[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] kinit: clock skew too great

Yes,  you're correct.  In the example, I provided running the ntpd daemon is not necessary.   In my case, our Linux AD member server is also a secondary time source for other Linux systems; hence the ntpd daemon.

On 4/4/07, Nils Breunese <nils breun nl> wrote:
Conrad Lawes wrote:

> This error means that the time on the kerberos client is out of
> synch with kerberos server.  The kerberos server in this case is
> your AD controller.  I believe, by default, the kerberos server
> will refuse to issue  tickets if the clocks are out of synch by
> more than 5 minutes.
> To avoid this problem, you should use the AD controller as the
> primary ntp source for all AD members. This way your clients are
> always in synch with the AD controller.  To automate this, I
> setup  cron jobs  on all Linux AD member servers to execute the
> following:
> # /sbin/service ntpd stop; /usr/sbin/ntpdate <ip address of AD
> server>; /sbin/service ntpd start
> The command above stops the ntpd daemon, updates the system time
> with AD controller then restarts ntpd daemon.

I'd say, use your AD server as a time source for ntpd OR don't use
ntpd and run ntpdate in a cron job. Running both doesn't make sense
to me. Or am I missing something?

Nils Breunese.

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

Conrad Lawes
PXE Guru
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]