[Samba] Joining Windows 10 Domain Member to Samba AD/DC
Mark Foley
mfoley at novatec-inc.com
Tue Jan 16 19:30:33 UTC 2024
After trying all the suggestions in the below listed excerpts from this thread, I've taken
time since my last posting on January 6th to continue this issue with the Microsoft forum:
https://learn.microsoft.com/en-us/answers/questions/1480474/unable-to-time-sync-with-domain-controller?page=1&orderby=helpful&comment=answer-1411748#newest-answer-comment
I likewise had no solution there.
So, I image-restored my Windows computer back to before I joined it to the
domain. I verified that when connected to the old domain the w32tm /query
/source was "mail.hprs.local".
I then unjoined that domain and joined to the new domain: hprs.locl. After
rebooting and logging in as the domain admin, and without doing anything, the
/source was time.windows.com,0x9 whereas I expected (hoped) it would be
dc1.hprs.locl as a default per the comments below.
I have no time source GPO configured, and did not create one per the advice
shown below. However, my Windows computer clearly does NOT default to the DC as
the time source as the comments below indicate it should.
I am now using chrony as the time server on the DC, also per advice, but I don't
think chrony vs. ntpd is the problem. On Windows I get:
C:\Users\Administrator.HPRS>w32tm /query /status
Leap Indicator: 3(not synchronized)
Stratum: 0 (unspecified)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)
As I've mentioned, this time synchromization worked perfectly well when this
same Windows domain member was connected to the Samba 4.8.2 domain.
Does anyone have any idea how I can specify my DC as the time source? Even if I
have to hard code this somehow? I have an image backup of the Windows dom.
member, so I can try an infinity of things.
Thanks --Mark
Some snippets from past thread messages for reference:
On Thu Jan 4 22:42:38 2024 Sonic <sonicsmith at gmail.com> wrote:
>
> On Thu, Jan 4, 2024 at 7:46 PM Mark Foley via samb<samba at lists.samba.org> wrote:
> >
> > I've added a Windows 10 domain member to my Domain. I'm now following the
> > procedure in https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member.
> > What's going wrong here?
> Is there some reason you need a GPO for this? By default the system
> should get its time from the DC.
> From the page you refer to:
> "Windows AD domain members will use any DC as their default time
> source. If you have set up ntp on the DC as described on this page,
> you usually do not need to reconfigure the clients. Alternative
> configuration options for the clients are described below."
>
> I've only used a GPO to point to a different time server when the DC
> is incapable of providing the time service (older DC running in a
> container).
> Chris
On Fri Jan 5 01:52:25 2024 Luis Peromarta <lperoma at icloud.com> wrote:
> You should not need no GPOa for this. What NTP software are you using ?
On Fri Jan 5 03:23:48 2024 Peter Milesson via samba <samba at lists.samba.org> wrote:
>
> Hi Mark,
>
> Also, no need to use a GPO for this. The domain members get their time
> from a DC anyway.
>
> HTH,
>
> Peter
On Fri Jan 5 14:31:40 2024 Peter Milesson via samba <samba at lists.samba.org> wrote:
>
> On Fri, Jan 5, 2024 at 2:32 PM Mark Foley via sam <samba at lists.samba.org> wrote:
> > <snip> I would think the wikis would mention the GPO not being
> > needed.
>
> Did you see the section titles "Default Time Source" in the page you
> link to that I quoted previously? The wiki clearly spells it out that
> using a GPO is usually unnecessary.
> > How do you know you're syncing with the DC?
> 'w32tm /query /status' will show you.
> > What does your 'w32tm /query /source' give you?
> My Windows domain members point to the DC.
Chris
More information about the samba
mailing list