mourik jan heupink - merit heupink at merit.unu.edu
Tue Sep 9 10:40:11 MDT 2014

Hi all,

Thanks to all who responded... It still does not yet work, and your 
ideas are highly appreciated:

I have followed this document:

Where things seem to go wrong:

- I changed ownership to ntp:ntp on the directory ntp_signd:
root at DC2:~# ls -ld /var/lib/samba/ntp_signd/
drwxr-x--- 2 ntp ntp 19 Sep  9 17:15 /var/lib/samba/ntp_signd/

However, after this, things start to go wrong:
After the above ownership change, restarting samba complains upon start 
that 'it cannot create NTP signd pipe directory' and also every samba 
restart I get: "warming: failed to kill 2889: No such process".

Also with the new ownership, the dc no longer shows as available in 
ADUC. I need to undo the chown and then reboot the DC for it to become 
available again.

I have set a GPO, to take time from:
NtpServer "dc2.samba.company.com,0x9"
Type: NT5DS
CrossSiteSyncFlags: 2
ResolvPeerBackoffMinutes: 15
ResolvPeerBackoffMaxTimes: 7
SpecialPollInterval: 3600
EventLogFlags: 3

And a GPO to enable the windown NTP client, both enabled an in effect.

Yet, cmd as admin user:

C:\Windows\system32>W32tm /resync /rediscover
Sending resync command to local computer
The computer did not resync because no time data was available.

C:\Windows\system32>W32tm /monitor
dc1.samba.merit.unu.edu *** PDC ***[192.x.y.17:123]:
     ICMP: error IP_REQ_TIMED_OUT - no response in 1000ms
     NTP: error ERROR_TIMEOUT - no response from server in 1000ms
DC2.samba.company.com *** PDC ***[192.x.y.15:123]:
     ICMP: 0ms delay
     NTP: +61.5498299s offset from dc1.samba.company.com
         RefID: (unknown) [0x06696505]
         Stratum: 3
DC3.samba.company.com *** PDC ***[192.x.y.16:123]:
     ICMP: 0ms delay
     NTP: +61.5499067s offset from dc1.samba.company.com
         RefID: 2-smtp.kingsquare.nl []
         Stratum: 3
DC4.samba.company.com *** PDC ***[192.x.y.14:123]:
     ICMP: 0ms delay
     NTP: +61.5478667s offset from dc1.samba.company.com
         RefID: (unknown) [0x06696505]
         Stratum: 3

When cheching with wireshark, I can see ntp traffic (surprisingly) to 
the DC3.samba.company.com. (yet the GPO is set to dc2.samba... and DC2 
also has the PDC role in our AD)

And still, my workstation time is one minute late, compared to the DC. 
No firewall in the DC.

Can anyone help..? What am I missing....


