[Samba] time server directive and synchronizing Win XP clients

Gémes Géza geza at kzsdabas.sulinet.hu
Wed Oct 13 11:39:55 GMT 2004 

Jonathan Salomon írta:

>Hi all!
>
>I have configured a Samba PDC (3.0.7) on a Fedora Core 2 machine with LDAP
>authentication (conform http://samba.idealx.org/smbldap-howto.en.html). I
>have about 180 Windows XP Pro clients using this PDC to log onto the
>domain, which works great!
>
>However I seem to have trouble synchronizing the time on the clients to
>the time on the server. The users (in group Domain Users) do not have
>permissions to change the time on the clients and therefore 'net time /set
>/yes' in the netlogon will result in an error, as will 'w32tm /sync'.
>
>According to an earlier post to this list I found on Google
>(http://groups.google.com/groups?q=+pdc+samba+%22time+server+%22&hl=en&lr=&as_drrb=b&as_mind=1&as_minm=1&as_miny=2004&as_maxd=13&as_maxm=10&as_maxy=2004&selm=1Fo2I-86r-5%40gated-at.bofh.it&rnum=1)
>if the Win XP Pro clients are part of the domain (like in my case) they
>should automatically synch the time with the PDC if it runs a NTP service.
>This is exactly what I want, because in my opinion the time sych is
>something that is related to domain membership and not to domain logins
>(as with 'net time'). I have tried enabling an NTP service on the PDC and
>setting 'time server =yes' in smb.conf, but unfortunately the time on the
>clients still doesn't work.
>
>What am I missing here and could someone confirm behaviour described in
>above mentioned posting? If this is not the the is there another way to
>achieve what I want? I'd rather not manually grant Domain Users time
>setting priviledges on 180 clients.
>
>Thanks a lot!
>Jonathan
>  
>
This is true for an AD domain. But for an NT4 domain such as a Samba 
controled one is you have to "set" the time server for each of your 
workstations to the ip adress (or with a working DNS the ip name) of 
your NTP server. This way your XP machines would sync time automaticaly, 
and you wouldn't need time server =yes and net time //PDC /set /yes in 
logon script (only usefull for Windows 9x, or the quite strange case of 
all of your users beeing domain administrators). To set the timeserver 
on the XP machines we use the domain policy, with an adm file (attached) 
made by Andrew Bartlett.

Good Luck!
-------------- next part --------------
CLASS MACHINE

CATEGORY !!Time
	POLICY !!NTPServer
	KEYNAME SYSTEM\CurrentControlSet\Services\W32Time\Parameters
		PART !!NTP_SERVER 			EDITTEXT
			VALUENAME "NtpServer"
		END PART
		PART !!SERVERTYPE			EDITTEXT
			VALUENAME "type"
		END PART
	END POLICY
END CATEGORY	; Time

[Strings]
Time="Time Servers"
NTPServer="NTP Server"
NTP_SERVER="NTP Server address"
SERVERTYPE="Server Type (ntp)"

More information about the samba mailing list