To keep kerberos happy you need your client machines to have their clocks fairly well synchronised with the KDCs. The easiest way to achieve this is to use ntp. I’ve added an LCFG header, inf/options/ntp.h which uses the file component to do a simple setup on F12. The file /etc/ntp.conf now just contains:
driftfile /var/lib/ntp/drift restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 server ntp0.inf.ed.ac.uk server ntp1.inf.ed.ac.uk server ntp2.inf.ed.ac.uk includefile /etc/ntp/crypto/pw keys /etc/ntp/keys
As usual, one of the problems with the file component is that it cannot restart services after a configuration file has changed. So, once this is in place it is necessary to do /etc/init.d/ntpd restart.
If ntpd was not previously running (you can check first) then it is necessary to use chkconfig to activate the service:
# chkconfig --list ntpd ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off # chkconfig --level 2345 ntpd on chkconfig --list ntpd ntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Thanks, that worked for my machine. I also had to do an ‘ntpdate’ first though to get the clock roughly aligned with reality.
[…] machine's clock is now properly adjusted thanks to Stephen's blog post on ntp on f12. Comments […]