[K12OSN] kinit: clock skew too great
Conrad Lawes
pxeboot at gmail.com
Thu Apr 5 12:12:00 UTC 2007
Yes, you're correct. In the example, I provided running the ntpd daemon is
not necessary. In my case, our Linux AD member server is also a
secondary time source for other Linux systems; hence the ntpd daemon.
On 4/4/07, Nils Breunese <nils at breun.nl> wrote:
>
> Conrad Lawes wrote:
>
> > This error means that the time on the kerberos client is out of
> > synch with kerberos server. The kerberos server in this case is
> > your AD controller. I believe, by default, the kerberos server
> > will refuse to issue tickets if the clocks are out of synch by
> > more than 5 minutes.
> >
> > To avoid this problem, you should use the AD controller as the
> > primary ntp source for all AD members. This way your clients are
> > always in synch with the AD controller. To automate this, I
> > setup cron jobs on all Linux AD member servers to execute the
> > following:
> >
> > # /sbin/service ntpd stop; /usr/sbin/ntpdate <ip address of AD
> > server>; /sbin/service ntpd start
> >
> > The command above stops the ntpd daemon, updates the system time
> > with AD controller then restarts ntpd daemon.
>
> I'd say, use your AD server as a time source for ntpd OR don't use
> ntpd and run ntpdate in a cron job. Running both doesn't make sense
> to me. Or am I missing something?
>
> Nils Breunese.
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>
--
Regards,
Conrad Lawes
PXE Guru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070405/a64ec50c/attachment.htm>
More information about the K12OSN
mailing list