[2017-11-07 14:50] Alexander Bokovoy via FreeIPA-users:
If they all have the same hostname, you are better to enroll and
keytab across all configurations. To do so, enroll first time and then
specify /etc/krb5.keytab from that installation with ipa-client-install
-k option. See ipa-client-install man page for more details.
Thanks for the advice. Would the kerberos keytab and the SSH host keys
be the only possible/likely causes for problems?
Please note that I run FreeIPA with external nameservers, on which I
added the necessary DNS entries for the FreeIPA servers manually. The
FreeIPA client machines only have their respective A/AAAA records (and
the corresponding reverse DNS records, of course).