samba - May 2004 - Clock skew and net ads join problem

HI,

   when i try to execute the kinit command on my Red
hat 9 system with samba 3 i get the following error

 [root@niit125 root]# kinit junaid@NIIT.EDU.PK
 Password for junaid@NIIT.EDU.PK:
 kinit(v5): Clock skew too great while getting initial
   credentials

so how do i solve the clock skew problem cause i have
checked the time on both of them it is the same. 

the net ads join command doesnt give any error but i
still see nothing in the active directory computers
list

also should the smbd, nmbd and winbind be running when
i am running the commands 
     kinit 
      and 
  net ads join?

here is the global section of my smb.conf

workgroup = MYGROUP
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/smbd.log
max log size = 50
realm = NIIT.EDU.PK
security = ADS
password server = 10.10.11.1(IP of the machine running
Active directory)
encrypt passwords = yes
dns proxy = no

And here is my krb5.conf. 

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 
  
 
[libdefaults]
 ticket_lifetime = 24000
 default_realm = NIIT.EDU.PK
 dns_lookup_realm = false
 dns_lookup_kdc = false
 forwardable = true
 default_tkt_enctypes = des-cbc-crc
 default_tgs_enctypes = des-cbc-crc
 
[realms]
 NIIT.EDU.PK = {
  kdc = mnsvr.niit.edu.pk:88
  admin_server = mnsvr.niit.edu.pk:749
  default_domain = niit.edu.pk
 }
[domain_realm]
 .niit.edu.com = NIIT.EDU.PK
 niit.edu.pk = NIIT.EDU.PK
                                                      
                                          
[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
 afs_salt = NIIT.EDU.PK
                                                      
                                          
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


plz help me with the skew problem cause i have checked
the time on both linux and domain controllers they are
the same.

also the net ads join command doesnt give any error
but still i cannot see the machine in the AD computers
list.

and should the three samba daemons be running when i
execute the kinit and net ads join commands?




  

====
  Sahibzada Junaid Noor  
  Ph   #  (+92) (051) 5950 940
  Cell #   (+92) (0333) 5223586
  Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
  Rawalpindi
  Islamic Republic of Pakistan 







	
		
__________________________________
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
http://promo.yahoo.com/sbc/

Sahibzada Junaid Noor wrote:
>HI,
>
>   when i try to execute the kinit command on my Red
>hat 9 system with samba 3 i get the following error
>
> [root@niit125 root]# kinit junaid@NIIT.EDU.PK
> Password for junaid@NIIT.EDU.PK:
> kinit(v5): Clock skew too great while getting initial
>   credentials
>
>so how do i solve the clock skew problem cause i have
>checked the time on both of them it is the same. 
>
>the net ads join command doesnt give any error but i
>still see nothing in the active directory computers
>list
>
>also should the smbd, nmbd and winbind be running when
>i am running the commands 
>     kinit 
>      and 
>  net ads join?
>
>here is the global section of my smb.conf
>
>workgroup = MYGROUP
>server string = Samba Server
>printcap name = /etc/printcap
>load printers = yes
>log file = /var/log/samba/smbd.log
>max log size = 50
>realm = NIIT.EDU.PK
>security = ADS
>password server = 10.10.11.1(IP of the machine running
>Active directory)
>encrypt passwords = yes
>dns proxy = no
>
>And here is my krb5.conf. 
>
>[logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> 
>  
> 
>[libdefaults]
> ticket_lifetime = 24000
> default_realm = NIIT.EDU.PK
> dns_lookup_realm = false
> dns_lookup_kdc = false
> forwardable = true
> default_tkt_enctypes = des-cbc-crc
> default_tgs_enctypes = des-cbc-crc
> 
>[realms]
> NIIT.EDU.PK = {
>  kdc = mnsvr.niit.edu.pk:88
>  admin_server = mnsvr.niit.edu.pk:749
>  default_domain = niit.edu.pk
> }
>[domain_realm]
> .niit.edu.com = NIIT.EDU.PK
> niit.edu.pk = NIIT.EDU.PK
>                                                      
>                                          
>[kdc]
> profile = /var/kerberos/krb5kdc/kdc.conf
> afs_salt = NIIT.EDU.PK
>                                                      
>                                          
>[appdefaults]
> pam = {
>   debug = false
>   ticket_lifetime = 36000
>   renew_lifetime = 36000
>   forwardable = true
>   krb4_convert = false
> }
>
>
>plz help me with the skew problem cause i have checked
>the time on both linux and domain controllers they are
>the same.
>
>also the net ads join command doesnt give any error
>but still i cannot see the machine in the AD computers
>list.
>
>and should the three samba daemons be running when i
>execute the kinit and net ads join commands?
>
>
>
>
>  
>
>====>
>  Sahibzada Junaid Noor  
>  Ph   #  (+92) (051) 5950 940
>  Cell #   (+92) (0333) 5223586
>  Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
>  Rawalpindi
>  Islamic Republic of Pakistan 
>
>  
>
Have you verified the timezones are identical and that one isn't set to 
PM while the other is AM?  In my experience the only times I've received 
errors of this kind, either in Windows or from kerberos is when the 
timezones are set incorrectly or I had accidently set the clock to AM or 
PM when it should have been the other.  Also, are you using some sort of 
time sychronization (NTP preferably)?

Clint