Hello,

I am using a 3000 VPN concentrator and trying to use kerberos to
authenticate. I am getting an error:

Authentication Rejected: Clock skew too great (synch to KDC)

The VPN concentrator NTP is set to the KDC and both times are the same
within a second or so.

Kerberos on the KDC (a windows 2000 server) is default setup, and I
have not done anything server side (havent added the concentrator to AD
as a computer for example)

I know it is a valid user and password, or else I get a different
error.

I dont know if any of this is useful unencrypted, but this is what a
network capture sees:

Client to KDC

......¾..#.èŒ..E..Ë„?...q|.d
.........X.·.Çj�¬0�©¡....¢....¤�œ0�™....@€..¡.0. ....¡.0...username¢...DOMAIN.COM£.0. ....¡.0...krbtgt..DOMAIN.COM¥...19700101000000Z§.. .EœŠ»¨.0......................©.0.0. ....¡....d
..

KDC to client

...P.`§.....¾..E..îIâ..€........d..X...ÚÈ‚~�Ï0�Ì.. ...¡....¤...20070104035844Z¥......¦....©...DOMAIN. COMª.0. ....¡.0...krbtgt..DOMAIN.COM¬r.p0n0V¡....¢O.M0K0. ....¡...0. ....¡....DOMAIN.COMusername0. ....¡...DOMAIN.COMusername0.¡....¢...0.¡.....¢...



Client to KDC

......¾..#.èŒ..E...ª)...KF.d
.........X..ç¶j�ø0�õ¡....¢....£J0H0F¡....¢?.=0; .....¢4.2wâþ•4Jõ£I!›è9‘|±�rL×.þÞLaÅdí.~†ÆÕ(XWõé6<7H./6ÓY¨.¤�œ0�™ ....@€..¡.0. ....¡.0...username¢...DOMAIN.COM£.0. ....¡.0...krbtgt..DOMAIN.COM¥...19700101000000Z§.. .EœŠ¼¨.0....

KDC to client

...#.èŒ.....¾..E..xIó..€........d..X...d.Ž~Z0X ....¡....¤....20070104035844Z¥....°[¦...%©...DOMAIN.COMª.0. ....¡.0...krbtgt..DOMAIN.COM



Does anyone know what I should check or do?

Thanks.