11.4 Limitations

This section covers the limitations and known issues that you may encounter while joining a workstation to a domain and logging in.

11.4.1 Joining a Workstation that Has Novell Client Installed

While joining a workstation to a domain, you do not need to have Novell Client installed. But if you have Novell Client installed on your workstation, it will affect DSfW communication. We recommend that you add the IP address of the DSfW server to the Bad Address Cache of the Novell Client.

For more information see, AppNote: Novell Client 4.9 SP2: Initialization, Login and Settings

11.4.2 Error while Joining a Workstation to a Domain

This error can occur due to the extra attributes that gets added in the Domain Password Policy after it has been opened using the iManager Passwords Plug-in and saved without making any changes.

To resolve this issue, see TID 7004481

11.4.3 Error While Joining a Workstation to a Domain if Time is Not Synchronized

While joining a workstation to a domain, you must ensure that the system time is synchronized between the Windows workstation and the DSfW server. Otherwise, you will receive an error indicating incorrect username or password. An error message similar to the following is logged in the /var/opt/novell/xad/log/kdc.log file:

Dec 04 10:50:37 sles10sp3 krb5kdc[5048](info): preauth (timestamp) verify failure: Clock skew too great
Dec 04 10:50:40 sles10sp3 krb5kdc[5048](info): AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.100.129: PREAUTH_FAILED: Administrator@NTS.NOVELL.COM for krbtgt/NTS.NOVELL.COM@NTS.NOVELL.COM, Clock skew too great