NTP Configuration [Was: Re: A successful Samba 4 deployment]
Matt Ficken (Insight Global)
v-mafick at microsoft.com
Thu Dec 2 15:56:55 MST 2010
Windows uses the SNTP protocol(NTP + a Authentication Extension). See [MS-SNTP] (http://msdn.microsoft.com/en-us/library/cc246877(v=PROT.13).aspx), which extends [RFC1305]. The standard NTP authentication mechanism is in Appendix C of [RFC1305], and [MS-SNTP] is a further extension of that.
I think samba's NTP-SIGND test suite covers it.
-----Original Message-----
From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-bounces at lists.samba.org] On Behalf Of Christopher R. Hertel
Sent: Thursday, December 02, 2010 12:43 PM
To: Mark Rutherford
Cc: samba-technical at lists.samba.org
Subject: Re: NTP Configuration [Was: Re: A successful Samba 4 deployment]
Does Windows use NTP or SNTP protocol?
Mark Rutherford wrote:
> I never got it to work personally.
> If anyone has better luck with this I would love to hear it.
> My Windows clients do not appear to be sending the requests in a format
> the NTP daemon thinks it should sign.
> So the NTP daemon sends back an unsigned reply, from what I can tell.
>
> I just have not had time to sit there with a debugger to see what it's
> doing.
>
> On 12/2/2010 3:23 PM, Adam Tauno Williams wrote:
>> On Thu, 2010-11-11 at 05:27 -0500, Mark Rutherford wrote:
>>> The version in Debian Lenny does not appear to be compiled with
>>> --enable-ntp-signd so your
>>> going to have to compile it yourself.
>>> I was looking at the patch supplied to the NTP developers for clues and
>>> found a lot:
>>> https://support.ntp.org/bugs/show_bug.cgi?id=1028
>>> Putting ntpd in debug I never appear to get into send_via_ntp_signd() so
>>> I fear that I will be sitting here
>>> with wireshark, gdb and a Windows box unless anyone has a clue how my
>>> clients could be misconfigured?
>>> Is...
>>> w32tm /resync /rediscover
>>> the proper way to get a windows client to query the domain controller
>>> for time?
>>> When I do this I can see the ntp server getting the request, so it does
>>> something.
>> Are there any required steps to integrating NTP& Samba4? The Samba4
>> howto does not mention time service at all. The suggested configuration
>> below declares the path "/data/samba/samba4/prefix/var/run/ntp_signd/";
>> does Samba4 need to be informed of the NTP socket's path in some manner
>> (smb.conf directive?)?
>>
>> <ASIDE>I have a compatible NTP running on openSUSE 11.3 from the repo @
>> http://download.opensuse.org/repositories/home:/namtrac/openSUSE_11.3/
>> openSUSE has a bug for this issue [proper version of NTP]
>> <https://bugzilla.novell.com/show_bug.cgi?id=657194>
>> </ASIDE>
>>
>>> On 11/9/2010 2:45 PM, Andrew Bartlett wrote:
>>>> On Tue, 2010-11-09 at 11:00 -0500, Mark Rutherford wrote:
>>>>> We have been running for almost 2 weeks now without any major
>>>>> problems.
>>>>> All the problems I have encountered have been minor and fixed fairly
>>>>> quickly.
>>>>> The second issue has been time on clients.
>>>>> I have ntpd running on the DC but windows clients just throw event
>>>>> logs
>>>>> about not being able to get time from the domain controller for the
>>>>> last 8 times, etc etc.
>>>>> I have read some places that Windows uses sntp instead of ntp so I am
>>>>> not really sure about what I should be doing.
>>>> They are essentially the same protocol for PC-level clients, and they
>>>> use real NTP now anyway.
>>>> You need to install a current version of the ntp server, and have it
>>>> compiled with the options to know to talk to samba. (compile ntp with
>>>> the --enable-ntp-signd configure option or use current debian or
>>>> ubuntu).
>>>> in the ntp.conf you need (from memory)
>>>> restrict mynet mssntp
>>>> signdsocketdir /data/samba/samba4/prefix/var/run/ntp_signd/
>>
>
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list