kerberos and samba
Danny Mayer
mayer at ntp.isc.org
Tue Mar 13 22:00:42 EDT 2007
Campbell, Dave L (N-Computer Sciences) wrote:
> We recently did some security testing on our Domain Controller (DC)
> which involved setting the clock ahead 13 months and then back. After
> doing this our samba servers, Sun systems, could no longer authenticate
> via the DC for share access. We've since rebooted the DC, restarted the
> samba process on the unix systems but still no luck. We attempted to
> remove and re-add the unix systems to the DC but get this error during
> kinit; "Clock skew too great..." The clock skew between all systems is
> <5 sec and the Kerberos security policy is default (5 min).
>
Are you running NTP on all your systems? If not why not? Did you start
ntpd with the -g option?
Danny
>
>
> Any ideas what would be causing this? A cached, timestamped file or
> entry in a file associated with the client system?
>
>
>
> Regards,
>
> Dave L. Campbell
>
> Lockheed Martin
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list