Clock skew and net ads join problem

Sahibzada Junaid Noor sjunaidn at yahoo.com
Mon May 17 12:43:32 GMT 2004 

HI,

   when i try to execute the kinit command on my Red
hat 9 system with samba 3 i get the following error

 [root at niit125 root]# kinit junaid at NIIT.EDU.PK
 Password for junaid at NIIT.EDU.PK:
 kinit(v5): Clock skew too great while getting initial
   credentials

so how do i solve the clock skew problem cause i have
checked the time on both of them it is the same. 

the net ads join command doesnt give any error but i
still see nothing in the active directory computers
list

also should the smbd, nmbd and winbind be running when
i am running the commands 
     kinit 
      and 
  net ads join?

here is the global section of my smb.conf

workgroup = MYGROUP
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/smbd.log
max log size = 50
realm = NIIT.EDU.PK
security = ADS
password server = 10.10.11.1(IP of the machine running
Active directory)
encrypt passwords = yes
dns proxy = no

And here is my krb5.conf. 

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
  
 
[libdefaults]
 ticket_lifetime = 24000
 default_realm = NIIT.EDU.PK
 dns_lookup_realm = false
 dns_lookup_kdc = false
 forwardable = true
 default_tkt_enctypes = des-cbc-crc
 default_tgs_enctypes = des-cbc-crc
 
[realms]
 NIIT.EDU.PK = {
  kdc = mnsvr.niit.edu.pk:88
  admin_server = mnsvr.niit.edu.pk:749
  default_domain = niit.edu.pk
 }
[domain_realm]
 .niit.edu.com = NIIT.EDU.PK
 niit.edu.pk = NIIT.EDU.PK
                                                      
                                          
[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
 afs_salt = NIIT.EDU.PK
                                                      
                                          
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


plz help me with the skew problem cause i have checked
the time on both linux and domain controllers they are
the same.

also the net ads join command doesnt give any error
but still i cannot see the machine in the AD computers
list.

and should the three samba daemons be running when i
execute the kinit and net ads join commands?




  

=====

  Sahibzada Junaid Noor  
  Ph   #  (+92) (051) 5950 940
  Cell #   (+92) (0333) 5223586
  Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
  Rawalpindi
  Islamic Republic of Pakistan 







	
		
__________________________________
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
http://promo.yahoo.com/sbc/

More information about the smb-clients mailing list