[Samba] Samba4: W2k clients cannot set / sync time with samba4 AD DC
?icro MEGAS
micromegas at mail333.com
Thu Apr 25 02:47:37 MDT 2013
Hello,
I HAVE sniffed the network traffic for this w2k client and
provided the link via paste.ubuntu.com, so everybody can look inside
that without the need
of extra-tools like wireshark. And as I realized you have looked into
that sniffed result output. I did it this way, because I work on an
isolated test env which I cannot access through my computers and do file
transfers. And I dont have wireshark installed on samba4 host, so I
would not be able to transfer the .pcap file to my computer and upload
it. But if you really prefer a .PCAP sniff of tcpdump I could do that,
have to do some prerequisites for that network/switch to be able to
transfer these files additionally to my computer.
> Finally, I would ask that you help yourself:
>
> 08:28:00.436507 IP 172.16.200.66.3557 > samba4srv.mysite.com.ntp: NTPv2,
> Client, length 68
> 08:28:00.436576 IP samba4srv.mysite.com > 172.16.200.66: ICMP samba4srv
> .mysite.com udp port ntp unreachable, length 104
>
> Is the NTP server set up correctly? If the clients can't contact the
> NTP server, then it doesn't surprise me that they can't use it.
Well, the NTP server on samba4 server is definitely (!) up and
running. I can triple-check that by "ps", "netstat" and of course by
getting the time of all my other clients (winxp, win7, linux, unix) so
NTP server is definitely running on samba4 host.
> 08:28:00.436576 IP samba4srv.mysite.com > 172.16.200.66: ICMP samba4srv
> .mysite.com udp port ntp unreachable, length 104
This was the last packet as I posted. Looks like samba4srv tried
to reach the UDP:123 of w2k client, which of course will fail as no NTP
server is running on w2k client side? I cannot explain that, but I
definitely know that the NTP daemon is running fine on samba4 side.
> I also don't understand why you can't use any number of other tools
> (such as free NTP clients or forcing the NTP server with a script or
> policy) to set the time for this specific deployment.
Because I would prefer the raw way, as I would suppose from a
Microsoft client to do. The inital problem was, that w2k clients are not
able to perform dynamic updates, and one point that can cause this
error is that the w2k is not in time sync with its associated domain
controller (as it was in my case). I haved red carefully many tech and
white papers of Microsoft which explains that W2k clients are not
restricted on any way to do them because they CAN. But the problem is
TIME DIFFERENCE. So I have to focus on this time sync issue, else I will
not be able to do the final samba4 migration. As I said, I have lots of
W2k clients in prod. environment and one would expect that they can
sync their time. They can if a Microsoft Windows Server is used. So why
the need to install, deploy or whatever, a 3rd party tool when it should
work on raw way normally?
Cheers,
Lucas.
More information about the samba
mailing list