CompTIA Server+ SK0-005 Practice Question

A systems administrator is troubleshooting intermittent authentication failures for users trying to access a Linux server recently joined to a Windows Active Directory domain. Users report "Access Denied" errors when connecting to network shares and "Authentication Failed" when using SSH with domain credentials. The administrator has already verified basic network connectivity and DNS resolution to the domain controllers. Which of the following commands should the administrator run to investigate the most probable cause of these Kerberos-related issues?

realm list
timedatectl
firewall-cmd --list-services
getfacl /srv/share

Report Issue

Answer Description

The correct answer is timedatectl. Kerberos, the authentication protocol used by Active Directory, is highly sensitive to time differences between clients and servers. If the time difference, or clock skew, between the Linux server and the domain controllers exceeds the maximum tolerance (typically five minutes), authentication requests will fail. The timedatectl command allows an administrator to quickly view the system's current time, timezone, and whether Network Time Protocol (NTP) synchronization is active and successful, making it the most effective first step to diagnose a suspected clock skew issue.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.