[Samba] Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Roy Eastwood
spindles7 at gmail.com
Sat Jul 21 15:40:58 UTC 2018
Thanks for that.
> > > Remove the following lines, they shouldn't be in a DC
> > > From here:
> > >> wins support = no
> > >> local master = yes
> > >> domain master = yes
> > >> preferred master = yes
> > > To here.
> > >
> > > If you have chrony (or ntp) running, then you don't need another
> > > time server (I take it 'systemd-timesyncd' is a time server,
> > > wouldn't know, I do not use systemd)
> > >
> >
> > The service 'systemd-timesyncd' is a time client and not a time
> > server.
> >
> > https://www.freedesktop.org/software/systemd/man/systemd-
> timesyncd.service.html
> >
>
> This quote from the above link "The systemd-timesyncd service
> specifically implements only SNTP", means it isn't any good for a DC.
>
> Rowland
Ok, have edited the smb.conf and removed the fake-hwclock and disabled the systemd-timesyncd service (as I assume chrony will set the DC's clock as well as providing the time server for domain computers?) but the problem remains. When I log in (via ssh) I get the above message (as in the subject) and the following is logged in the log.wb-MICROLYNX file:
[2018/07/21 16:37:52.194656, 1] ../source3/libads/authdata.c:175(kerberos_return_pac)
kinit failed for 'roy at MICROLYNX.ORG' with: Clock skew too great (-1765328347)
Yet the system time is correct. Where is it getting time from?
Roy
More information about the samba
mailing list