When using smbclient with Heimdal Kerberos, clock skew on the client is not taken into account in the TGS-REQ causing a KRB5KRB_AP_ERR_SKEW KRB-ERR response. There are two problems: * clock skew adjustment should be done for the TGS-REQ, but this is not implemented in the memory ccache in Heimdal (it is correctly implemented in the file ccache) * the error is reported as "FAST fast response is missing FX-FAST" instead of the expected "Clock skew too great" error message
This bug was referenced in samba master: e4d6a19e49260af22bffd2a417119489719ba364
Created attachment 18369 [details] Patch for v4-20-test
Created attachment 18370 [details] Patch for v4-19-test
Pushed to autobuild-v4-{20,19}-test.
This bug was referenced in samba v4-20-test: f4604a86fe1251b86b6f08a7fb3843a65092724d
This bug was referenced in samba v4-19-test: 8d08c8141344afe91052a258c22fae1ec886d8db
Closing out bug report. Thanks!
This bug was referenced in samba v4-20-stable (Release samba-4.20.3): f4604a86fe1251b86b6f08a7fb3843a65092724d
This bug was referenced in samba v4-19-stable (Release samba-4.19.8): 8d08c8141344afe91052a258c22fae1ec886d8db