Need help with Samba and SSSD on Ubuntu 22

I am trying to setup an Ubuntu 22 server as a samba server for Active Directory users. I had previously tried using winbind to join the machine and handle authentication but it was having issues converting SID's to UIDs and it was heavily recommended I try using SSSD instead. So I switched over to SSSD but that has not solved my issue.

I've joined the server to the domain and configured samba but I am having authentication issues. When I try to browse to the samba share from a windows machine I am prompted for credentials but it won't accept them. When I check the samba log for the client I see this:

[2024/02/22 16:30:13.503004,  1] ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_step)  gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE[2024/02/22 16:30:28.435719,  1] ../../source3/librpc/crypto/gse_krb5.c:180(fill_mem_keytab_from_secrets)  fill_mem_keytab_from_secrets: secrets_fetch_or_upgrade_domain_info(WORKGROUP) - NT_STATUS_CANT_ACCESS_DOMAIN_INFO[2024/02/22 16:30:28.436458,  1] ../../source3/librpc/crypto/gse_krb5.c:180(fill_mem_keytab_from_secrets)  fill_mem_keytab_from_secrets: secrets_fetch_or_upgrade_domain_info(WORKGROUP) - NT_STATUS_CANT_ACCESS_DOMAIN_INFO[2024/02/22 16:30:28.440435,  1] ../../source3/librpc/crypto/gse_krb5.c:180(fill_mem_keytab_from_secrets)  fill_mem_keytab_from_secrets: secrets_fetch_or_upgrade_domain_info(WORKGROUP) - NT_STATUS_CANT_ACCESS_DOMAIN_INFO[2024/02/22 16:30:28.440800,  1] ../../source3/librpc/crypto/gse.c:665(gse_get_server_auth_token)  gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/marchive01@domain.local(kvno 4) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)]

Seems to be some kind of Kerberos issue so I checked the keytab file using klist and this is what I'm seeing there:

KVNO Timestamp           Principal---- ------------------- ------------------------------------------------------   4 02/22/2024 15:33:47 MARCHIVE01$@domain.local   4 02/22/2024 15:33:47 MARCHIVE01$@domain.local   4 02/22/2024 15:33:47 MARCHIVE01$@domain.local   4 02/22/2024 15:33:47 host/MARCHIVE01@domain.local   4 02/22/2024 15:33:47 host/MARCHIVE01@domain.local   4 02/22/2024 15:33:47 host/MARCHIVE01@domain.local   4 02/22/2024 15:33:47 host/marchive01.domain.local@domain.local   4 02/22/2024 15:33:47 host/marchive01.domain.local@domain.local   4 02/22/2024 15:33:47 host/marchive01.domain.local@domain.local   4 02/22/2024 15:33:47 RestrictedKrbHost/MARCHIVE01@domain.local   4 02/22/2024 15:33:47 RestrictedKrbHost/MARCHIVE01@domain.local   4 02/22/2024 15:33:47 RestrictedKrbHost/MARCHIVE01@domain.local   4 02/22/2024 15:33:47 RestrictedKrbHost/marchive01.domain.local@domain.local   4 02/22/2024 15:33:47 RestrictedKrbHost/marchive01.domain.local@domain.local   4 02/22/2024 15:33:47 RestrictedKrbHost/marchive01.domain.local@domain.local

I then checked the log.wb-MARCHIVE01 logfile and saw this:

[2024/02/22 15:40:52.643687,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC[2024/02/22 15:46:15.363170,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC[2024/02/22 15:53:31.763894,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC[2024/02/22 15:53:35.162485,  0] ../../source3/winbindd/winbindd.c:247(winbindd_sig_term_handler)  Got sig[15] terminate (is_parent=0)[2024/02/22 16:01:05.131783,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC[2024/02/22 16:01:08.582484,  0] ../../source3/winbindd/winbindd.c:247(winbindd_sig_term_handler)  Got sig[15] terminate (is_parent=0)[2024/02/22 16:09:21.122803,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC[2024/02/22 16:09:25.012645,  0] ../../source3/winbindd/winbindd.c:247(winbindd_sig_term_handler)  Got sig[15] terminate (is_parent=0)[2024/02/22 16:16:04.787696,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC[2024/02/22 16:17:17.298167,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC[2024/02/22 16:22:49.932532,  0] ../../source3/winbindd/winbindd.c:247(winbindd_sig_term_handler)  Got sig[15] terminate (is_parent=0)[2024/02/22 16:23:17.141304,  1] ../../source3/passdb/passdb.c:2614(pdb_get_trust_credentials)  Refusing to get trust account info for MARCHIVE01, which is not our primary domain WORKGROUP, as we are not a DC

Nothing else has jumped out to me and I'm not sure what else to try. I'm hoping someone can point me in the correct direction because I'm starting to pull my hair out over this.