins.location.location_find: DEBUG location_find(None, all=False, raw=False, version=u'2.213', pkey_only=False)
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [16/22]: enabling trusted domains support for older clients via Schema Compatibility plugin
[16/22]: enabling trusted domains support for older clients via Schema Compatibility plugin
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [17/22]: restarting Directory Server to take MS PAC and LDAP plugins changes into account
[17/22]: restarting Directory Server to take MS PAC and LDAP plugins changes into account
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl restart ***@MY-IPA-SUBDOMAIN.service<mailto:***@MY-IPA-SUBDOMAIN.service>
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl is-active ***@MY-IPA-SUBDOMAIN.service<mailto:***@MY-IPA-SUBDOMAIN.service>
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=active

ipa : DEBUG stderr=
ipa : DEBUG wait_for_open_ports: localhost [389] timeout 300
ipa : DEBUG duration: 5 seconds
ipa : DEBUG [18/22]: adding fallback group
[18/22]: adding fallback group
ipa.ipapython.ipaldap.SchemaCache: DEBUG flushing ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket from SchemaCache
ipa.ipapython.ipaldap.SchemaCache: DEBUG retrieving schema for SchemaCache url=ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x4d5ce60>
ipa : DEBUG Fallback group already set, nothing to do
Fallback group already set, nothing to do
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [19/22]: adding Default Trust View
[19/22]: adding Default Trust View
ipa : DEBUG Default Trust View already exists.
Default Trust View already exists.
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [20/22]: setting SELinux booleans
[20/22]: setting SELinux booleans
ipa : DEBUG Starting external process
ipa : DEBUG args=/usr/sbin/selinuxenabled
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=
ipa : DEBUG duration: 0 seconds
ipa : DEBUG [21/22]: starting CIFS services
[21/22]: starting CIFS services
ipa : DEBUG Starting external process
ipa : DEBUG args=/bin/systemctl start smb.service
ipa : DEBUG Process finished, return code=1
ipa : DEBUG stdout=
ipa : DEBUG stderr=Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details.

ipa : CRITICAL CIFS services failed to start
ipa : DEBUG duration: 6 seconds
ipa : DEBUG [22/22]: restarting smbd
[22/22]: restarting smbd
ipa : DEBUG duration: 0 seconds
ipa : DEBUG Done configuring CIFS.
Done configuring CIFS.

...
ipa : DEBUG Starting external process
ipa : DEBUG args=kinit admin
ipa : DEBUG Process finished, return code=0
ipa : DEBUG stdout=Password for ***@MY.IPA.SUBDOMAIN<mailto:***@MY.IPA.SUBDOMAIN>:

ipa : DEBUG stderr=
ipa : INFO The ipa-adtrust-install command was successful

On the smb logs I can see:
...
[2017/04/10 16:27:58.896485, 11, pid=22584, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1067(smbldap_open)
smbldap_open: already connected to the LDAP server
[2017/04/10 16:27:58.898224, 0, pid=22584, effective(0, 0), real(0, 0)] ipa_sam.c:3688(ipasam_search_domain_info)
iapsam_search_domain_info: Got [2] domain info entries, but expected only 1. <***************************************************************
[2017/04/10 16:27:58.898278, 0, pid=22584, effective(0, 0), real(0, 0)] ipa_sam.c:4543(pdb_init_ipasam)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. <****************************************
[2017/04/10 16:27:58.898302, 0, pid=22584, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-MY-IPA-SUBDOMAIN.socket did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)

I have traced the ipa-adtrust-install and systemctl start smb, but I couldn't get the "domain info entries". Checking the LDAP directory I showed:
[***@HOSTNAME]# ldapsearch -w XXXXXXXX -h localhost -s sub -b 'dc=MY,dc=IPA,dc=SUBDOMAIN' -D "cn=Directory Manager" "objectclass=ipaNTDomainAttrs"
# extended LDIF
#
# LDAPv3
# base <dc=MY,dc=IPA,dc=SUBDOMAIN> with scope subtree
# filter: objectclass=ipaNTDomainAttrs
# requesting: ALL
#

