kerberos and samba - Kerberos

This is a discussion on kerberos and samba - Kerberos ; We recently did some security testing on our Domain Controller (DC) which involved setting the clock ahead 13 months and then back. After doing this our samba servers, Sun systems, could no longer authenticate via the DC for share access. ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: kerberos and samba

  1. kerberos and samba

    We recently did some security testing on our Domain Controller (DC)
    which involved setting the clock ahead 13 months and then back. After
    doing this our samba servers, Sun systems, could no longer authenticate
    via the DC for share access. We've since rebooted the DC, restarted the
    samba process on the unix systems but still no luck. We attempted to
    remove and re-add the unix systems to the DC but get this error during
    kinit; "Clock skew too great..." The clock skew between all systems is
    <5 sec and the Kerberos security policy is default (5 min).



    Any ideas what would be causing this? A cached, timestamped file or
    entry in a file associated with the client system?



    Regards,

    Dave L. Campbell

    Lockheed Martin



    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: kerberos and samba

    Campbell, Dave L (N-Computer Sciences) wrote:
    > We recently did some security testing on our Domain Controller (DC)
    > which involved setting the clock ahead 13 months and then back. After
    > doing this our samba servers, Sun systems, could no longer authenticate
    > via the DC for share access. We've since rebooted the DC, restarted the
    > samba process on the unix systems but still no luck. We attempted to
    > remove and re-add the unix systems to the DC but get this error during
    > kinit; "Clock skew too great..." The clock skew between all systems is
    > <5 sec and the Kerberos security policy is default (5 min).
    >


    Are you running NTP on all your systems? If not why not? Did you start
    ntpd with the -g option?

    Danny
    >
    >
    > Any ideas what would be causing this? A cached, timestamped file or
    > entry in a file associated with the client system?
    >
    >
    >
    > Regards,
    >
    > Dave L. Campbell
    >
    > Lockheed Martin
    >
    >
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >


    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread