[Samba] Correct NTP Settings for Samba 4.0.6?
Thomas Simmons
twsnnva at gmail.com
Sat Jul 27 10:03:49 MDT 2013
The ls -l command you ran shows the ntp_signd directory is empty, so it
looks like samba is not creating the socket (at least in that location). Do
you have the "ntp signd socket directory" option in your smb.conf? If not,
try manually it to smb.conf:
ntp signd socket directory = /var/run/samba/ntp_signd
Apart from that, my suggestion would be to stop apparmor and iptables for
testing and run ntp and samba with verbose logging on and see what it says.
Also, what does "w32tm /query /source" and "w32tm /monitor" show on the
client?
On Sat, Jul 27, 2013 at 11:39 AM, Andrew Martin <amartin at xes-inc.com> wrote:
> ----- Original Message -----
> > From: "Thomas Simmons" <twsnnva at gmail.com>
> > To: "Andrew Martin" <amartin at xes-inc.com>
> > Cc: samba at lists.samba.org
> > Sent: Saturday, July 27, 2013 10:33:49 AM
> > Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6?
> >
> >
> >
> >
> >
> > On Sat, Jul 27, 2013 at 2:26 AM, Andrew Martin < amartin at xes-inc.com
> > > wrote:
> >
> >
> > Hello,
> >
> > I recently compiled Samba 4.0.6 (as an AD DC) and am running it on
> > Ubuntu 12.04.
> > I followed the instructions on the Samba wiki (
> > https://wiki.samba.org/index.php/Configure_NTP )
> > for how to configure ntp, however the domain clients are rejecting
> > the DCs as
> > being acceptable time sources. Below is my ntp.conf:
> >
> > server 127.127.1.0
> > fudge 127.127.1.0 stratum 10
> > server 0.pool.ntp.org iburst prefer
> > server 1.pool.ntp.org iburst prefer
> > driftfile /var/lib/ntp/ntp.drift
> > logfile /var/log/ntp
> > ntpsigndsocket /var/run/samba/ntp_signd
> > restrict default kod nomodify notrap nopeer mssntp
> > restrict 127.0.0.1
> > restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer
> > noquery
> > restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer
> > noquery
> >
> > Using Ubuntu, I am not using SELinux. I do not believe there to be
> > any problems
> > with apparmor, as it contains these lines in
> > /etc/apparmor.d/usr.sbin.ntpd:
> > # samba4 ntp signing socket
> > /{,var/}run/samba/ntp_signd/socket rw,
> >
> > What is the correct procedure for configuring NTP for a Samba4 AD DC?
> >
> > Thanks,
> >
> > Andrew
> >
> >
> > When you compiled Samba, did you not use the standard install path
> > (/usr/local/samba) or did you add an entry in smb.conf to use
> > /var/run/samba/ntp_signd for the socket?
> >
> Thomas,
>
> When compiling Samba, I specified custom paths to be in line with Debian's
> conventions for file locations:
> conf_args = \
> --prefix=/usr \
> --enable-fhs \
> --sysconfdir=/etc \
> --localstatedir=/var \
> --with-privatedir=/var/lib/samba/private \
> --with-smbpasswd-file=/etc/samba/smbpasswd \
> --with-piddir=/var/run/samba \
> --with-pammodulesdir=/lib/$(DEB_HOST_MULTIARCH)/security \
> --with-pam \
> --with-syslog \
> --with-utmp \
> --with-pam_smbpass \
> --with-winbind \
>
> --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2
> \
> --with-automount \
> --with-ldap \
> --with-ads \
> --with-dnsupdate \
> --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
> --with-modulesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/samba \
> --datadir=/usr/share \
> --with-lockdir=/var/run/samba \
> --with-statedir=/var/lib/samba \
> --with-cachedir=/var/cache/samba \
> --disable-avahi \
> --with-ctdb=/usr \
> --disable-rpath \
> --disable-ntdb \
> --disable-rpath-install \
> --bundled-libraries=NONE,pytevent,iniparser \
> --builtin-libraries=replace,ccan \
> --minimum-library-version="$(shell ./debian/autodeps.py
> --minimum-library-version)" \
> --without-getpass-replacement \
> --enable-debug
>
>
> Thanks,
>
> Andrew
>
More information about the samba
mailing list