[Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)

Gregory Sloop gregs at sloop.net
Tue Apr 9 09:14:19 MDT 2013 

iM> I am using Samba 4.0.4 as AD DC on my test environment and
iM> realized that all my W2k clients (default installation, no special
iM> setups made on the clients) cannot receive the correct time of my
iM> samba 4.0.4 AD domain controller. Windows XP and 7 work fine
iM> though. The problem occurs at three W2k test clients I tried with.
iM> The default behavior of Windows clients is to use the update type
iM> "Nt5DS" which means, that the client tries to get the time of its
iM> domain controller. Unfortunately this fails for my W2k clients in
iM> conjunction with Samba 4.0.4 and also an error in event log
iM> appears, that says that the time couldnt be retrieved of my samba4
iM> server "mysmb4srv.ad.mycompany.com".

iM> As soon as I execute on win2000 clients cmd prompt "net time
iM> /setsntp:mysmb4srv.ad.mycompany.com" it works. This command causes
iM> the registry entries under HKLM\System\Current Control
iM> Set\Services\W32Time\Parameters to change the default behavior
iM> from type=Nt5DS to type=NTP and adds a line NTP
iM> server=mysmb4srv.ad.mycompany.com". With this setting the time
iM> sync works fine as soon as I restart the Windows Time Service. I
iM> have logged the received ntp packets at samba4's side:

iM> Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server which is installed
iM> and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the "Nt5DS" discovery mode
iM> on win2000 clients doesnt interact fine with samba4 ??? Here are
iM> the "tcpdump -vv udp port 123" logs

I'm sure someone will give you more data, but W2000 was completely out
of maintenance mode, what, two+ years ago?

Making changes to the registry so it will use NTP for time updates is
fairly easy - which will make it compatible with the AD server.

It would seem, to me at least, a bad use of resources to
trouble-shoot/fix a Win2000 problem when there are work-around's and
when Win2000 is not supported any more, and has multiple unpatched
vulnerabilities.

Just my opinion of course.

-Greg

More information about the samba mailing list