kerberos and samba

Campbell, Dave L (N-Computer Sciences) dave.l.campbell at lmco.com
Tue Mar 13 16:24:43 EDT 2007


We recently did some security testing on our Domain Controller (DC)
which involved setting the clock ahead 13 months and then back.  After
doing this our samba servers, Sun systems, could no longer authenticate
via the DC for share access.  We've since rebooted the DC, restarted the
samba process on the unix systems but still no luck.  We attempted to
remove and re-add the unix systems to the DC but get this error during
kinit; "Clock skew too great..."  The clock skew between all systems is
<5 sec and the Kerberos security policy is default (5 min).

 

Any ideas what would be causing this?  A cached, timestamped file or
entry in a file associated with the client system?

 

Regards,

Dave L. Campbell

Lockheed Martin

 




More information about the Kerberos mailing list