[Samba] Time sync
Sandbox
sandboxheh at gmail.com
Mon Feb 10 03:53:37 MST 2014
Those settings how should apply on Samba4?
I suppose the servers wont read any settings from the GPO?!
Btw as I trying to solve the problem i have the feeling the problem isnt
from server side, while i sat ntpd's debuglevel to 5 I can see when my
second domain controller is quering the server but while i running w32tm on
clients as admin rights it says there were no usable time data and in the
log i cant find a single request from the client.
Robert
2014-02-10 8:41 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
> Hai,
>
> Here is the way to setup Time in AD .
>
> http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
>
>
> If above don't work, a dirty trick is to give the "Domain users" accesss
> on the registry key for Time
> i didnt test this with windows 7, but for xp this works.
>
> Gr.
>
> Louis
>
>
>
> ------------------------------
> *Van:* Sandbox [mailto:sandboxheh at gmail.com]
> *Verzonden:* maandag 10 februari 2014 8:08
> *Aan:* L.P.H. van Belle; samba at lists.samba.org
> *Onderwerp:* Re: [Samba] Time sync
>
> Hi,
>
> I tried everything as admin.
>
> w32tm /query /peers gives a response:
>
> Partners: 1
>
> domainc02.zirc.tak.lan
> Status: Active
> Remaining time: 553.2830765s
> Mode: 3 (not specified)
> Stratum: 0
> Query time: 0 (not specified)
> Station query time: 10 (1024s)
>
>
>
>
>
> 2014-02-07 15:03 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
>
>> what your saying is correct.
>>
>> Permission denied 0x8007005 is correct, if you did run it as "User"
>>
>> Your "users" are no admin, and you need to do this as adminsitrator ( or
>> member of admin group )
>>
>> test it as adminstrator.
>> ( of temporarly add a user to "Domain Admin" and try again.
>>
>> what does : w32tm /query /peers says when run as Administrator?
>>
>>
>>
>>
>> >-----Oorspronkelijk bericht-----
>> >Van: sandboxheh at gmail.com
>> >[mailto:samba-bounces at lists.samba.org] Namens Sandbox
>> >Verzonden: vrijdag 7 februari 2014 14:48
>> >Aan: samba at lists.samba.org
>> >Onderwerp: [Samba] Time sync
>> >
>> >Hy Guys,
>> >
>> >
>> >My samba version: 4.0.13
>> >ntp version: 4.2.6p3
>> >Ubuntu 12.04.3 LTS
>> >
>> >I have a weird problem, I sat up the time service via
>> >https://wiki.samba.org/index.php/Configure_NTP
>> >
>> >On the servers I have no firewall.
>> >This port is open when i check with nmap, ntp runs.
>> >
>> >Looks like all of my Windows 7 clients works fine but w32tm
>> >/resync says
>> >Permission denied 0x8007005, so not that good :)
>> >
>> >Windows XP, Windows 2003 server machines could not syncronize,
>> >my logs are
>> >full of w32tm error messages. eg: can't find any suitable time
>> >server, or
>> >the time server is not answered for X tries ...
>> >
>> >When i try to run w32tm /resync it says, cant find any time server, but
>> >when i run w32tm /monitor it shows all 3 domain servers
>> >
>> >If I run tcpdump 0 package reach the server with the w32tm
>> >/resync command,
>> >if i run w32tm /monitor command the packages shown on the
>> >server as you can
>> >see below:
>> >
>> >DOMAINC01 tcpdump:
>> >
>> >root at domainc01:/etc# tcpdump 'udp port 123' -v
>> >tcpdump: listening on eth0, link-type EN10MB (Ethernet),
>> >capture size 65535
>> >bytes
>> >14:34:05.797192 IP (tos 0x0, ttl 128, id 21522, offset 0, flags [none],
>> >proto UDP (17), length 76)
>> > 10.48.16.29.49352 > domainc01.zirc.tak.lan.ntp: NTPv1, length 48
>> > Client, Leap indicator: (0), Stratum 0 (unspecified), poll 0s,
>> >precision 0
>> > Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID:
>> >(unspec)
>> > Reference Timestamp: 0.000000000
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768998.104618303
>> >(2014/02/07 14:36:38)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768998.104618303
>> >(2014/02/07 14:36:38)
>> >14:34:05.797337 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc01.zirc.tak.lan.ntp > 10.48.16.29.49352: NTPv1, length 48
>> > Server, Leap indicator: (0), Stratum 13 (secondary reference),
>> >poll 3s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 7.947891, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768819.036704674
>> >(2014/02/07 14:33:39)
>> > Originator Timestamp: 3600768998.104618303
>> >(2014/02/07 14:36:38)
>> > Receive Timestamp: 3600768845.797192633
>> >(2014/02/07 14:34:05)
>> > Transmit Timestamp: 3600768845.797325670
>> >(2014/02/07 14:34:05)
>> > Originator - Receive Timestamp: -152.307425647
>> > Originator - Transmit Timestamp: -152.307292610
>> >14:34:45.036688 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc01.zirc.tak.lan.ntp > 10.48.16.254.ntp: NTPv4, length 48
>> > Client, Leap indicator: (0), Stratum 13 (secondary reference),
