Calibrating the time
The difference between the clock on the Linux server and the clock on the AD or OD directory master server ('domain controllerA server that runs the authentication process in Microsoft Active Directory.') must not be more than 5 minutes (300 seconds).
There can be problems if the [libdefaults]
section of the krb5.conf file contains an entry called clockskew
and it is set to a very low value. The default for this value is 300.
Calibrating the clocks without a working NTP network can be difficult if this value is set too low. If the domain controller and Kerio MailServer computers are not calibrated by NTP, then remove this value if it exists. If they are calibrated by NTP but you still cannot authenticate, try increasing the value.