[Samba] net ads info: failed to get server's current time

Rowland Penny rowlandpenny241155 at gmail.com
Wed Oct 28 10:45:13 UTC 2015 

On 28/10/15 10:33, L.P.H. van Belle wrote:
> Hai,
>
>
> Copy the code and Set these variable
> Run the script, restart samba and login again with an pc.
> Should work now, your missing something and. Your not using good ntp servers.

They all reply to a ping and a quick google seems to prove they exist 
(they must be good time servers, they are Swiss :-D     )

I don't think that is the problem though, the OP is using a very strange 
Bind setup>

Rowland
>
> #!/bin/bash
> ########## NTP Settings needed for a correct funtioning samba AD DC server
> ## Set to 1 installs the ntp server. (default is ok )
> ## (default is ok )
> NTPD_INSTALL="1"
> # if you run the server on a XEN Server, set to 1.
> NTPD_XEN_GUEST="0"
> ## important look for a stratum 1 server in your area
> ## for a server joining a domain put the ip of the AD server here.
> ## see also http://support.ntp.org/bin/view/Servers/StratumOneTimeServers
> ## (default is not ok, change this one to a ntp in your country )
> NTPD_SERVER1_EXTERNAL="ntp1.nl.net"
> ## if you dont have a second ntp server leave empty
> NTPD_SERVER2_EXTERNAL=""
> ## restrict ntpd bind to which interfaces.
> ## choose, multple options are allowed.
> ## the options are:  lo eth(0..9) wildcard ipv6
> ## (default is ok, if you interface name is eth0 and you dont use ipv6. )
> NTPD_RESTRICT_INTERFACE="lo eth0"
> NTPD_RESTRICT_INTERFACE_IGNORE="wildcard ipv6"
> ## default for sernet samba and debian samba ( should normaly not be changed )
> SAMBA_NTP_SIGNPATH="/var/lib/samba/ntp_signd"
> ## debian default, leave it as is.
> NTPD_GROUP="ntp"
>
>
> ########### NTP
> apt-get -y --no-install-recommends install ntp
> cp /etc/ntp.conf /etc/ntp.conf.backup
> echo " " >> /etc/ntp.conf
> for x in 0 1 2 3 ; do     sed -i "s]server ${x}.debian]#server ${x}.debian]g" /etc/ntp.conf ;     done
> for i in ${NTPD_RESTRICT_INTERFACE} ; do     echo " " >> /etc/ntp.conf;     echo "interface listen ${i}" >> /etc/ntp.conf;     done
> for i2 in ${NTPD_RESTRICT_INTERFACE_IGNORE} ; do     echo "interface ignore ${i2}" >> /etc/ntp.conf;     done
> ## setup the ntp source server.
> if [ ! -z "${NTPD_SERVER1_EXTERNAL}" ]; then     sed -i "s]#server ntp.your-provider.example]server ${NTPD_SERVER1_EXTERNAL} ]g" /etc/ntp.conf; fi
> if [ ! -z "${NTPD_SERVER2_EXTERNAL}" ]; then     echo "server ${NTPD_SERVER2_EXTERNAL}" /etc/ntp.conf; fi
> sed -i "s]restrict -4 default kod notrap nomodify nopeer noquery]restrict -4 default kod notrap nomodify nopeer noquery mssntp]g" /etc/ntp.conf
> sed -i "s]restrict -6 default kod notrap nomodify nopeer noquery]restrict -6 default kod notrap nomodify nopeer noquery mssntp]g" /etc/ntp.conf
> cat << EOF >> /etc/ntp.conf
>
> ntpsigndsocket /var/lib/samba/ntp_signd
>
> EOF
>
> install -o root -g $NTPD_GROUP -m 0750 -d /var/lib/samba/ntp_signd
> service ntp start
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Guy-Laurent Subri
>> Verzonden: woensdag 28 oktober 2015 11:09
>> Aan: Rowland Penny
>> CC: sambalist
>> Onderwerp: Re: [Samba] net ads info: failed to get server's current time
>>
>> On Thu, Oct 22, 2015 at 10:53:30PM +0100, Rowland Penny wrote:
>>> On 22/10/15 22:33, Guy-Laurent Subri wrote:
>>>> On Thu, Oct 22, 2015 at 10:13:01PM +0100, Rowland Penny wrote:
>>>>> On 22/10/15 21:51, Guy-Laurent Subri wrote:
>>>>>> On Wed, Oct 21, 2015 at 07:06:33PM +0100, Rowland Penny wrote:
>>>>>>> On 21/10/15 18:35, Guy-Laurent Subri wrote:
>>>>>>>> Hi all,
>>>>>>>> We're having issues with Samba at work. I've searched a bit and the
>>>>>>>> only
>>>>>>>> thing that have caught my eye is this: when I run the 'net ads
>> info'
>>>>>>>> command on our DC --we have a Debian on which samba4 is installed
>> and
>>>>>>>> configured as a AD DC-- I have the message "Failed to get server's
>>>>>>>> current time!", and "Server time: Thu, 01 Jan 1970 01:00:00 CET".
>>>>>>> It works for me on a Debian 4.1.17 DC, so you may have something
>>>>>>> mis-configured, have you altered the smb.conf in any way ?
>>>>>> I don't think the modifications I did to smb.conf are relevant
>>>>>> enough to
>>>>>> cause problem, but here's our smb.conf, just in case:
>>>>>>
>>>>>> # Global parameters
>>>>>> [global]
>>>>>>     workgroup = TRS-CH
>>>>>>     realm = TRS-CH.COM
>>>>>>     netbios name = PDC
>>>>>>     server role = active directory domain controller
>>>>>>     server services = +s3fs, +rpc, +nbt, +wrepl, +ldap, +cldap, +kdc,
>>>>>> +drepl,
>>>>>>                         +winbind, +ntp_signd, +kcc, +dnsupdate
>>>>>> [netlogon]