>> >poll 6s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 3.947769, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768883.036675784
>> >(2014/02/07 14:34:43)
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768885.036673054
>> >(2014/02/07 14:34:45)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768885.036673054
>> >(2014/02/07 14:34:45)
>> >14:34:46.036698 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc01.zirc.tak.lan.ntp > 10.48.0.0.ntp: NTPv4, length 48
>> > Broadcast, Leap indicator: (0), Stratum 13 (secondary
>> >reference),
>> >poll 6s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 3.947784, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768883.036675784
>> >(2014/02/07 14:34:43)
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768886.036677435
>> >(2014/02/07 14:34:46)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768886.036677435
>> >(2014/02/07 14:34:46)
>> >
>> >DOMAINC02 tcpdump:
>> >
>> >root at domainc02:/var/log# tcpdump 'udp port 123' -v
>> >tcpdump: listening on eth0, link-type EN10MB (Ethernet),
>> >capture size 65535
>> >bytes
>> >14:33:52.297447 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc02.zirc.tak.lan.ntp > 10.48.16.254.ntp: NTPv4, length 48
>> > Client, Leap indicator: (0), Stratum 13 (secondary reference),
>> >poll 6s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 7.947509, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768831.297442376
>> >(2014/02/07 14:33:51)
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768832.297414183
>> >(2014/02/07 14:33:52)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768832.297414183
>> >(2014/02/07 14:33:52)
>> >14:33:53.297425 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc02.zirc.tak.lan.ntp > 10.48.0.0.ntp: NTPv4, length 48
>> > Broadcast, Leap indicator: (0), Stratum 13 (secondary
>> >reference),
>> >poll 6s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 7.947525, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768831.297442376
>> >(2014/02/07 14:33:51)
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768833.297407180
>> >(2014/02/07 14:33:53)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768833.297407180
>> >(2014/02/07 14:33:53)
>> >14:34:11.782722 IP (tos 0x0, ttl 128, id 21523, offset 0, flags [none],
>> >proto UDP (17), length 76)
>> > 10.48.16.29.49353 > domainc02.zirc.tak.lan.ntp: NTPv1, length 48
>> > Client, Leap indicator: (0), Stratum 0 (unspecified), poll 0s,
>> >precision 0
>> > Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID:
>> >(unspec)
>> > Reference Timestamp: 0.000000000
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768998.104618303
>> >(2014/02/07 14:36:38)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768998.104618303
>> >(2014/02/07 14:36:38)
>> >14:34:11.782851 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc02.zirc.tak.lan.ntp > 10.48.16.29.49353: NTPv1, length 48
>> > Server, Leap indicator: (0), Stratum 13 (secondary reference),
>> >poll 3s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 7.947799, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768831.297442376
>> >(2014/02/07 14:33:51)
>> > Originator Timestamp: 3600768998.104618303
>> >(2014/02/07 14:36:38)
>> > Receive Timestamp: 3600768851.782722771
>> >(2014/02/07 14:34:11)
>> > Transmit Timestamp: 3600768851.782839119
>> >(2014/02/07 14:34:11)
>> > Originator - Receive Timestamp: -146.321895509
>> > Originator - Transmit Timestamp: -146.321779191
>> >14:34:57.297430 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc02.zirc.tak.lan.ntp > 10.48.16.254.ntp: NTPv4, length 48
>> > Client, Leap indicator: (0), Stratum 13 (secondary reference),
>> >poll 6s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 3.947769, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768895.297423839
>> >(2014/02/07 14:34:55)
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768897.297415852
>> >(2014/02/07 14:34:57)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768897.297415852
>> >(2014/02/07 14:34:57)
>> >14:34:58.297434 IP (tos 0xc0, ttl 64, id 0, offset 0, flags
>> >[DF], proto UDP
>> >(17), length 76)
>> > domainc02.zirc.tak.lan.ntp > 10.48.0.0.ntp: NTPv4, length 48
>> > Broadcast, Leap indicator: (0), Stratum 13 (secondary
>> >reference),
>> >poll 6s, precision -20
>> > Root Delay: 0.000000, Root dispersion: 3.947784, Reference-ID:
>> >127.127.1.0
>> > Reference Timestamp: 3600768895.297423839
>> >(2014/02/07 14:34:55)
>> > Originator Timestamp: 0.000000000
>> > Receive Timestamp: 0.000000000
>> > Transmit Timestamp: 3600768898.297414481
>> >(2014/02/07 14:34:58)
>> > Originator - Receive Timestamp: 0.000000000
>> > Originator - Transmit Timestamp: 3600768898.297414481
>> >(2014/02/07 14:34:58)
>> >
>> >
>> >10.48.16.254 is my "reference" time server.
