[Samba] Failed to establish your Kerberos Ticket cache due time differences with the domain controller
Roy Eastwood
spindles7 at gmail.com
Mon Jul 23 22:53:32 UTC 2018
> > As roy (after logging in and getting the message:
> > Failed to establish your Kerberos Ticket cache due time differences
> > with the domain controller. Please verify the system time.
>
> OK, I know where the message is coming from ;-)
>
> samba-master/nsswitch/pam_winbind.c
>
> line 1441
>
> static void _pam_warn_krb5_failure(struct pwb_context *ctx,
> const char *username,
> uint32_t info3_user_flgs)
> {
> if (PAM_WB_KRB5_CLOCK_SKEW(info3_user_flgs)) {
> _make_remark(ctx, PAM_ERROR_MSG,
> _("Failed to establish your Kerberos Ticket cache "
> "due time differences\n"
> "with the domain controller. "
> "Please verify the system time.\n"));
> _pam_log_debug(ctx, LOG_DEBUG,
> "User %s: Clock skew when getting Krb5 TGT\n",
> username);
> }
> }
>
> So it looks like you must have some difference in time between the two
> DC's
> Try installing ntpdate on each DC and then run on each DC:
>
> ntpdate -d -u 'FQDN of other DC'
>
> You should get a very low 'offset', it is in seconds
>
> Rowland
Ok, done that and the result on pi-dc:
root at pi-dc:~# ntpdate -d -u debian-vb.microlynx.org
23 Jul 23:48:59 ntpdate[1876]: ntpdate 4.2.8p10 at 1.3728-o Sat Mar 10 18:03:47 UTC
2018 (1)
transmit(192.168.2.6)
receive(192.168.2.6)
transmit(192.168.2.6)
receive(192.168.2.6)
transmit(192.168.2.6)
receive(192.168.2.6)
transmit(192.168.2.6)
receive(192.168.2.6)
server 192.168.2.6, port 123
stratum 2, precision -25, leap 00, trust 000
refid [192.168.2.6], delay 0.02611, dispersion 0.00000
transmitted 4, in filter 4
reference time: df00d7bd.5789fa50 Mon, Jul 23 2018 23:39:57.341
originate timestamp: df00d9e1.2f172491 Mon, Jul 23 2018 23:49:05.183
transmit timestamp: df00d9e1.2f162fa4 Mon, Jul 23 2018 23:49:05.183
filter delay: 0.02623 0.02611 0.02614 0.02621
0.00000 0.00000 0.00000 0.00000
filter offset: -0.00029 -0.00034 -0.00034 -0.00033
0.000000 0.000000 0.000000 0.000000
delay 0.02611, dispersion 0.00000
offset -0.000345
23 Jul 23:49:05 ntpdate[1876]: adjust time server 192.168.2.6 offset -0.000345
sec
Result the other way:
root at debian-vb:~# ntpdate -d -u pi-dc.microlynx.org
23 Jul 23:51:11 ntpdate[18082]: ntpdate 4.2.8p10 at 1.3728-o Sun Feb 25 21:22:56
UTC 2018 (1)
transmit(192.168.2.4)
receive(192.168.2.4)
transmit(192.168.2.4)
receive(192.168.2.4)
transmit(192.168.2.4)
receive(192.168.2.4)
transmit(192.168.2.4)
receive(192.168.2.4)
server 192.168.2.4, port 123
stratum 2, precision -22, leap 00, trust 000
refid [192.168.2.4], delay 0.02605, dispersion 0.00002
transmitted 4, in filter 4
reference time: df00d7ae.eb5aa9d1 Mon, Jul 23 2018 23:39:42.919
originate timestamp: df00da65.41ba9acc Mon, Jul 23 2018 23:51:17.256
transmit timestamp: df00da65.417e786b Mon, Jul 23 2018 23:51:17.255
filter delay: 0.02612 0.02605 0.02606 0.02606
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000586 0.000634 0.000598 0.000606
0.000000 0.000000 0.000000 0.000000
delay 0.02605, dispersion 0.00002
offset 0.000634
23 Jul 23:51:17 ntpdate[18082]: adjust time server 192.168.2.4 offset 0.000634
sec
I would say the clocks are pretty much the same :-)
Thanks for all your help.
Roy
More information about the samba
mailing list