Verifying the node hostname and time settings
Ensure that the node hostname and IP address is resolvable by DNS and node time is set to a well-known NTP.
For Kerberos the hostname is used for the Service Principal name, therefore the hostname must resolve to the correct IP address. (See Principal names and DNS. Kerberos authentication is sensitive to system time, manually set system clocks may cause issues. Ensure that node time is set to a well-known NTP.
Procedure
-
To verify the hostname:
nslookup $(hostname --fqdn) && hostname --fqdn && hostname -i
Server: 10.200.1.10 Address: 10.200.1.10#53 Name: node.example.com Address: 10.200.182.183 node.example.com 10.200.182.183
-
On each node, confirm that NTP is configured and running:
ntpq -p
remote refid st t when poll reach delay offset jitter ============================================================================== *li506-17.member 209.51.161.238 2 u 331 1024 377 80.289 1.384 1.842 -tock.eoni.com 216.228.192.69 2 u 410 1024 377 53.812 1.706 34.692 +time01.muskegon 64.113.32.5 2 u 402 1024 377 59.378 -1.635 1.840 -time-a.nist.gov .ACTS. 1 u 746 1024 151 132.832 26.931 55.018 +golem.canonical 131.188.3.220 2 u 994 1024 377 144.080 -1.732 20.072