Hello,

I am using a 3000 VPN concentrator and trying to use kerberos to
authenticate. I am getting an error:

Authentication Rejected: Clock skew too great (synch to KDC)

The VPN concentrator NTP is set to the KDC and both times are the same
within a second or so.

Kerberos on the KDC (a windows 2000 server) is default setup, and I
have not done anything server side (havent added the concentrator to AD
as a computer for example)

I know it is a valid user and password, or else I get a different
error.

I dont know if any of this is useful unencrypted, but this is what a
network capture sees:

Client to KDC

........#...E..˄?...q|.d
.........X..j0........0....@...0. .....0...username...DOMAIN.COM.0. .....0...krbtgt..DOMAIN.COM...19700101000000Z.. .E.0.......................0.0. ........d
..

KDC to client

...P.`.......E..I..........d..X...Ȃ~0.. ..........20070104035844Z.............DOMAIN. COM.0. .....0...krbtgt..DOMAIN.COMr.p0n0V....O.M0K0. .......0. ........DOMAIN.COMusername0. .......DOMAIN.COMusername0........0.........



Client to KDC

........#...E...)...KF.d
.........X..j0........J0H0F....?.=0; .....4.2w4JI!9|rL.Lad.~(XW6<7H./6Y.0 ....@...0. .....0...username...DOMAIN.COM.0. .....0...krbtgt..DOMAIN.COM...19700101000000Z.. .E.0....

KDC to client

...#........E..xI..........d..X...d.~Z0X ............20070104035844Z....[...%...DOMAIN.COM.0. .....0...krbtgt..DOMAIN.COM



Does anyone know what I should check or do?

Thanks.