Cisco VPN using kerberos problem

Discussion in 'Cisco' started by rounner@yahoo.com, Jan 4, 2007.

  1. Guest

    Hello,

    I am using a 3000 VPN concentrator and trying to use kerberos to
    authenticate. I am getting an error:

    Authentication Rejected: Clock skew too great (synch to KDC)

    The VPN concentrator NTP is set to the KDC and both times are the same
    within a second or so.

    Kerberos on the KDC (a windows 2000 server) is default setup, and I
    have not done anything server side (havent added the concentrator to AD
    as a computer for example)

    I know it is a valid user and password, or else I get a different
    error.

    I dont know if any of this is useful unencrypted, but this is what a
    network capture sees:

    Client to KDC

    ......¾..#.èŒ..E..Ë„?...q|.d
    .........X.·.Çj¬0©¡....¢....¤œ0™....@€..¡.0. ....¡.0...username¢...DOMAIN.COM£.0. ....¡.0...krbtgt..DOMAIN.COM¥...19700101000000Z§...EœŠ»¨.0......................©.0.0. ....¡....d
    ..

    KDC to client

    ...P.`§.....¾..E..îIâ..€........d..X...ÚÈ‚~Ï0Ì.....¡....¤...20070104035844Z¥......¦....©...DOMAIN.COMª.0. ....¡.0...krbtgt..DOMAIN.COM¬r.p0n0V¡....¢O.M0K0. ....¡...0. ....¡....DOMAIN.COMusername0. ....¡...DOMAIN.COMusername0.¡....¢...0.¡.....¢...



    Client to KDC

    ......¾..#.èŒ..E...ª)...KF.d
    .........X..ç¶jø0õ¡....¢....£J0H0F¡....¢?.=0; .....¢4.2wâþ•4Jõ£I!›è9‘|±rL×.þÞLaÅdí.~†ÆÕ(XWõé6<7H./6ÓY¨.¤œ0™ ....@€..¡.0. ....¡.0...username¢...DOMAIN.COM£.0. ....¡.0...krbtgt..DOMAIN.COM¥...19700101000000Z§...EœŠ¼¨.0....

    KDC to client

    ...#.èŒ.....¾..E..xIó..€........d..X...d.Ž~Z0X ....¡....¤....20070104035844Z¥....°[¦...%©...DOMAIN.COMª.0. ....¡.0...krbtgt..DOMAIN.COM



    Does anyone know what I should check or do?

    Thanks.
    , Jan 4, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    3
    Views:
    1,847
    David
    Jan 9, 2004
  2. BarBaar
    Replies:
    0
    Views:
    690
    BarBaar
    Sep 10, 2004
  3. Rob

    Kerberos Errors.

    Rob, Sep 21, 2003, in forum: MCSE
    Replies:
    11
    Views:
    12,264
    huntleyjr
    Oct 28, 2003
  4. B Squared

    VPN using Kerberos authentication

    B Squared, Jun 23, 2006, in forum: Cisco
    Replies:
    0
    Views:
    4,293
    B Squared
    Jun 23, 2006
  5. XaBi
    Replies:
    4
    Views:
    4,620
Loading...

Share This Page