On Thu, Mar 15, 2007 at 09:09:48AM -0500, Gerald (Jerry) Carter wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jason Haar wrote: > > Hi there > > > > We just had a problem where a user couldn't connect to a Samba server > > that is a full ADS member. The same user could successfully connect to > > Windows2K3 servers. > > > > The problem was obvious - their clock was 5 hours out, and Samba > > rejected their connections with a "Failed to verify incoming ticket". > > Correcting the time fixed the fault. However, it remains that Samba > > rejected them when Windows servers didn't. > > > > Is that an option that can be enabled? Anything that makes Samba look > > more like Windows is a Good Thing (even if it violates the entire point > > of Kerberos! ;-) > > Windows client apparently adjust their clocks based on the > CLOCK_SKEW error returned in the negprot response. It's hard > for us in this cases since we are not the OS.
Do you mean the CLOCK_SKEW returned in the SessionsetupX call ? If so I'm testing a patch that will allow smbd to return the same error.... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba