[Users] Login Error using AD domain

Yair Zaslavsky yzaslavs at redhat.com
Mon Apr 7 22:19:56 UTC 2014 

Hi,
Seems you still have some issue in your environment if this error is reported, you can try to kinit yourself and check.
For that you will need an appropriate krb5.conf file to be placed at 
/etc/krb5.conf - and to perform

kinit user at REALM

the content of the krb5.conf file can be:


[libdefaults]
default_realm = <YOUR_REALM>
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = no
no-addresses = false
default_tkt_enctypes = arcfour-hmac-md5
udp_preference_limit = 1 


----- Original Message -----
> From: "Jeff Clay" <jeffclay at gmail.com>
> To: users at ovirt.org
> Sent: Tuesday, April 8, 2014 12:09:23 AM
> Subject: [Users] Login Error using AD domain
> 
> This was working fine, now I get the error below in engine.log when I try
> to log in. The clock times are the same. I even changed the time service on
> the domain controller to use the same NTP source as the engine server. I
> have rebooted the domain controller to make sure that all settings were
> applied, but I still get this error. I can log into our other AD domain
> without issue, the problem is just with this particular domain.
> 
> 
> 2014-04-07 16:05:07,453 ERROR
> [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
> (ajp--127.0.0.1-8702-7) Kerberos error: Clock skew too great (37)
> 2014-04-07 16:05:07,454 ERROR
> [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy]
> (ajp--127.0.0.1-8702-7) Authentication Failed. The Engine clock is not
> synchronized with directory services (must be within 5 minutes difference).
> Please verify the clocks are synchronized
> 2014-04-07 16:05:07,456 ERROR
> [org.ovirt.engine.core.bll.adbroker.DirectorySearcher]
> (ajp--127.0.0.1-8702-7) Failed ldap search server ldap://par-dc1:389 using
> user jclay at CORPORATE.WELLSCO.NET due to Authentication Failed. The Engine
> clock is not synchronized with directory services (must be within 5 minutes
> difference). Please verify the clocks are synchronized. We should try the
> next server
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list