[Samba] time sync for windows workstations
mourik jan heupink - merit
heupink at merit.unu.edu
Wed Sep 10 06:11:52 MDT 2014
Hi Louis,
Thank you very much for your elaborate reply. :-)
Following your suggestions, things seem to be working now..! Problem was
I did chown ntp:ntp, instead of chown root:ntp
Now restarting samba gives no errors anymore, ntp is synced, and:
C:\Windows\system32>w32tm /resync /rediscover
Sending resync command to local computer
The command completed successfully.
Yess :-)
Thank you again, Louis!
Regards,
Mourik Jan
On 9/10/2014 13:19, L.P.H. van Belle wrote:
> Hai Mourik Jan,
>
> here are some suggestions.
>
> The GPO as shown below should not be needed, check the following at least.
>
> in /etc/ntp.conf on all servers, make sure they are the same and check if you have only 1 ntp server source.
> like : server npt1.nl.net
> disable all others server lines.
>
> check if you did set this in ntp.conf on all servers.
>
> # Location of the samba ntp_signed directory
> ntpsigndsocket /var/lib/samba/ntp_signd
>
> # By default, exchange time with everybody, but don't allow configuration.
> restrict -4 default kod notrap nomodify nopeer noquery mssntp
> restrict -6 default kod notrap nomodify nopeer noquery mssntp
>
> make sure the rights are ok.
>
> install -o root -g ntp -m 0750 -d /var/lib/samba/ntp_signd
> ( or chown root:ntp /var/lib/samba/ntp_signd && chmod 0750 /var/lib/samba/ntp_signd )
>
> make sure /var/lib/samba has right 755 or ntp wont reach the /var/lib/samba/ntp_signd folder
>
> run on you windows pc as administrator
> net time /setsntp:dc1.you.domain.tld
> reboot the pc.
>
> restart ntp and wait 5 min and type ntpq -p
> should see.
> remote refid st t when poll reach delay offset jitter
> ==============================================================================
> *dc2.internal.. 193.79.237.14 2 u 8d 1024 0 0.628 -0.666 0.000
>
> the refid is the ip of the ntp server in ntp.conf
> remote is the internal time server on you DC.
>
> if the refid is unknown then you must recheck you config.
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: heupink at merit.unu.edu
>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>> heupink - merit
>> Verzonden: dinsdag 9 september 2014 18:40
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] time sync for windows workstations
>>
>> Hi all,
>>
>> Thanks to all who responded... It still does not yet work, and your
>> ideas are highly appreciated:
>>
>> I have followed this document:
>> https://wiki.samba.org/index.php/Time_Synchronisation
>>
>> Where things seem to go wrong:
>>
>> - I changed ownership to ntp:ntp on the directory ntp_signd:
>> root at DC2:~# ls -ld /var/lib/samba/ntp_signd/
>> drwxr-x--- 2 ntp ntp 19 Sep 9 17:15 /var/lib/samba/ntp_signd/
>>
>> However, after this, things start to go wrong:
>> After the above ownership change, restarting samba complains
>> upon start
>> that 'it cannot create NTP signd pipe directory' and also every samba
>> restart I get: "warming: failed to kill 2889: No such process".
>>
>> Also with the new ownership, the dc no longer shows as available in
>> ADUC. I need to undo the chown and then reboot the DC for it to become
>> available again.
>>
>> I have set a GPO, to take time from:
>> NtpServer "dc2.samba.company.com,0x9"
>> Type: NT5DS
>> CrossSiteSyncFlags: 2
>> ResolvPeerBackoffMinutes: 15
>> ResolvPeerBackoffMaxTimes: 7
>> SpecialPollInterval: 3600
>> EventLogFlags: 3
>>
>> And a GPO to enable the windown NTP client, both enabled an in effect.
>>
>> Yet, cmd as admin user:
>>
>> C:\Windows\system32>W32tm /resync /rediscover
>> Sending resync command to local computer
>> The computer did not resync because no time data was available.
>>
>> And:
>> C:\Windows\system32>W32tm /monitor
>> dc1.samba.merit.unu.edu *** PDC ***[192.x.y.17:123]:
>> ICMP: error IP_REQ_TIMED_OUT - no response in 1000ms
>> NTP: error ERROR_TIMEOUT - no response from server in 1000ms
>> DC2.samba.company.com *** PDC ***[192.x.y.15:123]:
>> ICMP: 0ms delay
>> NTP: +61.5498299s offset from dc1.samba.company.com
>> RefID: (unknown) [0x06696505]
>> Stratum: 3
>> DC3.samba.company.com *** PDC ***[192.x.y.16:123]:
>> ICMP: 0ms delay
>> NTP: +61.5499067s offset from dc1.samba.company.com
>> RefID: 2-smtp.kingsquare.nl [77.72.144.59]
>> Stratum: 3
>> DC4.samba.company.com *** PDC ***[192.x.y.14:123]:
>> ICMP: 0ms delay
>> NTP: +61.5478667s offset from dc1.samba.company.com
>> RefID: (unknown) [0x06696505]
>> Stratum: 3
>>
>> When cheching with wireshark, I can see ntp traffic (surprisingly) to
>> the DC3.samba.company.com. (yet the GPO is set to dc2.samba... and DC2
>> also has the PDC role in our AD)
>>
>> And still, my workstation time is one minute late, compared to the DC.
>> No firewall in the DC.
>>
>> Can anyone help..? What am I missing....
>>
>> MJ
>>
>> On 9/3/2014 21:52, Marc Muehlfeld wrote:
>>> Am 03.09.2014 21:12, schrieb Helmut Hullen:
>>>> I've looked into the "./configure --help" options of ntp-4.2.6p5
>>>> (slackware, but the source should be distribution independent), and
>>>> there I haven't found such an option.
>>>>
>>>> And my slackware binary of ntpd works well since very many
>> months as an
>>>> "internet time server" for windows xp and windows 7.
>>>
>>>
>>> https://wiki.samba.org/index.php/Time_Synchronisation#Installation
>>>
>>> It has to be build with --enable-ntp-signd.
>>>
>>>
>>> Regards,
>>> Marc
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
More information about the samba
mailing list