I am not a systems person, please forgive my lack of knowledge.
I have set up FreeIPA 4.5 on Centos 7. I was able to successfully manage user login to a test server (Fedora 27). So, FreeIPA is "working" (in that capacity anyway).
I am trying to use FreeIPA to manage access rights for a Samba server (again, Fedora 27), in a test environment for now. I am following instructions on the FreeIPA site.
So far I have added the service to the ipa server via ipa service-add cifs/sambatest.my.realm (with my working domain). However, I had to use --force because DNS failed (I know this is possibly related, I could not get past this issue either).
When I try to ipa-getkeytab -s ipaserver.my.realm -p cifs/sambatest.my.realm -k /etc/samba/samba.keytab on the Samba server, I get Failed to add key to the keytab
Can anyone give me some guidance? Please let me know of any other info I can provide.
We had to add a record for the domain to our router, which acts as a DNS server for our LAN. So, locally the domain resolves to the IP of the FreeIPA server.
After the above DNS correction I was able to successfully add the Kerberos key to the Samba server.