This topic has probably been asked to death, but for the life of me, I cannot figure out what piece I'm missing.

replacing my actual domain name with the word domain

I can use kinit to connect to my AD and the smbclient can see shares on an AD Windows server. However, from a Win11 machine, I cannot see the shares on the rhel9 server. I've tried logging in as DOMAIN\user, user@domain.local, and user@DOMAIN.LOCAL.

beyond lots of Google searches I've gone through the RedHat articles:

https://access.redhat.com/solutions/38023213

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-samba-winbind_integrating-rhel-systems-directly-with-active-directory#proc_joining-samba-to-a-domain_connecting-rhel-systems-directly-to-ad-using-samba-winbind

I've followed this SAMBA setup:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

I have given folder rights for groups to the AD "Domain Users"

output of ls -l
drwxrwxrwx 3 root domain users@domain.local 21 Sep 19 12:09 /acct

Here is my smb.conf file:

======================= Global Settings =====================================

[global]
realm = DOMAIN.LOCAL
workgroup = DOMAIN
netbios name = rhel9-server
security = ads
kerberos method = secrets and keytab
idmap config * : backend = tdb
idmap config * : range = 10000-199999
idmap config DOMAIN : backend = sss
idmap config DOMAIN : range = 200000-2147483647
load printers = no
disable spoolss = yes
machine password timeout = 0

============================ Share Definitions ==============================

[acct]
comment = Accounting
writeable = yes
valid users = acct, +"DOMAIN\Domain Users"
write list = acct, +"DOMAIN\Domain Users"
path = /program/acct