I was seeing a lot of entries in the krb5kdc.log like below
"krb5kdc[10403](info): TGS_REQ (4 etypes {18 17 16 23}) 10.1.4.219: ISSUE:
authtime 1485450918, etypes {rep=18 tkt=18 ses=18}, host/my-host@MYDOMAIN"
On one env.. where users rarely log in... even there I see a lot of such
requests.
Rakesh Rajasekharan writes:
> one more question I was curious is.. when does the krb5kdc.log get entries
> . .. I mean is it only when someone makes an attempt to login to a server
> that the log file krb5kdc.log on the IPA master gets updated or there are
> other
thanks for the inputs..
one more question I was curious is.. when does the krb5kdc.log get entries
. .. I mean is it only when someone makes an attempt to login to a server
that the log file krb5kdc.log on the IPA master gets updated or there are
other scenarios as well
Thanks
Rakesh
On Fri,
Rakesh Rajasekharan writes:
>> Great, glad it's fixed! Are these VMs? If not, you may wish to
>> (re?)configure automatic syncing.
>
> yes these are AWS instances. How do I reconfigure auto syncing . Is
> there a documentation I can follow.
During install of the
Hi There,
Sorry could not get back on this earlier,
> Great, glad it's fixed! Are these VMs? If not, you may wish to
> (re?)configure automatic syncing.
yes these are AWS instances. How do I reconfigure auto syncing . Is there
a documentation I can follow.
Sorry, haven't done this before
Rakesh Rajasekharan writes:
> There were about 1500 hosts that were alerting for "clock skew" and the
> issue went away only after I did a resync using ntpdate on all those hosts
Great, glad it's fixed! Are these VMs? If not, you may wish to
(re?)configure
On Mon, Jan 09, 2017 at 02:07:21PM +0530, Rakesh Rajasekharan wrote:
> yes on the IPA server as well.. the offset isn't that high
>
> remote refid st t when poll reach delay offset
> jitter
> ==
>
yes on the IPA server as well.. the offset isn't that high
remote refid st t when poll reach delay offset
jitter
==
*ip-10-10-1-150.e 132.163.4.1012 u 119 128 3770.431 -0.279
0.348
On Mon, Jan 09, 2017 at 01:07:06PM +0530, Rakesh Rajasekharan wrote:
> Hi,
>
> I am using a Freeipa 4.2.0 server.
>
> I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log. And
> when this happens, usually logins or new ipa-cleint-install fails.
>
> When I checked on one of the
Hi,
I am using a Freeipa 4.2.0 server.
I sometimes see, "clock skew too great" errors in /var/log/krb5kdc.log. And
when this happens, usually logins or new ipa-cleint-install fails.
When I checked on one of the hosts for which the clock skew was reported,
#> ntpq -p
remote refid
10 matches
Mail list logo