S.O. Ubuntu 18.04.4, Samba version 4.7.6-Ubuntu
I have this problem with this machine. Whenever the system restarts, winbind.service fail to start properly, and error "clock skew too great" is recorded in logs.
winbind log:
[2020/02/17 17:25:12.840317, 0] ../source3/winbindd/winbindd_cache.c:3170(initialize_winbindd_cache)
initialize_winbindd_cache: clearing cache and re-creating with version number 2
[2020/02/17 17:25:12.879543, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'winbindd' finished starting up and ready to serve connections
[2020/02/17 17:25:18.175567, 0] ../source3/librpc/crypto/gse.c:532(gse_get_client_auth_token)
gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great](2529638949)
[2020/02/17 17:25:18.397020, 0] ../source3/librpc/crypto/gse.c:532(gse_get_client_auth_token)
gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great](2529638949)
[2020/02/17 17:25:18.909264, 0] ../source3/librpc/crypto/gse.c:532(gse_get_client_auth_token)
gse_get_client_auth_token: gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great](2529638949)
Once the machine is started, I can manually systemctl restart winbind and it starts with no problem at all.
I have checked every possible configuration and all seems to be in order. Also I have recreated the machine from scratch.
I have configured chrony the time synchronization client, and also tried with systemd-timesync. The machine in fact is synchronized when I check it.
I have also tried to edit /lib/systemd/system/winbind.service by adding After=chrony.service but that makes no difference.
In the DC, chrony shows that clients are connected:
Hostname NTP Drop Int IntL Last Cmd Drop Int Last
===============================================================================
smb1.domain.club 181 0 6 - 36 0 0 - -
giorgilaptop.domain.club 3 0 12 - 40m 0 0 - -
plex.domain.club 110 0 6 - 0 0 0 - -
In the machine that fails, also the right source is shown
localuser@smb1:~$ sudo chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* dc1.domain.club 2 6 377 47 -12us[ -17us] +/- 20ms
The machine was created following these steps:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
EDIT: Apparently this happens when the vms run in ESXI 6.7 in my server. I have downloaded the vm to wmware workstation and winbind start without any problem. This would have to be related in some way with esxi and time synchronization.
Best Answer
Problem solved.
If you are using Vmware ESXi as I do, you have to enable the ntp synchronization in the ESXi settings so it starts with the host, and add the same pools as your domain controller has configured in the ntp server.
Then, for every virtual machine that is a domain member you have to enable under vmware tools options the time synchronyzation between the guest machine and the host.