[Samba] DC Time Problems
Rowland Penny
rpenny at samba.org
Wed Oct 25 18:16:09 UTC 2023
On Wed, 25 Oct 2023 11:53:07 -0500
Ham via samba <samba at lists.samba.org> wrote:
> It appears that none of our windows clients are syncing their time
> with the samba DC. From what I can tell they are not able to get a
> response from the DC. For example, where the DC is named athena:
>
> >w32tm /monitor /computers:athena
>
> athena[10.10.1.10:123]
>
> ICMP: 0ms delay
>
> NTP: error ERROR_TIMEOUT - no response from server in 1000ms
>
> From a Linux machine there is also no response:
>
> ntpdate -q athena
> 24 Oct 16:47:41 ntpdate[33581]: no server suitable for
> synchronization found
>
>
> Here is the DC /etc/ntpsec/ntp.conf:
>
> # Where to retrieve the time from
> server 0.pool.ntp.org iburst prefer
> server 1.pool.ntp.org iburst prefer
> server 2.pool.ntp.org iburst prefer
>
> driftfile /var/lib/ntpsec/ntp.drift
> logfile /var/log/ntp.log
> #logconfig =all
> ntpsigndsocket /var/lib/samba/ntp_signd/
>
> # Access control
> # Default restriction: Allow clients only to query the time
> #restrict default kod nomodify notrap nopeer limited mssntp
> restrict -4 default kod limited nomodify notrap nopeer noquery mssntp
> # No restrictions for "localhost"
> restrict 127.0.0.1
> # Enable the time sources to only provide time to this host
> restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap
> nopeer noquery
> restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap
> nopeer noquery
> restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap
> nopeer noquery
>
>
> My DC is using Debian 11 and the Samba package from Debian.
>
> Any ideas on what the problem is?
>
Yes, ntpsec has replaced ntp and they (ntpsec) seem to have broken
ntp_signd. They also do not seem to be able to fix it. I also found out
that when the code was written to connect ntp and Samba, a Linux client
was never written.
Just use Chrony.
Rowland
More information about the samba
mailing list