[Samba] Joining Windows 10 Domain Member to Samba AD/DC
Mark Foley
mfoley at novatec-inc.com
Sun Feb 11 04:11:18 UTC 2024
On Sat Feb 10 17:05:46 2024 Mark Foley via samba <samba at lists.samba.org> wrote:
> On Sat Feb 10 15:31:47 2024 Sonic <sonicsmith at gmail.com> wrote:
>
> On Sat, Feb 10, 2024 at 2:20 PM Mark Foley via samb<samba at lists.samba.org> wrote:
> > Does chrony have to be built in some special way to enable ntp-signd?
>
> Needs to be configured with "--enable-ntp-signd".
>
> > I may have to build from sources. I downloaded from the SlackBuilds repo and
> > have no idea how it was built. Is there an option to chronyd to list build
> > options? I didn't see one in the manpage.
YAAAAAAAY! Finally! I have my Windows domain members syncing with the DC!!!
Thanks to all who helped on this issue. Thanks in particular to luis whose
advice to 'tcpdump -v -i eth0 port 123' gave me the clue I needed to carry on,
which showed that my time server program(s) were not replying to the Windows
signd queries.
The need for signd was not new to me. I built ntpd from source 10 years ago
with --enable-ntp-signd and that worked fine. I thought I had done this on the
new DC as well, several times in fact, but either the 'make install' messed up
or I messed something up (probably the latter) and it just wouldn't work.
On the advice of many I installed chrony from the SlackBuilds repo, but that
build was not enabled for ntp-signd.
Finally I downloaded the chrony 4.5 source tarball from
https://chrony-project.org/download.html and built it with:
./configure --prefix=/sbin --with-user=chrony --mandir=/usr/man --enable-ntp-signd.
Thanks to Chris "Sonic" who gave me the --enable-ntp-signd option. That wasn't
mentioned in the INSTALL file (although was in the list in the configure script
comments).
That worked!
My Windows computers now have:
w32tm /query /source
mail.hprs.local
Again, thanks to all for your help and patience.
--Mark
More information about the samba
mailing list