[K12OSN] kinit: clock skew too great

Conrad Lawes pxeboot at gmail.com
Thu Apr 5 12:12:00 UTC 2007

Yes,  you're correct.  In the example, I provided running the ntpd daemon is
not necessary.   In my case, our Linux AD member server is also a
secondary time source for other Linux systems; hence the ntpd daemon.

On 4/4/07, Nils Breunese <nils at breun.nl> wrote:
> Conrad Lawes wrote:
> > This error means that the time on the kerberos client is out of
> > synch with kerberos server.  The kerberos server in this case is
> > your AD controller.  I believe, by default, the kerberos server
> > will refuse to issue  tickets if the clocks are out of synch by
> > more than 5 minutes.
> >
> > To avoid this problem, you should use the AD controller as the
> > primary ntp source for all AD members. This way your clients are
> > always in synch with the AD controller.  To automate this, I
> > setup  cron jobs  on all Linux AD member servers to execute the
> > following:
> >
> > # /sbin/service ntpd stop; /usr/sbin/ntpdate <ip address of AD
> > server>; /sbin/service ntpd start
> >
> > The command above stops the ntpd daemon, updates the system time
> > with AD controller then restarts ntpd daemon.
> I'd say, use your AD server as a time source for ntpd OR don't use
> ntpd and run ntpdate in a cron job. Running both doesn't make sense
> to me. Or am I missing something?
> Nils Breunese.
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

Conrad Lawes
PXE Guru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070405/a64ec50c/attachment.htm>

More information about the K12OSN mailing list