Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 12 replies
  • Subscribers 0 subscribers
  • Views 2830 views
  • Users 0 members are here
Options
Suggested

[7.480][QUESTION][ANSWERED] 7.480 - Joining A/D not possible Windows 2008

BertJanssen
hi,

just tried to configure SSO active directory this is not working anymore
- dns settings are correct can also ping the domain name and the domain controller
- Time settings are correct.
- username and password are correct because ldap is working fine.

in the log files at the astaro is nothing to see also in the windows log files i don't see any attempt to logon
Parents
  • 0
    hostname fw.egberink.lan


    fw:/root # host -t SRV _ldap._tcp.dc._msdcs.egberink.lan
    _ldap._tcp.dc._msdcs.egberink.lan has SRV record 0 100 389 barbapapa.egberink.lan.
    fw:/root # host -t SRV _kerberos._udp.egberink.lan                              _kerberos._udp.egberink.lan has SRV record 0 100 88 barbapapa.egberink.lan.


    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net: [2009/08/19 15:58:06, 0] libsmb/cliconnect.c:cli_session_setup_spnego(859)
    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net:   Kinit failed: Clock skew too great
    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net: [2009/08/19 15:58:06, 0] libads/kerberos_keytab.c:ads_keytab_add_entry(291)
    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net:   ads_keytab_add_entry: unable to determine machine account's dns name in AD!
    > 2009:08:19-15:58:06 fw [user:err] net: [2009/08/19 15:58:06, 0] libads/kerberos_keytab.c:ads_keytab_add_entry(291)
    > 2009:08:19-15:58:06 fw [user:err] net:   ads_keytab_add_entry: unable to determine machine account's dns name in AD!

    this is all i get

    thanx
Reply
  • 0
    hostname fw.egberink.lan


    fw:/root # host -t SRV _ldap._tcp.dc._msdcs.egberink.lan
    _ldap._tcp.dc._msdcs.egberink.lan has SRV record 0 100 389 barbapapa.egberink.lan.
    fw:/root # host -t SRV _kerberos._udp.egberink.lan                              _kerberos._udp.egberink.lan has SRV record 0 100 88 barbapapa.egberink.lan.


    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net: [2009/08/19 15:58:06, 0] libsmb/cliconnect.c:cli_session_setup_spnego(859)
    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net:   Kinit failed: Clock skew too great
    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net: [2009/08/19 15:58:06, 0] libads/kerberos_keytab.c:ads_keytab_add_entry(291)
    fw:/var/log # 2009:08:19-15:58:06 fw [user:err] net:   ads_keytab_add_entry: unable to determine machine account's dns name in AD!
    > 2009:08:19-15:58:06 fw [user:err] net: [2009/08/19 15:58:06, 0] libads/kerberos_keytab.c:ads_keytab_add_entry(291)
    > 2009:08:19-15:58:06 fw [user:err] net:   ads_keytab_add_entry: unable to determine machine account's dns name in AD!

    this is all i get

    thanx
Children
No Data
Unfiltered HTML