[Samba] Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Rowland Penny
rpenny at samba.org
Mon Jul 23 08:53:31 UTC 2018
On Mon, 23 Jul 2018 09:28:37 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai,
>
> I've reading this thread more closely.
>
> I suggest you try the followoing.
>
> Check the servers hardware clock in the bios first.
An rpi doesn't have a bios ;-)
> Set these within 5 min, if they are not about the same.
>
> Run : dpkg-reconfigure tzdata
> Check/set the correct timezones on both servers, and both servers
> should show you the same date/time and (optional) zone.
>
> Run : ntpq -p
> Check the offset on both servers.
>
> Add : winbind refresh tickets = yes to you smb.conf
>
> If these are member servers, make sure you have only the server lines
> pointed to you AD DC's. If these are DC's, them make sure the both
> point to the same ntp servers. Dont use pool servers for the AD DC's,
> but thats my advice.
They are both DC's and I use pool servers without any problems, of
course YMMV.
>
> Reboot the servers, first DC with FSMO, if there are DC's involved.
> This wil clear kerberos cache tickets and should make sure the time
> is really set ok.
Worth trying
Rowland
More information about the samba
mailing list