search for: clockskew

...r = no local master = no vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes [demoshare] path = /archive/video read only = no krb5.conf : [libdefaults] default_realm = KURSK.MTT dns_lookup_realm = false dns_lookup_kdc = true clockskew = 300 [domain_realm] .kursk.mtt = KURSK.MTT [realms] KURSK.MTT = { kdc = debian-dc.kursk.mtt default_domain = kursk.mtt admin_server = debian-dc.kursk.mtt } [appdefaults] pam = { ticket_lifetime = 1d renew_life...

...mba bug report and let it work through the system. > > Rowland Well, yes, we can change windows, by allowing/disallowing SMB1. Which might help in detecting whats off.. I would check 3 things here before this is reported as bug. Kerberos/Authentication. krb5.conf, Did you change the : clockskew or renew_lifetime Set only this : [libdefaults] default_realm = YOUR.REALM.TLD dns_lookup_kdc = true dns_lookup_realm = false ;; optinal. ; forwardable = true ; proxiable = true ; ticket_lifetime = 24h << one you can try as LAST option. ; ccache_type = 4 Are the...

...m the command and I don't get a machine account in the domain. My /etc/krb5.conf looks like: logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm =MYDOMAIN.COM clockskew = 300 default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc des-cbc-md5 [realms] MYDOMAIN.COM = { kdc = DCSRV1.MYDOMAIN.COM:88 admin_server = dcsrv1.mydomain.com:749 default_domain = mydomain.com...

Ok I deleted the incorrect conf file and set it up using Yast again here is the amended file. I tried using the IP address of the server this time but I'm still getting the same errors as before. [libdefaults] default_realm = ELLISONSLEGAL.COM clockskew = 300 [domain_realm] .ELLNET = ELLISONSLEGAL.COM [realms] ELLISONSLEGAL.COM = { kdc = 10.0.0.31 default_domain = ELLNET kpasswd_server = 10.0.0.31 } [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum...

...encrypt passwords = yes password server = tq-dc-1.tq-net.de client use spnego = no domain logons = No domain master = No wins server = TQ-DC-1.TQ-NET.DE wins support = No [share1] ... krb5.conf [libdefaults] default_realm = TQ-NET.DE clockskew = 300 [realms] TQ-NET.DE = { kdc = TQ-DC-1.TQ-NET.DE default_domain = TQG admin_server = TQ-DC-1.TQ-NET.DE } [domain_realm] .tq-net.DE = TQ-NET.DE [appdefaults] pam = { ticket_lifetime = 1d...

...path = /home/WAYNE read only = No browseable = Yes ---------/etc/nsswitch.conf------- passwd: files winbind group: files winbind hosts: files dns wins winbind networks: files dns ---------/etc/krb5.conf----------- [libdefaults] default_realm = WAYNE.LOCAL clockskew = 300 [realms] WAYNE.LOCAL = { kdc = police.wayne.local default_domain = WAYNE.LOCAL kpasswd_server = adserver.wayne.local } [domain_realm] .WAYNE.LOCAL = WAYNE.LOCAL [appdefaults] pam = { ticket_lifetime = 365d renew_lifetime = 365d forwarda...

...upport for encryption type: KDC has no support for encryption type) Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_UNSUCCESSFUL My krb5.conf is as follows: [libdefaults] default_realm = (WINDOWS 2000 DOMAIN) dns_lookup_realm = true dns_lookup_kdc = true clockskew = 300 default_keytab_name = FILE:/home/pilote/rafa.keytab default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc [realms] (WINDOWS 2000 DOMAIN) = { kdc = (HOSTNAME).(WINDOWS 2000 DOMAIN):88 } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log...

...april 2019 19:39 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Windows clients require reboot once a day in order to access mapped drives I would check 3 things here before this is reported as bug. Kerberos/Authentication. krb5.conf, Did you change the : clockskew or renew_lifetime Set only this : [libdefaults] default_realm = YOUR.REALM.TLD dns_lookup_kdc = true dns_lookup_realm = false I have not played with clockskew or renew_lifetime. Both my DC and file server have the following krb5.conf file. [libdefaults] defa...

...ls = Yes map acl inherit = Yes acl group control = yes load printers = no debug level = 3 use sendfile = no log level = 10 strict allocate = yes acl allow execute always = True username map = /etc/samba/usermap.txt [libdefaults] default_realm = DOMAIN clockskew = 300 ticket_lifetime = 3d renew_lifetime = 7d forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] DOMAIN = { default_domain = D...

...I get the following error : Failed to find authenticated user via getpwnam(), denying access Aix client is connecting the DC over a VPN. This is my krb5.conf : [libdefaults] default_realm = MYDOMAIN.COM default_keytab_name = FILE:/etc/krb5/krb5.keytab clockskew = 300 [realms] MYDOMAIN.COM = { kdc = dc.mydomain.com:88 admin_server = dc.mydomain.com:749 default_domain = MYDOMAIN.COM } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [log...

