If you ever plan to setup a clustered samba fileserver within a windows active directory infastructure you'll need the following things.
The problem in a clustered samba environment is, that the clients always wants to connect their network share with the same hostname/machine account.
It would be possible to just use the cluster ip instead of a new machine account, but then your users/clients will always get that popup within their office programs, that this isn't a trusted location.
To get rid of that annoying problem you have to create a new machine account and merge that keytab into your existing one on your samba servers.
Create a new machine account in your active directory
Change the password of your machine account via netdom or use the default one. When you create a computer account, the initial password is always "<computername>$".
Create a keytab file. Enter this command on your active directory server (this is just an example, so please change the hostname and domain first):
ktpass -princ host/hostname.local.lan@LOCAL.LAN -pass computername$ -out C:\computername.keytab -mapOp set -crypto RC4-HMAC-NT -p type KRB5_NT_PRINCIPAL
Copy the keypass to your samba servers.
Use ktuil on your samba servers to merge your existing and the new keytab together:
ktutil: ktutil: read_kt keytab-number1 ktutil: read_kt keytab-number2 ktutil: write_kt krb5.keytab ktutil: quit
Verfiy the merge:
klist -k krb5.keytab
Thats it. Now you can use \hostnamesharename on your windows clients to connect to your share and there shouldn't be a trust issue anymore.