>>>>>>    path = /var/lib/samba/sysvol/trs-ch.com/scripts
>>>>>>    read only = No
>>>>>>
>>>>>> [sysvol]
>>>>>>    path = /var/lib/samba/sysvol
>>>>>>    read only = No
>>>>>>
>>>>>>> do you have ntp installed and configured correctly ?
>>>>>> Yes, I have it installed and everything works fine.
>>>>>>
>>>>>> I also already tested the DNS by running the commands described here:
>>>>>>
>> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Con
>> troller
>>>>>>
>>>>>> Everything is reachable.
>>>>>>
>>>>>> I tested kerberos by doing:
>>>>>> 'kinit administrator at TRS-CH.COM'
>>>>>> It showed up when I did 'klist'.
>>>>>>
>>>>>> Do you need more information ?
>>>>>>
>>>>>> Thanks !
>>>>>> Cheers,
>>>>>> Guy-Laurent Subri
>>>>> Are you running with Bind9 ?
>>>>>
>>>>> I think you need to remove all the '+' signs you have added to the
>>>>> 'server services' line, you normally only use the '+' sign to add a
>>>>> service to the line, I think you may still be using the un-shown 'dns'
>>>>> option.
>>>>> I would also recommend that you use the new separate 'winbindd'
>> instead
>>>>> of the 'winbind' that you are using. I think that before long the old
>>>>> 'winbind' built into the samba daemon is going to disappear, so you
>>>>> might as well get used to it now.
>>>> Yes, I'm running Bind9.
>>>> If I either remove the + sings or change 'windbind' to 'windbindd' I
>>>> cannot contact the server again. (The result of the command 'net ads
>>>> info' is : no logon servers, didn't find the ldap server).
>>>>
>>>> Cheers,
>>>> Guy-Laurent Subri
>>> OK, I have just joined a new DC to my domain and I am using Bind9 and
>>> this is what I have in smb.conf:
>>>
>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>>> winbindd, ntp_signd, kcc, dnsupdate
>>>
>>> Note the lack of '+' signs
>>>
>>> This is with Samba 4.3.1
>> My version of Samba is 4.1.17. I don't think this changes anything, but
>> I can try to upgrade if needed.
>>> I have also checked and 'net ads info' works as well, so if yours isn't
>>> working, then something else is wrong, can you post your ntp.conf and
>>> bind9 conf files, also your /etc/resolv.conf & /etc/krb5.conf
>>>
>>> Rowland
>> Here are the files:
>>
>> /etc/ntp.conf
>> -------------
>> driftfile /var/lib/ntp/ntp.drift
>> ntpsigndsocket /var/lib/samba/ntp_signd
>>
>> statsdir /var/log/ntpstats/
>>
>> server 0.ch.pool.ntp.org
>> server 1.ch.pool.ntp.org
>> server 2.ch.pool.ntp.org
>> server 3.ch.pool.ntp.org
>>
>> restrict -4 default kod notrap nomodify nopeer noquery mssntp
>> restrict -6 default kod notrap nomodify nopeer noquery mssntp
>>
>> restrict 127.0.0.1
>> restrict ::1
>>
>> restrict 0.ch.pool.ntp.org mask 255.255.255 nomodify notrap nopeer noquery
>>
>> broadcast 192.168.123.255
>>
>> /etc/bind/named.conf
>> --------------------
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> /etc/bind/named.conf.options
>> ----------------------------
>> options {
>>      directory "/var/cache/bind";
>>
>>      forwarders {
>>          192.168.1.185;
>>      };
>>
>>      dnssec-validation auto;
>>
>>      auth-nxdomain no;
>>      allow-query { localhost; any; };
>>      listen-on port 53 { 127.0.0.1; 192.168.1.17; };
>>      listen-on-v6 { any; };
>> };
>>
>> /etc/bind/named.conf.local
>> --------------------------
>> is empty
>>
>> /etc/bind/named.conf.default-zones
>> ----------------------------------
>> zone "." {
>>      type hint;
>>      file "/etc/bind/db.root";
>> };
>>
>> zone "localhost" {
>>      type master;
>>      file "/etc/bind/db.local";
>> };
>>
>> zone "127.in-addr.arpa" {
>>      type master;
>>      file "/etc/bind/db.127";
>> };
>>
>> zone "0.in-addr.arpa" {
>>      type master;
>>      file "/etc/bind/db.0";
>> };
>>
>> zone "255.in-addr.arpa" {
>>      type master;
>>      file "/etc/bind/db.255";
>> };
>>
>> /var/lib/samba/private/named.conf
>> ---------------------------------
>> zone "trs-ch.com." IN {
>>      type master;
>>      file "/var/lib/samba/private/dns/trs-ch.com.zone";
>>      include "/var/lib/samba/private/named.conf.update";
>>      check-names ignore;
>> };
>>
>> resolv.conf
>> -----------
>> search trs-ch.com
>> nameserver 192.168.1.17
>> nameserver 192.168.1.7
>>
>> krb5.conf
>> ---------
>> [libdefaults]
>> default_realm = TRS-CH.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> [realms]
>> TRS-CH.COM = {
>>      kdc = 192.168.1.17
>>          admin_server = 192.168.1.17
>>          default_domain = trs-ch.com
>> }
>> [TRS-CH.COM]
>> .trs-ch.com = TRS-CH.COM
>> trs.ch.com =
>> TRS-CH.COM
>>
>> Thank you for your time!
>>
>> Cheers,
>> Guy-Laurent
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list