ACS 5.0 clock skew

rgonzalch · ‎05-19-2010

Hi,

I have acs 5.0 and i am trying to get this with AD but when i do the test connection i have a log that say CLock skew.

I have the acs with ntp and zonetime but AD does not have ntp but the clock its almost the same. People that manage AD does not want to syncrhonize with ntp without true reason because documentation says that acs and ad should be on the same ntp but not must.

AD must have ntp?

Regards.

Jatin Katyal · ‎05-19-2010

The error message you are getting is no doubtly due to time syncronization. ACS 5.1 has to be configured with a valid NTP server for time synchronization, preferably from where the domain controller is syncing its time but AD should be configured with NTP for time syncronization. It won'y work if you manually set the clock even though its correctly setup. Another one is a valid DNS server which can resolve internal names.

Both of them will be configured from the CLI:
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_use.html#wp1096003

ip name-server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1729536

Ntp server
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/command/reference/cli_app_a.html#wp1013780

HTH

JK

Do rate helpul posts-

~Jatin

rgonzalch · ‎07-15-2010

Hi,

It is working w/o NTP only i had to configure the same clock timezone.

But thanks for all.

Regards