[Samba] time sync for windows workstations

Gregory Sloop gregs at sloop.net
Wed Sep 3 11:55:16 MDT 2014

MM> Am 03.09.2014 13:13, schrieb mourik jan heupink - merit:
>> Thanks, I had not yet read that, but it tells me the same that I read on
>> different places:

>> "Per default, Windows clients in an Active Directory, automatically
>> synchronize their time with the DC, owning the „PDC“ role. If you don't
>> want to use a different source, configure fallback time server, etc. you
>> don't have to take action."

>> I have three DC's, all synced to NTP (and they all display the same
>> result for "date"), pdc role is owned by DC2.

>> However... the time on the workstations is a minute off. So, even though
>> they are supposed to sync automatically, we don't see it happening...

>> Are we alone with this, does it work in your networks..? (because then
>> specifically we seem to have a problem)

MM> There are many things that could affect the timy syncronisation:
MM> - Wrong ACLs (restricts) in your ntp.conf
MM> - GPOs telling the clients to get the time from a different source, than
MM> the one with the PDC role (default).
MM> - 'Windows Time' Service disabled
MM> - etc.

MM> Can you:
MM> - check the above
MM> - post your ntp.conf
MM> - have a look at the 'w32tm' command
MM> (http://technet.microsoft.com/en-us/library/bb491016.aspx) and see which
MM> source it is querying, when it had last time synced, etc.

Is windows time sync now completely bog-standard NTP? [It might well be, as I haven't paid much attention to the issue in modern times.] In the past Windows time sync occurred via some RPC call or some-such and thus wasn't handled via a TCP/UDP NTP transaction.

I've never actually packet captured a time sync from a modern Windows domain-member client, so I'm not sure how the transaction occurs. [And knowing that would be helpful in offering advice - which would be a good thing. :) ]


More information about the samba mailing list