[Samba] Correct NTP Settings for Samba 4.0.6?

Andrew Martin amartin at xes-inc.com
Sat Jul 27 09:39:21 MDT 2013 

----- Original Message -----
> From: "Thomas Simmons" <twsnnva at gmail.com>
> To: "Andrew Martin" <amartin at xes-inc.com>
> Cc: samba at lists.samba.org
> Sent: Saturday, July 27, 2013 10:33:49 AM
> Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6?
> 
> 
> 
> 
> 
> On Sat, Jul 27, 2013 at 2:26 AM, Andrew Martin < amartin at xes-inc.com
> > wrote:
> 
> 
> Hello,
> 
> I recently compiled Samba 4.0.6 (as an AD DC) and am running it on
> Ubuntu 12.04.
> I followed the instructions on the Samba wiki (
> https://wiki.samba.org/index.php/Configure_NTP )
> for how to configure ntp, however the domain clients are rejecting
> the DCs as
> being acceptable time sources. Below is my ntp.conf:
> 
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
> server 0.pool.ntp.org iburst prefer
> server 1.pool.ntp.org iburst prefer
> driftfile /var/lib/ntp/ntp.drift
> logfile /var/log/ntp
> ntpsigndsocket /var/run/samba/ntp_signd
> restrict default kod nomodify notrap nopeer mssntp
> restrict 127.0.0.1
> restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer
> noquery
> restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer
> noquery
> 
> Using Ubuntu, I am not using SELinux. I do not believe there to be
> any problems
> with apparmor, as it contains these lines in
> /etc/apparmor.d/usr.sbin.ntpd:
> # samba4 ntp signing socket
> /{,var/}run/samba/ntp_signd/socket rw,
> 
> What is the correct procedure for configuring NTP for a Samba4 AD DC?
> 
> Thanks,
> 
> Andrew
> 
> 
> When you compiled Samba, did you not use the standard install path
> (/usr/local/samba) or did you add an entry in smb.conf to use
> /var/run/samba/ntp_signd for the socket?
> 
Thomas,

When compiling Samba, I specified custom paths to be in line with Debian's
conventions for file locations:
conf_args = \
                --prefix=/usr \
                --enable-fhs \
                --sysconfdir=/etc \
                --localstatedir=/var \
                --with-privatedir=/var/lib/samba/private \
                --with-smbpasswd-file=/etc/samba/smbpasswd \
                --with-piddir=/var/run/samba \
                --with-pammodulesdir=/lib/$(DEB_HOST_MULTIARCH)/security \
                --with-pam \
                --with-syslog \
                --with-utmp \
                --with-pam_smbpass \
                --with-winbind \
                --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2 \
                --with-automount \
                --with-ldap \
                --with-ads \
                --with-dnsupdate \
                --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
                --with-modulesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/samba \
                --datadir=/usr/share \
                --with-lockdir=/var/run/samba \
                --with-statedir=/var/lib/samba \
                --with-cachedir=/var/cache/samba \
                --disable-avahi \
                --with-ctdb=/usr \
                --disable-rpath \
                --disable-ntdb \
                --disable-rpath-install \
                --bundled-libraries=NONE,pytevent,iniparser \
                --builtin-libraries=replace,ccan \
                --minimum-library-version="$(shell ./debian/autodeps.py --minimum-library-version)" \
                --without-getpass-replacement \
                --enable-debug


Thanks,

Andrew

More information about the samba mailing list