NTP Configuration [Was: Re: A successful Samba 4 deployment]

Mark Rutherford mark at lowcountrybilling.com
Thu Dec 2 13:28:00 MST 2010

I never got it to work personally.
If anyone has better luck with this I would love to hear it.
My Windows clients do not appear to be sending the requests in a format 
the NTP daemon thinks it should sign.
So the NTP daemon sends back an unsigned reply, from what I can tell.

I just have not had time to sit there with a debugger to see what it's 

On 12/2/2010 3:23 PM, Adam Tauno Williams wrote:
> On Thu, 2010-11-11 at 05:27 -0500, Mark Rutherford wrote:
>> The version in Debian Lenny does not appear to be compiled with
>> --enable-ntp-signd so your
>> going to have to compile it yourself.
>> I was looking at the patch supplied to the NTP developers for clues and
>> found a lot:
>> https://support.ntp.org/bugs/show_bug.cgi?id=1028
>> Putting ntpd in debug I never appear to get into send_via_ntp_signd() so
>> I fear that I will be sitting here
>> with wireshark, gdb and a Windows box unless anyone has a clue how my
>> clients could be misconfigured?
>> Is...
>> w32tm /resync /rediscover
>> the proper way to get a windows client to query the domain controller
>> for time?
>> When I do this I can see the ntp server getting the request, so it does
>> something.
> Are there any required steps to integrating NTP&  Samba4?  The Samba4
> howto does not mention time service at all.  The suggested configuration
> below declares the path "/data/samba/samba4/prefix/var/run/ntp_signd/";
> does Samba4 need to be informed of the NTP socket's path in some manner
> (smb.conf directive?)?
> <ASIDE>I have a compatible NTP running on openSUSE 11.3 from the repo @
> http://download.opensuse.org/repositories/home:/namtrac/openSUSE_11.3/
> openSUSE has a bug for this issue [proper version of NTP]
> <https://bugzilla.novell.com/show_bug.cgi?id=657194>
> </ASIDE>
>> On 11/9/2010 2:45 PM, Andrew Bartlett wrote:
>>> On Tue, 2010-11-09 at 11:00 -0500, Mark Rutherford wrote:
>>>> We have been running for almost 2 weeks now without any major problems.
>>>> All the problems I have encountered have been minor and fixed fairly
>>>> quickly.
>>>> The second issue has been time on clients.
>>>> I have ntpd running on the DC but windows clients just throw event logs
>>>> about not being able to get time from the domain controller for the
>>>> last 8 times, etc etc.
>>>> I have read some places that Windows uses sntp instead of ntp so I am
>>>> not really sure about what I should be doing.
>>> They are essentially the same protocol for PC-level clients, and they
>>> use real NTP now anyway.
>>> You need to install a current version of the ntp server, and have it
>>> compiled with the options to know to talk to samba.  (compile ntp with
>>> the --enable-ntp-signd configure option or use current debian or
>>> ubuntu).
>>> in the ntp.conf you need (from memory)
>>> restrict mynet mssntp
>>> signdsocketdir /data/samba/samba4/prefix/var/run/ntp_signd/

More information about the samba-technical mailing list