...0000 winbind separator = / winbind cache time = 5 winbind use default domain = Yes winbind nested groups = Yes [odin] comment = ODIN path = /odin read only = No inherit acls = Yes [krb5.conf] [libdefaults] default_realm = DOMAIN.COM clockskew = 300 [realms] DOMAIN.COM = { kdc = 10.10.1.95 default_domain = domain.com admin_server = 10.10.1.95 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [appdefau...

...crypt --without-cyrus-sasl unixODBC-2.2.11 gcc 3.3.2 /etc/krb5.conf: [libdefaults] default_realm = MYREALM.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 ticket_lifetime = 24000 clockskew = 300 dns_lookup_realm = false dns_lookup_kdc = false [realms] MYREALM.COM = { kdc = myadsserver.mydomain.com default_domain = mydomain.com } [domain_realm] .mydomain.com = MYREALM.COM [logging] kdc = FILE:/var/lo...

...> > > unixODBC-2.2.11 > gcc 3.3.2 > > /etc/krb5.conf: > > [libdefaults] > default_realm = MYREALM.COM > default_etypes = des-cbc-crc des-cbc-md5 > default_etypes_des = des-cbc-crc des-cbc-md5 > ticket_lifetime = 24000 > clockskew = 300 > dns_lookup_realm = false > dns_lookup_kdc = false > > [realms] > MYREALM.COM = { > kdc = myadsserver.mydomain.com > default_domain = mydomain.com > } > > [domain_realm] > .mydomain.com =...

...ype=0x30000000 I also see some weirdness with wbinfo. When displaying users, I see only user accounts, while on my other servers, I see user and computer accounts. KRB5.CONF: ========== [libdefaults] default_realm = MYDOMAIN.COM ticket_lifetime = 2400 clockskew = 300 default_tkt_enctypes = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc des-cbc-md5 forwardable = true dns_lookup_kdc = false dns_lookup_realm = false kdc_timesync = true...

...only = no public = yes [home] comment = User Home Directories user = %S path = /odin/home/%S inherit acls = Yes writeable = yes read only = no public = no browseable = yes [krb5.conf] [libdefaults] default_realm = DOMAIN.COM clockskew = 300 [realms] UTAH.EDU = { kdc = 192.168.0.10 default_domain = domain.com admin_server = 192.168.0.10 } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [appdef...

...n : /etc/krb5.conf: [logging] default = FILE:SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log [libdefaults] default_realm = MEDICAL.LOCAL dns_lookup_realm = false dns_lookup_kdc = false clockskew = 3000 [realms] MEDICAL.LOCAL = { kdc = 172.22.45.5 admin_server = 192.168.11.70 default_domain = MEDICAL } ADMINISTRATIF.LOCAL = { kdc = 172.22.45.1 admin_server = 192.168.11.40 default_domain = ADMINISTRATIF } MEDICAL = { kdc = 172.22.45.5...

...idmap gid = 10000-20000 idmap uid = 10000-20000 winbind enum users = yes winbind enum groups = yes idmap backend = ad idmap config DOMAIN : backend = ad winbind nss info = rfc2307 krb5.conf [libdefaults] default_realm = DOMAIN.DE clockskew = 300 [realms] DOMAIN.DE = { kdc = 192.168.1.1 admin_server = 192.168.1.1 default_domain = domain.de } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON [domain_realm]...

...OUND=return] dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files /etc/krb5 [libdefaults] default_realm = SIENIC.SITE clockskew = 300 # default_realm = EXAMPLE.COM [realms] SIENIC.SITE = { kdc = server01.sienic.site default_domain = sienic.site admin_server = server01.sienic.site } # EXAMPLE.COM = { # kdc = kerberos.example.com # admin_server = kerberos.example.com # } [logging]...

...********************************** My krb5.keytab has been generated correctly. I also have a krb5.conf: ******************************************************************** krb5.conf ******************************************************************** [libdefaults] default_realm = AD.TEST.LOC clockskew = 900 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] TEST.TEST.LOC = { kdc = dc.ad.test.loc kdc = dc1.ad.test.loc kd...

...debug level = 0 log file = /var/log/smb.log idmap uid = 9000-20000 idmap gid = 600-1000 deadtime = 15 load printers = No disable spoolss = Yes printcap name = /dev/null And # [libdefaults] default_realm = PC.COGNEX.COM clockskew = 300 [realms] PC.COGNEX.COM = { kdc = scar.pc.cognex.com kdc = sherekhan.pc.cognex.com admin_server = scar.pc.cognex.com default_domain = pc.cognex.com } [domain_realm] .kerberos.server = PC.COGNEX.COM...