[Samba] Samba4: W2k c­lients cannot set / sync ­time with samba4 AD DC

?icro MEGAS micromegas at mail333.com
Thu Apr 25 02:47:37 MDT 2013


I HAVE sniffed the network traffic for this w2k client and
 provided the link via paste.ubuntu.com, so everybody can look inside 
that without the need 
of extra-tools like wireshark. And as I realized you have looked into 
that sniffed result output. I did it this way, because I work on an 
isolated test env which I cannot access through my computers and do file
 transfers. And I dont have wireshark installed on samba4 host, so I 
would not be able to transfer the .pcap file to my computer and upload 
it. But if you really prefer a .PCAP sniff of tcpdump I could do that, 
have to do some prerequisites for that network/switch to be able to 
transfer these files additionally to my computer.

> Finally, I would ask that you help yourself:

> 08:28:00.436507 IP > samba4srv.mysite.com.ntp: NTPv2,

> Client, length 68

> 08:28:00.436576 IP samba4srv.mysite.com > ICMP samba4srv

> .mysite.com udp port ntp unreachable, length 104

> Is the NTP server set up correctly?  If the clients can't contact the

> NTP server, then it doesn't surprise me that they can't use it.

Well, the NTP server on samba4 server is definitely (!) up and 
running. I can triple-check that by "ps", "netstat" and of course by 
getting the time of all my other clients (winxp, win7, linux, unix) so 
NTP server is definitely running on samba4 host.

> 08:28:00.436576 IP samba4srv.mysite.com > ICMP samba4srv

> .mysite.com udp port ntp unreachable, length 104

This was the last packet as I posted. Looks like samba4srv tried
 to reach the UDP:123 of w2k client, which of course will fail as no NTP
 server is running on w2k client side? I cannot explain that, but I 
definitely know that the NTP daemon is running fine on samba4 side.

> I also don't understand why you can't use any number of other tools

> (such as free NTP clients or forcing the NTP server with a script or

> policy) to set the time for this specific deployment.

Because I would prefer the raw way, as I would suppose from a 
Microsoft client to do. The inital problem was, that w2k clients are not
 able to perform dynamic updates, and one point that can cause this 
error is that the w2k is not in time sync with its associated domain 
controller (as it was in my case). I haved red carefully many tech and 
white papers of Microsoft which explains that W2k clients are not 
restricted on any way to do them because they CAN. But the problem is 
TIME DIFFERENCE. So I have to focus on this time sync issue, else I will
 not be able to do the final samba4 migration. As I said, I have lots of
 W2k clients in prod. environment and one would expect that they can 
sync their time. They can if a Microsoft Windows Server is used. So why 
the need to install, deploy or whatever, a 3rd party tool when it should
 work on raw way normally?


More information about the samba mailing list