Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0027: Clock synchronization

Centrify DirectControl ,  

12 April,16 at 11:44 AM

Question:

Do the clocks have to be in sync and how does this affect logins.

Answer:

The only time users will have problems authenticating is if the time on the client machine drifts more than 5 minutes from the time on the server machine.

Users who are currently logged in will remain logged in, but will no longer be able to authenticate to new services using their kerberos credentials. New users will not be able to log in until the clocks are synchronized between the client and the server. This is used to prevent replay attacks.

The adjoin command will perform this syncing and keeping both clocks in sync. However if you do not want our program to do that you can use the -t option for adjoin and for our adclient daemon will disable this by editing the /etc/init.d/centrifydc startup script and adding the option -t -1 to the adclient line. The " -t or --notime " is used to indicate that you do not want to update the local computer time. Under normal circumstances, the local computer time should be updated to be synchronized with the Kerberos Key Distribution Center (KDC) in Active Directory. If you use this option, some ticket authentications may fail.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-1745: How to configure time synchronization when using Solaris Zones. articleKB-8942: What are the steps to migrate a RHEL Brightstore cluster to Centrify articleKB-2879: Which Windows GPs will also apply to Centrify-installed systems? articleKB-2429: Unable to analyze AIX 7.x Server using Deployment Manager. articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6041: How to show current license type in use by adclient? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin?