I’m glad this article is of some use to you.
Which version of FreeIPA are you running?
First thing I would do is to check 389 Directory Server error logs.
FreeIPA uses 389 Directory Server as an LDAP-backend.
Usually, these logs are located here:
Also, you can use an LDAP browser, to check the user accounts, which are having issues with ipaNTHash.