Comment 2 for bug 1552249

Let me comment as FreeIPA and Samba upstream developer.

Ubuntu's Samba build is done with Heimdal and you cannot build ipasam.so against Heimdal, only MIT Kerberos. So you cannot use Ubuntu-provided Samba build this way even if you'd recompile FreeIPA with patches we have upstream to deal with libpdb -> libsamba-pdb library name change.

So until Samba in Debian and Ubuntu is built against Heimdal Kerberos (this is due to Debian/Ubuntu packaging Samba AD, not just Samba) it is unlikely to have FreeIPA trust to AD working in Ubuntu. We are fairly close with completing port of Samba AD to MIT Kerberos upstream, this should happen in Samba 4.5-4.6 timeframe. Once that is done, we can expect FreeIPA with trust to AD working on Debian-based platforms as well.