Displaying 8 results from an estimated 8 matches for "clock_skew".
Did you mean:
clock_seq
2014 Feb 21
1
Problem Joining a ubuntu 12.04+samba to a W2k DC
...6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
**************************************************************************
/etc/krb5.conf
[libdefaults]
default_realm = FAMILY.LOCAL
ticket_lifetime = 24000
clock_skew = 300
[realms]
FAMILY.LOCAL = {
kdc = PARENT-SERVER.FAMILY.LOCAL
admin_server = PARENT-SERVER.FAMILY.LOCAL
default_domain = FAMILY.LOCAL
}
[domain_realm]
.family.local = FAMILY.LOCAL
family.local = FAMILY.LOC...
2018 Jun 30
0
DM 3.6.25 -> 4.x
additional:
the krb5.conf from the former admin, I assume it could or should be
boiled down:
# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5.log
[libdefaults]
ticket_lifetime = 24000
clock_skew = 300
default_realm = customer.INTRA
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
DOMAIN.LOCAL = {
kdc = DC1.customer.INTRA:88
admin_server = DC1.customer.INTRA:464
default_domain = customer.INTRA
}
[domain_realm]...
2007 Mar 12
2
Samba kerberos more time sensitive that Windows?
Hi there
We just had a problem where a user couldn't connect to a Samba server
that is a full ADS member. The same user could successfully connect to
Windows2K3 servers.
The problem was obvious - their clock was 5 hours out, and Samba
rejected their connections with a "Failed to verify incoming ticket".
Correcting the time fixed the fault. However, it remains that Samba
rejected
2011 Jan 12
0
working with the net commands... trouble.
...comment = Printer Drivers
path = /usr/home/KRH_drivers
write list = root, printserver,KRH\jdown
force user = printserver
force group = printserver
guest ok = No
my krb5.conf
[logging]
default = SYSLOG:INFO:LOCAL7
[libdefaults]
ticket_lifetime = 24000
clock_skew = 300
default_realm = KRH.INT
[realms]
domain.LOCAL = {
kdc = kal-dc3.krh.int:88
kdc = kal-dc4.krh.int:88
kdc = kal-dc2.krh.int:88
admin_server = kal-dc4.krh.int:464
admin_server = kal-dc3.krh.int:464
admin_server = kal-dc2.krh.int:464
default_domain = krh.int
}
[domain_realm]
.domain.local = KRH...
2006 Nov 22
1
Confused about Active Directory, Winbind, and Kerberos
...winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind offline logon = true
winbind refresh tickets = Yes
use kerberos keytab = true
### relevant krb5.conf lines ###
[libdefaults]
default_realm = TREMONT.LOCAL
clock_skew = 300
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
dns_lookup_kdc = false
dns_lookup_realm = false
default_tgs_enctypes = rc4-hmac des-cbc-md5 des-cbc-crc
default_tkt_enctypes = rc4-hmac des-cbc-md5 des-cbc-crc
permitted_enc...
2018 Jun 30
2
DM 3.6.25 -> 4.x
That domain member server worked fine for about 2 weeks until today.
Somehow the DNS-record didn't work anymore, I did a rejoin and added
some kerberos-related lines to smb.conf
# 2 lines old
winbind cache time = 10
winbind use default domain = yes
# new lines
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
created keytab,
2011 Sep 13
1
Domain Member keytabs invalid after Password Change
...ts.x86_64
krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = AD.FOO.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
clock_skew = 300
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tks_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_ser...
2013 Jun 24
2
samba 4.0.6 getent group
Hello all listies.
I've got samba4.0.6 running on FreeBSD 9.1.
Joined W2K12 domain as member server.
running getent group I noticed it takes a long time to resolve groups.
The result is correct, but it is inordinately long.
With 3.6.13 on FreeBSD 9.1 the return is nearly instantaneous.
smb4.conf looks like this.
[global]
workgroup = TMS3
security = ADS
realm = TMS3.COM
encrypt