Hi list,
A bit of a longshot: We have a Dell/EMC Isilon cluster, which we use for NAS. I am
considering to set up Kerberos authentication for NFSv4, but I'm not able to create
the Service Principal Names (SPNs). I believe kadmin is not supported by the FreeIPA
servers, but wonder if there are any work-arounds.
I can configure the KDCs, domain and realm successfully in the Isilon UI. The UI then asks
for a username and password, and which SPNs to "Add". When I use the admin user,
this fails right away (with an error "Failed to join realm:
LW_ERROR_KADM5_AUTH_ADD"). It doesn't matter if I create the service principal in
the FreeIPA system first, I get the same error. The UI doesn't have an option to take
a keytab, just a username and password.
I'm curious if anyone has been able to work with systems which insist on using the
kadmin protocol.
(LDAP is working perfectly)
Thanks,
Marius
Show replies by date