kerberos and samba

Danny Mayer mayer at ntp.isc.org
Tue Mar 13 22:00:42 EDT 2007


Campbell, Dave L (N-Computer Sciences) wrote:
> We recently did some security testing on our Domain Controller (DC)
> which involved setting the clock ahead 13 months and then back.  After
> doing this our samba servers, Sun systems, could no longer authenticate
> via the DC for share access.  We've since rebooted the DC, restarted the
> samba process on the unix systems but still no luck.  We attempted to
> remove and re-add the unix systems to the DC but get this error during
> kinit; "Clock skew too great..."  The clock skew between all systems is
> <5 sec and the Kerberos security policy is default (5 min).
> 

Are you running NTP on all your systems? If not why not? Did you start
ntpd with the -g option?

Danny
>  
> 
> Any ideas what would be causing this?  A cached, timestamped file or
> entry in a file associated with the client system?
> 
>  
> 
> Regards,
> 
> Dave L. Campbell
> 
> Lockheed Martin
> 
>  
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 




More information about the Kerberos mailing list