NTP Configuration [Was: Re: A successful Samba 4 deployment]

Adam Tauno Williams awilliam at whitemice.org
Thu Dec 2 13:23:45 MST 2010

On Thu, 2010-11-11 at 05:27 -0500, Mark Rutherford wrote: 
> The version in Debian Lenny does not appear to be compiled with 
> --enable-ntp-signd so your
> going to have to compile it yourself.
> I was looking at the patch supplied to the NTP developers for clues and 
> found a lot:
> https://support.ntp.org/bugs/show_bug.cgi?id=1028
> Putting ntpd in debug I never appear to get into send_via_ntp_signd() so 
> I fear that I will be sitting here
> with wireshark, gdb and a Windows box unless anyone has a clue how my 
> clients could be misconfigured?
> Is...
> w32tm /resync /rediscover
> the proper way to get a windows client to query the domain controller 
> for time?
> When I do this I can see the ntp server getting the request, so it does 
> something.

Are there any required steps to integrating NTP & Samba4?  The Samba4
howto does not mention time service at all.  The suggested configuration
below declares the path "/data/samba/samba4/prefix/var/run/ntp_signd/";
does Samba4 need to be informed of the NTP socket's path in some manner
(smb.conf directive?)?

<ASIDE>I have a compatible NTP running on openSUSE 11.3 from the repo @
openSUSE has a bug for this issue [proper version of NTP]

> On 11/9/2010 2:45 PM, Andrew Bartlett wrote:
> > On Tue, 2010-11-09 at 11:00 -0500, Mark Rutherford wrote:
> >> We have been running for almost 2 weeks now without any major problems.
> >> All the problems I have encountered have been minor and fixed fairly
> >> quickly.
> >> The second issue has been time on clients.
> >> I have ntpd running on the DC but windows clients just throw event logs
> >> about not being able to get time from the domain controller for the
> >> last 8 times, etc etc.
> >> I have read some places that Windows uses sntp instead of ntp so I am
> >> not really sure about what I should be doing.
> > They are essentially the same protocol for PC-level clients, and they
> > use real NTP now anyway.
> > You need to install a current version of the ntp server, and have it
> > compiled with the options to know to talk to samba.  (compile ntp with
> > the --enable-ntp-signd configure option or use current debian or
> > ubuntu).
> > in the ntp.conf you need (from memory)
> > restrict mynet mssntp
> > signdsocketdir /data/samba/samba4/prefix/var/run/ntp_signd/

More information about the samba-technical mailing list