Hello,
I am using a 3000 VPN concentrator and trying to use kerberos to authenticate. I am getting an error:
Authentication Rejected: Clock skew too great (synch to KDC)
The VPN concentrator NTP is set to the KDC and both times are the same within a second or so.
Kerberos on the KDC (a windows 2000 server) is default setup, and I have not done anything server side (havent added the concentrator to AD as a computer for example)
I know it is a valid user and password, or else I get a different error.
I dont know if any of this is useful unencrypted, but this is what a network capture sees:
Client to KDC
.=2E...=BE..#.=E8=8C..E..=CB=84?..=7F.q|.d .=2E......X.=B7.=C7j=81=AC0=81=A9=A1....=A2....=A4=81=9C0=81=99....@=80..= =A1.0. ....=A1.0...username=A2...DOMAIN.COM=A3.0. ....=A1.0...krbtgt..DOMAI= N=2ECOM=A5...19700101000000Z=A7...E=9C=8A=BB=A8.0......................=A9.=
0=2E0. ....=A1....d .KDC to client
.=2EP.`=A7.....=BE..E..=EEI=E2..=80........d..X...=DA=C8=82~=81=CF0=81=CC..= .=2E=A1....=A4...20070104035844Z=A5......=A6....=A9...DOMAIN.COM=AA.0. ....= =A1.0...krbtgt..DOMAIN.COM=ACr.p0n0V=A1....=A2O.M0K0. ....=A1...0. ....=A1.= .=2EDOMAIN.COMusername0. ....=A1...DOMAIN.COMusername0.=A1....=A2...0.=A1..= .=2E=A2...
Client to KDC
.=2E...=BE..#.=E8=8C..E...=AA)..=7F.KF.d .=2E......X..=E7=B6j=81=F80=81=F5=A1....=A2....=A3J0H0F=A1....=A2?.=3D0; ..= .=2E=A24.2w=E2=FE=954J=F5=A3I!=9B=E89=91|=B1=9DrL=D7.=FE=DELa=C5d=ED.~=86= =C6=D5(XW=F5=E96