2 PDC + Time Sync (ntp) problem
Daniele Dario
d.dario76 at gmail.com
Fri Dec 12 08:07:34 MST 2014
Hi Michai
On ven, 2014-12-12 at 14:28 +0100, Michał Półrolniczak wrote:
> im using samba 4.1.6-Ubuntu from repo (14.04.01)
> arne is PDC with SYSVOL (192.168.0.4)
> melanippe is Backup PDC with rsync (from wiki) replication of SYSVOL
> (192.168.0.5)
> any modification to AD is made by arne
> domain is: domain.local
>
> Windows Clients dosn't sync time from PDC (arne)
> when runing: w32tm /resync im getting "Access Denied. (0x80070005)
> w32tm /monitor im getting MELANIPPE.domain.local *** PDC
> ***[192.168.0.5:123]:
> ICMP: 0ms delay
> NTP: error ERROR_TIMEOUT - no respond from server for 1000ms
> arne.domain.local *** PDC ***[192.168.0.4:123]:
> ICMP: 0ms delay
> NTP: +9.2623479s shift from MELANIPPE.domain.local
> RefID: (here is some strange host name with ip not from my pool)
> Layer: 3
> Warning:
> Reverse dns it optimal for the solution. (sorry im using translator to
> give you english messages)
>
> So looking into the problem I:
> nslookup arne.domain.local
> (root) ??? unnow type 41 ???
> Server: UnKnow
> Address: 192.168.0.4
> Name: arne.domain.local
> Address: 192.168.0.4
>
> nslookup 192.168.0.4
> (root) ??? unnow type 41 ???
> Server: UnKnow
> Address: 192.168.0.4
> (root) ??? unnow type 41 ???
> *** No records availble internal type for both IPv4 and IPv6 Addresses
> (A+AAAA) for 192.168.0.4
>
> Same gose for 192.168.0.5
> Im using the build in DNS (not bind), ntp 4.2.6.p5+dfsg-3ubuntu2
> Using DNS Manager from Windows Admin Tools im getting Empty Reverse DNS
>
> arne: cat /etc/ntp.conf
> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
>
> driftfile /var/lib/ntp/ntp.drift
> logfile /var/log/ntp
> ntpsigndsocket /var/lib/ntp_signd/
>
> server 0.pl.pool.ntp.org iburst pref
> restrict default kod nomodify notrap nopeer mssntp
>
> restrict 127.0.0.1
>
> restrict 0.pl.pool.ntp.org mask 255.255.255.255 nomodify notrap
> nopeer noquery
>
>
> melanippe: cat /etc/ntp.conf
> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
>
> server arne.domain.local iburst prefer
>
> driftfile /var/lib/ntp/ntp.drift
> logfile /var/log/ntp
>
> restrict default kod nomodify notrap nopeer mssntp
>
> restrict 127.0.0.1
>
> restrict arne.domain.local mask 255.255.255.255 nomodify
> notrap nopeer noquery
>From what I know you have to manually create the reverse DNS zone. You
can do it using samba-tool dns zonecreate <server> <zone> or using DNS
manager from Windows Admin Tools. Than you need to populate the zone
adding your hosts (again samba-tool dns add <server> <zone> <name> <A|
AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data> or using DNS manager from Windows
Admin Tools).
About ntp: I'm not using samba from ubuntu/debian package but I compiled
it myself so paths are different. In my case ntpsignedsocket is
in /usr/local/samba/var/run/ntp_signd/ and I had to
modify /etc/apparmor.d/usr.sbin.ntpd adding
...
# for signed ntp requests
/usr/local/samba/var/run/ntp_signd/** rw,
/usr/local/samba/var/run/ntp_signd/ rw,
...
and reload apparmor profiles
Another thing (but not sure if relevant 'cause can't find anything to
prove it) is that on ntp.conf of "master" DC I added the line
broadcast BROADCAST_ADDRESS_OF_YOUR_LAN (e.g. 192.168.0.255)
Hope this helps,
Daniele.
More information about the samba-technical
mailing list