[Samba] can't access Samba share when clocks skew is too great
Aaron Kincer
kincera at gmail.com
Fri Sep 22 13:45:58 GMT 2006
It is pretty standard behavior for encrypted authentication schemes to
reject authentication requests when the time deviation between the
client and server are too far apart. This is by design. It is basically
a timeout from Active Directory's perspective. You can use Active
Directory GPOs to configure clients to use NTP and you can also
configure NTP on your Samba server (use cron to sync time hourly if you
must). This should fix your authentication issue. If you need help with
GPOs or configuring NTP on your Samba server, let me know.
Bruno Rodrigues Neves wrote:
> Hi Leonid,
>
> I don´t know the cause of this problem, but if you try add into your
> netlogon script a line such as a "set time" in order to set the clock
> to the same from the server?
>
> Regards!
>
> --
> Bruno
>
>
> On 9/22/06, Leonid Zeitlin <lz at csltd.com.ua> wrote:
>> Hi all,
>> I have a Samba 3.0.23c server joined to an Windows 2003 AD domain. Users
>> access it from Windows workstations (XP, 2000). The problem is that if a
>> workstation has its time off by more than 5 minutes, Samba server
>> cannot be
>> accessed. I understand that Kerberos cannot authenticate the clients
>> due to
>> clock skew; however, I thought that in such case Samba could falls
>> back to
>> NTLM auth. At least, the workstations with the wrong clock can access
>> Windows file servers, but not Samba. Is Samba's behavior in this case
>> intentional? Is this supposed to work? How can I help or debug this
>> situation? Any help is appreciated.
>>
>> Thanks,
>> Leonid
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
More information about the samba
mailing list