Hi,
I set up Zentyal as a primary Domaincontroller for Windows XP-Clients. I could join the domain successfully, but after some time (without making any changes), when i want to login into a windows-client i get the alert
Username or password incorrect. Check username password and domain and try again.
If i restart all zentyal moduls, everything works fine for a while, until the problem occurs again.
This are the lines in the
/var/log/samba/samba.log (
adams is the user,
ACME.INTERN the Domain and
winclient the name of the windows XP client.
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ adams@ACME from ipv4:10.0.2.150:1302 for krbtgt/ACME@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: ENC-TS, 128
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PK-INIT(ietf) pa-data -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PK-INIT(win2k) pa-data -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Too large time skew, client time 2012-12-22T11:15:51 is out by 31395 > 300 seconds -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: AS-REQ adams@ACME from ipv4:10.0.2.150:1303 for krbtgt/ACME@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Client sent patypes: ENC-TS, 128
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PK-INIT(ietf) pa-data -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for PK-INIT(win2k) pa-data -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Looking for ENC-TS pa-data -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Too large time skew, client time 2012-12-22T11:15:51 is out by 31395 > 300 seconds -- adams@ACME
[2012/12/22 02:32:36, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ
Thank you