Problems with Kerberos on NethServer AD at one client

Andy_Wismer · July 3, 2019, 9:23am

NethServer Version: latest
Module: samba AD

Hello

At one client using NethServer for AD, Mail and Fileserver - for about 2 years now - and until a week ago working really well.
Clients are still all Windows7, upgrade to Win10 prepared, but not quite ready.
There are 5 PCs / Users in this AD using Computers.
The system is completely virtualized on Proxmox.
Backups are done at night to a NAS. (Both Proxmox and Nethserver backups).

Problem: Since a week three clients show up with AD “Trust” problems, with a note on the screen about Kerberos Timing problems. The PC has VERY current time, it is synched with NTP to the Nethserver. One or two reboots, and the problem goes away, usually til next morning.

The fourth PC is a notebook, and is on a different Network segment than the others, this part isn’t congested by backups. The fifth PC doesn’t run Panda AntiVirus, but McAfee Enterprise.

After two reboots, no problem shows up anymore…

We’re not sure if it is a Panda AntiVirus issue, combined with Windows Updates (03:00) and Backup over LAN causing latency…

Is there any way to increase the Kerberos Timeout in Nethserver’s AD?

Maybe a DB-Key or some other option?

Thanks for any ideas!

Andy

m.traeumner · July 4, 2019, 11:21am

@support_team

m.traeumner · July 8, 2019, 11:06am

Perhaps @dev_team has an idea?

pike · July 8, 2019, 11:46am

@Andy_Wismer could you try to reboot the switch?

Andy_Wismer · July 10, 2019, 11:46am

Hi

Sorry for the delay. Today we got a new Seagate Backup Hub 8 TB which I intend to use to store Backups of the Synology NAS. It seems the problem emanated from the NAS saving to another NAS (Space, heat and other problems in the primary computer room) via LAN, on top of things via a segment used by a couple of PCs.

I’ll know tomorrow or the day after if this actually solves things.

The problem acceberated because a NAS overfilled…

More coming, tomorrow…
Andy

Andy_Wismer · July 13, 2019, 11:22am

Hi All

The Kerberos Problem was caused by a restore of a NethServer, where the AD was still running.
The NethServer had it’s Network IP changed, but not the AD part…

A System Problem caused the Restore to be inadvertedly started, causing our problems.

Solved!

pike · July 13, 2019, 3:26pm

Holy Kamoly! Thanks for your experience.