No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

SVN3000 did not set time zone and time,result cilnet can not pss authentication

Publication Date:  2012-09-22 Views:  90 Downloads:  0
Issue Description
SVN3000 linkage authentication with Active Directory list server,configured AD parameter in SVN3000 and search AD server user,authenticate in SVN server,but can not authenticated successful,prompt wrong user name and password
Alarm Information
none
Handling Process
In SVN3000,open switch of debug ad and debug ldap,try to identify cilnet,in order to check whole information

<SVN3000>
<SVN3000>debugging ad packet
<SVN3000>debugging ldap packet
<SVN3000>terminal debug
<SVN3000>
0.446918679 SVN3000 %%01AD/8/debug(d):
[AD(pkt):] Make kerbores AS Request packet successfully,username: test111

0.446918819 SVN3000 %%01AD/8/debug(d):
[AD(Pkt):] Send packet to AD-server(ServerIP:192.168.2.11,Port:88)

0.446918949 SVN3000 %%01AD/8/debug(d):
[AD(Pkt):] Send kerbores AS request packet successfully.

0.446919069 SVN3000 %%01AD/8/debug(d):
[AD(Pkt):] Recevied kerbores packet successfully, username: test111.

0.446919209 SVN3000 %%01AD/8/debug(d):
[AD(Pkt):] Kerberos server's response is bad, ErrorCode: 37.

0.446919339 SVN3000 %%01AD/8/debug(d):
[AD(Pkt):] Clock skew too great.

0.446919429 SVN3000 %%01USER/8/debug(d):
Virtual Gateway Client: Login failed. User information error.
Above of them,configure information [AD(Pkt):] Clock skew too great means difference of Authentication and be Authentication can not be too great,or will cause Authentication unsuccessful,for SVN3000 agency SVN client to AD server do authentication,so debug information Clock skew too great means difference of SVN3000 and AD server is too great
 Adjust SVN3000 clock information,cilnet also can not pass,display Clock skew too great,in misarrange we found the time zone of SVN3000 did not set,set it to (GMT+8:00),problems was solved
Root Cause
in SVN3000 can search AD server user correctly,means SVN3000 link with AD server successful,cilnet identified not successful,may be AD server problem,or SVN3000 configured and other options not correct
Suggestions
In SVN3000 configured authentication linkage with Active Directory or LDAP server,must set time zone and clock correctly,had better keep them error in 5m,or will result in client can not pass authentication

END