[Samba] Samba4: W2k clients cannot set / sync time with samba4 AD DC
L.P.H. van Belle
belle at bazuin.nl
Thu Apr 25 07:08:18 MDT 2013
Just hack the registry entry,
on the pc's policies add "DOMAIN\Domain Users" to allow to sync time.
Under, Computer policy, Windows settings, Security, Local .. , user rights, "systemtime change"
With windows it works, because the time sync is done on pc level, not user level as far as i know
( how the homegroups work withing Windows 7 )
and even better, add change the "time.windows.com" in time to ntp.yoursamba4server.local
you can do this with registry level, then your always ok.
Louis
>-----Oorspronkelijk bericht-----
>Van: micromegas at mail333.com
>[mailto:samba-bounces at lists.samba.org] Namens ?icro MEGAS
>Verzonden: donderdag 25 april 2013 10:48
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba4: W2k clients cannot set / sync
>time with samba4 AD DC
>
>Hello,
>
>I HAVE sniffed the network traffic for this w2k client and
> provided the link via paste.ubuntu.com, so everybody can look inside
>that without the need
>of extra-tools like wireshark. And as I realized you have looked into
>that sniffed result output. I did it this way, because I work on an
>isolated test env which I cannot access through my computers
>and do file
> transfers. And I dont have wireshark installed on samba4 host, so I
>would not be able to transfer the .pcap file to my computer and upload
>it. But if you really prefer a .PCAP sniff of tcpdump I could do that,
>have to do some prerequisites for that network/switch to be able to
>transfer these files additionally to my computer.
>
>> Finally, I would ask that you help yourself:
>
>>
>> 08:28:00.436507 IP 172.16.200.66.3557 >
>samba4srv.mysite.com.ntp: NTPv2,
>
>> Client, length 68
>
>> 08:28:00.436576 IP samba4srv.mysite.com > 172.16.200.66:
>ICMP samba4srv
>
>> .mysite.com udp port ntp unreachable, length 104
>
>>
>> Is the NTP server set up correctly? If the clients can't contact the
>
>> NTP server, then it doesn't surprise me that they can't use it.
>
>Well, the NTP server on samba4 server is definitely (!) up and
>running. I can triple-check that by "ps", "netstat" and of course by
>getting the time of all my other clients (winxp, win7, linux, unix) so
>NTP server is definitely running on samba4 host.
>
>> 08:28:00.436576 IP samba4srv.mysite.com > 172.16.200.66:
>ICMP samba4srv
>
>> .mysite.com udp port ntp unreachable, length 104
>
>This was the last packet as I posted. Looks like samba4srv tried
> to reach the UDP:123 of w2k client, which of course will fail
>as no NTP
> server is running on w2k client side? I cannot explain that, but I
>definitely know that the NTP daemon is running fine on samba4 side.
>
>> I also don't understand why you can't use any number of other tools
>
>> (such as free NTP clients or forcing the NTP server with a script or
>
>> policy) to set the time for this specific deployment.
>
>Because I would prefer the raw way, as I would suppose from a
>Microsoft client to do. The inital problem was, that w2k
>clients are not
> able to perform dynamic updates, and one point that can cause this
>error is that the w2k is not in time sync with its associated domain
>controller (as it was in my case). I haved red carefully many tech and
>white papers of Microsoft which explains that W2k clients are not
>restricted on any way to do them because they CAN. But the problem is
>TIME DIFFERENCE. So I have to focus on this time sync issue,
>else I will
> not be able to do the final samba4 migration. As I said, I
>have lots of
> W2k clients in prod. environment and one would expect that they can
>sync their time. They can if a Microsoft Windows Server is
>used. So why
>the need to install, deploy or whatever, a 3rd party tool when
>it should
> work on raw way normally?
>
>Cheers,
>Lucas.
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list