HPE Community
Operating System - HP-UX
1820595 Members
1350 Online
109626 Solutions
New Discussion

Kerberos with NTP: Clock Skew Errors

 
Ian Foster_2
Frequent Advisor

‎11-28-2005 02:23 AM

‎11-28-2005 02:23 AM

Kerberos with NTP: Clock Skew Errors

I am testing a new version of Samba (3.0.1) with MIT Kerberos and ADS. Problem is when trying to join the Samba server to the domain (ADS realm) I keep getting Kerberos errors for Clock Skew.

All the forums I have read point to this being a problem caused by a skew of 5 mins + or a difference in timezone locales between the Samba server and the Windows KDC.

My problem is I have now set them up to synch via NTP and the system times are within milliseconds (both servers GMT). Still getting the clock skew error. Anybody else been down this road and come across this problem ?
0 Kudos
Reply
1 REPLY 1
Kiran Kumar M
Advisor

‎11-28-2005 02:34 AM

‎11-28-2005 02:34 AM

Re: Kerberos with NTP: Clock Skew Errors

As you've rightly said clock skew for Kerberos needs to be within 5 minutes. To help see if we can troubleshoot this further, try to run the sample kerberos/client server application on the system. If you are using HP-UX 11i, you can try running the sample application available at /usr/contrib/krb5/sample/. You can probably change the sample application to change the service name in sample.h to "host" instead of "sample". Lets see how this goes from here.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.