[K12OSN] kinit: clock skew too great
Nils Breunese
nils at breun.nl
Thu Apr 5 00:47:22 UTC 2007
Conrad Lawes wrote:
> This error means that the time on the kerberos client is out of
> synch with kerberos server. The kerberos server in this case is
> your AD controller. I believe, by default, the kerberos server
> will refuse to issue tickets if the clocks are out of synch by
> more than 5 minutes.
>
> To avoid this problem, you should use the AD controller as the
> primary ntp source for all AD members. This way your clients are
> always in synch with the AD controller. To automate this, I
> setup cron jobs on all Linux AD member servers to execute the
> following:
>
> # /sbin/service ntpd stop; /usr/sbin/ntpdate <ip address of AD
> server>; /sbin/service ntpd start
>
> The command above stops the ntpd daemon, updates the system time
> with AD controller then restarts ntpd daemon.
I'd say, use your AD server as a time source for ntpd OR don't use
ntpd and run ntpdate in a cron job. Running both doesn't make sense
to me. Or am I missing something?
Nils Breunese.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: Dit deel van het bericht is digitaal ondertekend
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070405/6f70589b/attachment.sig>
More information about the K12OSN
mailing list