search for: clock_skew

...6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ************************************************************************** /etc/krb5.conf [libdefaults] default_realm = FAMILY.LOCAL ticket_lifetime = 24000 clock_skew = 300 [realms] FAMILY.LOCAL = { kdc = PARENT-SERVER.FAMILY.LOCAL admin_server = PARENT-SERVER.FAMILY.LOCAL default_domain = FAMILY.LOCAL } [domain_realm] .family.local = FAMILY.LOCAL family.local = FAMILY.LOC...

additional: the krb5.conf from the former admin, I assume it could or should be boiled down: # cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5.log [libdefaults] ticket_lifetime = 24000 clock_skew = 300 default_realm = customer.INTRA kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] DOMAIN.LOCAL = { kdc = DC1.customer.INTRA:88 admin_server = DC1.customer.INTRA:464 default_domain = customer.INTRA } [domain_realm]...

Hi there We just had a problem where a user couldn't connect to a Samba server that is a full ADS member. The same user could successfully connect to Windows2K3 servers. The problem was obvious - their clock was 5 hours out, and Samba rejected their connections with a "Failed to verify incoming ticket". Correcting the time fixed the fault. However, it remains that Samba rejected

...comment = Printer Drivers path = /usr/home/KRH_drivers write list = root, printserver,KRH\jdown force user = printserver force group = printserver guest ok = No my krb5.conf [logging] default = SYSLOG:INFO:LOCAL7 [libdefaults] ticket_lifetime = 24000 clock_skew = 300 default_realm = KRH.INT [realms] domain.LOCAL = { kdc = kal-dc3.krh.int:88 kdc = kal-dc4.krh.int:88 kdc = kal-dc2.krh.int:88 admin_server = kal-dc4.krh.int:464 admin_server = kal-dc3.krh.int:464 admin_server = kal-dc2.krh.int:464 default_domain = krh.int } [domain_realm] .domain.local = KRH...

...winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind offline logon = true winbind refresh tickets = Yes use kerberos keytab = true ### relevant krb5.conf lines ### [libdefaults] default_realm = TREMONT.LOCAL clock_skew = 300 kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true dns_lookup_kdc = false dns_lookup_realm = false default_tgs_enctypes = rc4-hmac des-cbc-md5 des-cbc-crc default_tkt_enctypes = rc4-hmac des-cbc-md5 des-cbc-crc permitted_enc...

That domain member server worked fine for about 2 weeks until today. Somehow the DNS-record didn't work anymore, I did a rejoin and added some kerberos-related lines to smb.conf # 2 lines old winbind cache time = 10 winbind use default domain = yes # new lines dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = Yes created keytab,

...ts.x86_64 krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = AD.FOO.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true clock_skew = 300 default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tks_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 [realms] EXAMPLE.COM = { kdc = kerberos.example.com admin_ser...

Hello all listies. I've got samba4.0.6 running on FreeBSD 9.1. Joined W2K12 domain as member server. running getent group I noticed it takes a long time to resolve groups. The result is correct, but it is inordinately long. With 3.6.13 on FreeBSD 9.1 the return is nearly instantaneous. smb4.conf looks like this. [global] workgroup = TMS3 security = ADS realm = TMS3.COM encrypt