Cisco VPN using kerberos problem
in [Cisco]
|
Prev: Prolific USB-Serial/Mac OSX
Next: DSL firmware.
From: rounner on 3 Jan 2007 23:39 Hello, I am using a 3000 VPN concentrator and trying to use kerberos to authenticate. I am getting an error: Authentication Rejected: Clock skew too great (synch to KDC) The VPN concentrator NTP is set to the KDC and both times are the same within a second or so. Kerberos on the KDC (a windows 2000 server) is default setup, and I have not done anything server side (havent added the concentrator to AD as a computer for example) I know it is a valid user and password, or else I get a different error. I dont know if any of this is useful unencrypted, but this is what a network capture sees: Client to KDC ......¾..#.è..E..Ë?...q|.d .........X.·.Çj¬0©¡....¢....¤0....@..¡.0. ....¡.0...username¢...DOMAIN.COM£.0. ....¡.0...krbtgt..DOMAIN.COM¥...19700101000000Z§...E»¨.0......................©.0.0. ....¡....d .. KDC to client ...P.`§.....¾..E..îIâ..........d..X...ÚÈ~Ï0Ì.....¡....¤...20070104035844Z¥......¦....©...DOMAIN.COMª.0. ....¡.0...krbtgt..DOMAIN.COM¬r.p0n0V¡....¢O.M0K0. ....¡...0. ....¡....DOMAIN.COMusername0. ....¡...DOMAIN.COMusername0.¡....¢...0.¡.....¢... Client to KDC ......¾..#.è..E...ª)...KF.d .........X..ç¶jø0õ¡....¢....£J0H0F¡....¢?.=0; .....¢4.2wâþ4Jõ£I!è9|±rL×.þÞLaÅdí.~ÆÕ(XWõé6<7H./6ÓY¨.¤0 ....@..¡.0. ....¡.0...username¢...DOMAIN.COM£.0. ....¡.0...krbtgt..DOMAIN.COM¥...19700101000000Z§...E¼¨.0.... KDC to client ...#.è.....¾..E..xIó..........d..X...d.~Z0X ....¡....¤....20070104035844Z¥....°[¦...%©...DOMAIN.COMª.0. ....¡.0...krbtgt..DOMAIN.COM Does anyone know what I should check or do? Thanks.
|
Pages: 1 Prev: Prolific USB-Serial/Mac OSX Next: DSL firmware. |