[Samba] Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Rowland Penny
rpenny at samba.org
Sat Jul 21 15:52:34 UTC 2018
On Sat, 21 Jul 2018 16:40:58 +0100
Roy Eastwood via samba <samba at lists.samba.org> wrote:
> Thanks for that.
>
> > > > Remove the following lines, they shouldn't be in a DC
> > > > From here:
> > > >> wins support = no
> > > >> local master = yes
> > > >> domain master = yes
> > > >> preferred master = yes
> > > > To here.
> > > >
> > > > If you have chrony (or ntp) running, then you don't need another
> > > > time server (I take it 'systemd-timesyncd' is a time server,
> > > > wouldn't know, I do not use systemd)
> > > >
> > >
> > > The service 'systemd-timesyncd' is a time client and not a time
> > > server.
> > >
> > > https://www.freedesktop.org/software/systemd/man/systemd-
> > timesyncd.service.html
> > >
> >
> > This quote from the above link "The systemd-timesyncd service
> > specifically implements only SNTP", means it isn't any good for a
> > DC.
> >
> > Rowland
>
> Ok, have edited the smb.conf and removed the fake-hwclock and
> disabled the systemd-timesyncd service (as I assume chrony will set
> the DC's clock as well as providing the time server for domain
> computers?) but the problem remains. When I log in (via ssh) I
> get the above message (as in the subject) and the following is logged
> in the log.wb-MICROLYNX file:
>
> [2018/07/21 16:37:52.194656,
> 1] ../source3/libads/authdata.c:175(kerberos_return_pac) kinit failed
> for 'roy at MICROLYNX.ORG' with: Clock skew too great (-1765328347)
>
> Yet the system time is correct. Where is it getting time from?
>
> Roy
>
>
Strange, you say the time is okay, but the error says it isn't.
Try this, open a terminal on both DC's, run 'date' and 'samba-tool
time' on both. The results should be virtually the same.
e.g.
root at dc4:~# samba-tool time
Sat Jul 21 16:47:43 2018 BST
root at dc4:~# date
Sat 21 Jul 16:47:46 BST 2018
Rowland
More information about the samba
mailing list