Re: [Freeipa-users] Kerberos Clock Skew too great

I was seeing a lot of entries in the krb5kdc.log like below "krb5kdc[10403](info): TGS_REQ (4 etypes {18 17 16 23}) 10.1.4.219: ISSUE: authtime 1485450918, etypes {rep=18 tkt=18 ses=18}, host/my-host@MYDOMAIN" On one env.. where users rarely log in... even there I see a lot of such requests.

Re: [Freeipa-users] Kerberos Clock Skew too great

Rakesh Rajasekharan writes: > one more question I was curious is.. when does the krb5kdc.log get entries > . .. I mean is it only when someone makes an attempt to login to a server > that the log file krb5kdc.log on the IPA master gets updated or there are > other

Re: [Freeipa-users] Kerberos Clock Skew too great

thanks for the inputs.. one more question I was curious is.. when does the krb5kdc.log get entries . .. I mean is it only when someone makes an attempt to login to a server that the log file krb5kdc.log on the IPA master gets updated or there are other scenarios as well Thanks Rakesh On Fri,

Re: [Freeipa-users] Kerberos Clock Skew too great

Rakesh Rajasekharan writes: >> Great, glad it's fixed! Are these VMs? If not, you may wish to >> (re?)configure automatic syncing. > > yes these are AWS instances. How do I reconfigure auto syncing . Is > there a documentation I can follow. During install of the

Re: [Freeipa-users] Kerberos Clock Skew too great

Hi There, Sorry could not get back on this earlier, > Great, glad it's fixed! Are these VMs? If not, you may wish to > (re?)configure automatic syncing. yes these are AWS instances. How do I reconfigure auto syncing . Is there a documentation I can follow. Sorry, haven't done this before

Re: [Freeipa-users] Kerberos Clock Skew too great

Rakesh Rajasekharan writes: > There were about 1500 hosts that were alerting for "clock skew" and the > issue went away only after I did a resync using ntpdate on all those hosts Great, glad it's fixed! Are these VMs? If not, you may wish to (re?)configure

Re: [Freeipa-users] Kerberos Clock Skew too great

On Mon, Jan 09, 2017 at 02:07:21PM +0530, Rakesh Rajasekharan wrote: > yes on the IPA server as well.. the offset isn't that high > > remote refid st t when poll reach delay offset > jitter > == >

Re: [Freeipa-users] Kerberos Clock Skew too great

yes on the IPA server as well.. the offset isn't that high remote refid st t when poll reach delay offset jitter == *ip-10-10-1-150.e 132.163.4.1012 u 119 128 3770.431 -0.279 0.348

Re: [Freeipa-users] Kerberos Clock Skew too great

On Mon, Jan 09, 2017 at 01:07:06PM +0530, Rakesh Rajasekharan wrote: > Hi, > > I am using a Freeipa 4.2.0 server. > > I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log. And > when this happens, usually logins or new ipa-cleint-install fails. > > When I checked on one of the

[Freeipa-users] Kerberos Clock Skew too great

Hi, I am using a Freeipa 4.2.0 server. I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log. And when this happens, usually logins or new ipa-cleint-install fails. When I checked on one of the hosts for which the clock skew was reported, #> ntpq -p remote refid