>> >
>> >net time command runs succesfully
>> >
>> >
>> >MY NTP.CONF:
>> >
>> >---------------------------------------------------------
>> ># /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
>> >
>> >####SAMBA4 CONF###
>> >ntpsigndsocket /opt/samba4/var/lib/ntp_signd/
>> >restrict default mssntp
>> >logfile /var/log/ntp.log
>> >server 127.127.1.0
>> >fudge 127.127.1.0 stratum 12
>> >driftfile /var/lib/ntp/ntp.drift
>> >
>> ># Enable this if you want statistics to be logged.
>> >statsdir /var/log/ntpstats/
>> >statistics loopstats peerstats clockstats
>> >filegen loopstats file loopstats type day enable
>> >filegen peerstats file peerstats type day enable
>> >filegen clockstats file clockstats type day enable
>> ># Specify one or more NTP servers.
>> ># Use servers from the NTP Pool Project. Approved by Ubuntu
>> >Technical Board
>> ># on 2011-02-08 (LP: #104525). See
>> >http://www.pool.ntp.org/join.html for
>> ># more information.
>> >#server 0.ubuntu.pool.ntp.org
>> >#server 1.ubuntu.pool.ntp.org
>> >#server 2.ubuntu.pool.ntp.org
>> >#server 3.ubuntu.pool.ntp.org
>> ># Use Ubuntu's ntp server as a fallback.
>> >#server ntp.ubuntu.com
>> >server 10.48.16.254
>> >#server 172.21.2.17 iburst prefer
>> >#server 172.24.15.123 #takinfo kulvilag fele szinkronizalo szerver
>> >
>> >#peer 10.48.16.151
>> >#peer 10.48.16.152
>> >#peer 10.48.16.153
>> ># Access control configuration; see
>> >/usr/share/doc/ntp-doc/html/accopt.html
>> >for
>> ># details. The web page <
>> >http://support.ntp.org/bin/view/Support/AccessRestrictions>
>> ># might also be helpful.
>> >#
>> ># Note that "restrict" applies to both servers and clients, so a
>> >configuration
>> ># that might be intended to block requests from certain
>> >clients could also
>> >end
>> ># up blocking replies from your own upstream servers.
>> ># By default, exchange time with everybody, but don't allow
>> >configuration.
>> >restrict -4 default kod notrap nomodify nopeer noquery
>> >restrict -6 default kod notrap nomodify nopeer noquery
>> ># Local users may interrogate the ntp server more closely.
>> >restrict 127.0.0.1
>> >restrict ::1
>> ># Clients from this (example!) subnet have unlimited access,
>> >but only if
>> ># cryptographically authenticated.
>> >#restrict 192.168.123.0 mask 255.255.255.0 notrust
>> >
>> ># If you want to provide time to your local subnet, change the
>> >next line.
>> ># (Again, the address is an example only.)
>> >broadcast 10.48.0.0
>> >#mask 255.255.0.0
>> ># If you want to listen to time broadcasts on your local
>> >subnet, de-comment
>> >the
>> ># next lines. Please do this only if you trust everybody on
>> >the network!
>> >#disable auth
>> >#broadcastclient
>> >---------------------------------------------------
>> >
>> >
>> >Are you have any idea why isn't works?
>> >
>> >
>> >Thanks, Robert
>> >--
>> >To unsubscribe from this list go to the following URL and read the
>> >instructions: https://lists.samba.org/mailman/options/samba
>> >
>> >
>>
>>
>
More information about the samba
mailing list