-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Haar wrote: > Hi there > > We just had a problem where a user couldn't connect to a Samba server > that is a full ADS member. The same user could successfully connect to > Windows2K3 servers. > > The problem was obvious - their clock was 5 hours out, and Samba > rejected their connections with a "Failed to verify incoming ticket". > Correcting the time fixed the fault. However, it remains that Samba > rejected them when Windows servers didn't. > > Is that an option that can be enabled? Anything that makes Samba look > more like Windows is a Good Thing (even if it violates the entire point > of Kerberos! ;-)
Windows client apparently adjust their clocks based on the CLOCK_SKEW error returned in the negprot response. It's hard for us in this cases since we are not the OS. My recommendation is to setup ntpd to use the AD DCs as the time servers. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFF+VOsIR7qMdg1EfYRAlk/AJdnirAAVBj5kOn6QkdXuQceKl6LAKCTIADN CFeqics6bhbuuZ6lycQU7w== =qh18 -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