# my.ipa.subdomain, ad + 773d9684-12f211e7-b1abe436-0243208c, etc, my.ipa.subdomain
dn: cn=my.ipa.subdomain,cn=ad+nsuniqueid=773d9684-12f211e7-b1abe436-0243208c,cn=etc,dc=MY,dc=IPA,dc=SUBDOMAIN
objectClass: nsContainer
objectClass: ipaNTDomainAttrs
objectClass: top
ipaNTSecurityIdentifier: S-1-5-21-3119812475-2647440479-1423840280
cn: my.ipa.subdomain
ipaNTDomainGUID: 449b23da-6e30-4fa9-9d34-3426bcec8d0f
ipaNTFlatName: IPA

# my.ipa.subdomain, ad, etc, my.ipa.subdomain
dn: cn=my.ipa.subdomain,cn=ad,cn=etc,dc=MY,dc=IPA,dc=SUBDOMAIN
ipaNTFallbackPrimaryGroup: cn=editors,cn=groups,cn=accounts,dc=MY,dc=IPA,dc=SUBDOMAIN
objectClass: nsContainer
objectClass: ipaNTDomainAttrs
objectClass: top
ipaNTSecurityIdentifier: S-1-5-21-1187620393-3629609531-1738010010
cn: my.ipa.subdomain
ipaNTDomainGUID: 09ec963b-ca7d-4a04-b533-7283d0fac036
ipaNTFlatName: IPA

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

But not sure if those are the 2 "Domains info entries".

Can you please let me know how to fix this problem?

################ The environment: #####################
Red Hat Enterprise Linux Server release 7.3 (Maipo)

SELinux status: disabled

Domain level 1

ipa-admintools-4.4.0-14.el7_3.6.noarch
ipa-client-4.4.0-14.el7_3.6.x86_64
ipa-client-common-4.4.0-14.el7_3.6.noarch
ipa-common-4.4.0-14.el7_3.6.noarch
ipa-debuginfo-4.4.0-14.el7_3.6.x86_64
ipa-python-compat-4.4.0-14.el7_3.6.noarch
ipa-server-4.4.0-14.el7_3.6.x86_64
ipa-server-common-4.4.0-14.el7_3.6.noarch
ipa-server-dns-4.4.0-14.el7_3.6.noarch
ipa-server-trust-ad-4.4.0-14.el7_3.6.x86_64
libipa_hbac-1.14.0-43.el7_3.11.x86_64
python2-ipaclient-4.4.0-14.el7_3.6.noarch
python2-ipalib-4.4.0-14.el7_3.6.noarch
python2-ipaserver-4.4.0-14.el7_3.6.noarch
python-iniparse-0.4-9.el7.noarch
python-ipaddress-1.0.16-2.el7.noarch
python-libipa_hbac-1.14.0-43.el7_3.11.x86_64
sssd-ipa-1.14.0-43.el7_3.11.x86_64

samba-winbind-modules-4.4.4-12.el7_3.x86_64
samba-client-4.4.4-12.el7_3.x86_64
samba-winbind-clients-4.4.4-12.el7_3.x86_64
samba-libs-4.4.4-12.el7_3.x86_64
samba-common-tools-4.4.4-12.el7_3.x86_64
samba-debuginfo-4.4.4-12.el7_3.x86_64
samba-common-4.4.4-12.el7_3.noarch
samba-common-libs-4.4.4-12.el7_3.x86_64
samba-4.4.4-12.el7_3.x86_64
samba-winbind-4.4.4-12.el7_3.x86_64
samba-python-4.4.4-12.el7_3.x86_64
samba-client-libs-4.4.4-12.el7_3.x86_64

Thank you very much.
______________________________
Miguel Soler Sangüesa
Consultant - Linux Administrator