[Samba] Samba kerberos more time sensitive that Windows?
Jeremy Allison
jra at samba.org
Mon Mar 12 22:54:02 GMT 2007
On Tue, Mar 13, 2007 at 11:50:14AM +1300, Jason Haar wrote:
> Hi there
>
> We just had a problem where a user couldn't connect to a Samba server
> that is a full ADS member. The same user could successfully connect to
> Windows2K3 servers.
>
> The problem was obvious - their clock was 5 hours out, and Samba
> rejected their connections with a "Failed to verify incoming ticket".
> Correcting the time fixed the fault. However, it remains that Samba
> rejected them when Windows servers didn't.
>
> Is that an option that can be enabled? Anything that makes Samba look
> more like Windows is a Good Thing (even if it violates the entire point
> of Kerberos! ;-)
We need to know what the Windows server did in this case ?
Did it give an error message that caused the client to
fall back to an NTLM auth ? A capture trace would help
here....
Jeremy.
More information about the samba
mailing list