[Samba] net ads info: failed to get server's current time

Guy-Laurent Subri guy-laurent at subri.ch
Wed Oct 28 13:21:15 UTC 2015 

Thanks for the script. I ran it. So all my config regarding NTP should
be ok, if I understood correctly ?

Cheers,
Guy-Laurent
On Wed, Oct 28, 2015 at 11:33:14AM +0100, L.P.H. van Belle wrote:
>Hai,
>
>
>Copy the code and Set these variable
>Run the script, restart samba and login again with an pc.
>Should work now, your missing something and. Your not using good ntp servers.
>
>#!/bin/bash
>########## NTP Settings needed for a correct funtioning samba AD DC server
>## Set to 1 installs the ntp server. (default is ok )
>## (default is ok )
>NTPD_INSTALL="1"
># if you run the server on a XEN Server, set to 1.
>NTPD_XEN_GUEST="0"
>## important look for a stratum 1 server in your area
>## for a server joining a domain put the ip of the AD server here.
>## see also http://support.ntp.org/bin/view/Servers/StratumOneTimeServers
>## (default is not ok, change this one to a ntp in your country )
>NTPD_SERVER1_EXTERNAL="ntp1.nl.net"
>## if you dont have a second ntp server leave empty
>NTPD_SERVER2_EXTERNAL=""
>## restrict ntpd bind to which interfaces.
>## choose, multple options are allowed.
>## the options are:  lo eth(0..9) wildcard ipv6
>## (default is ok, if you interface name is eth0 and you dont use ipv6. )
>NTPD_RESTRICT_INTERFACE="lo eth0"
>NTPD_RESTRICT_INTERFACE_IGNORE="wildcard ipv6"
>## default for sernet samba and debian samba ( should normaly not be changed )
>SAMBA_NTP_SIGNPATH="/var/lib/samba/ntp_signd"
>## debian default, leave it as is.
>NTPD_GROUP="ntp"
>
>
>########### NTP
>apt-get -y --no-install-recommends install ntp
>cp /etc/ntp.conf /etc/ntp.conf.backup
>echo " " >> /etc/ntp.conf
>for x in 0 1 2 3 ; do     sed -i "s]server ${x}.debian]#server ${x}.debian]g" /etc/ntp.conf ;     done
>for i in ${NTPD_RESTRICT_INTERFACE} ; do     echo " " >> /etc/ntp.conf;     echo "interface listen ${i}" >> /etc/ntp.conf;     done
>for i2 in ${NTPD_RESTRICT_INTERFACE_IGNORE} ; do     echo "interface ignore ${i2}" >> /etc/ntp.conf;     done
>## setup the ntp source server.
>if [ ! -z "${NTPD_SERVER1_EXTERNAL}" ]; then     sed -i "s]#server ntp.your-provider.example]server ${NTPD_SERVER1_EXTERNAL} ]g" /etc/ntp.conf; fi
>if [ ! -z "${NTPD_SERVER2_EXTERNAL}" ]; then     echo "server ${NTPD_SERVER2_EXTERNAL}" /etc/ntp.conf; fi
>sed -i "s]restrict -4 default kod notrap nomodify nopeer noquery]restrict -4 default kod notrap nomodify nopeer noquery mssntp]g" /etc/ntp.conf
>sed -i "s]restrict -6 default kod notrap nomodify nopeer noquery]restrict -6 default kod notrap nomodify nopeer noquery mssntp]g" /etc/ntp.conf
>cat << EOF >> /etc/ntp.conf
>
>ntpsigndsocket /var/lib/samba/ntp_signd
>
>EOF
>
>install -o root -g $NTPD_GROUP -m 0750 -d /var/lib/samba/ntp_signd
>service ntp start
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Guy-Laurent Subri
>> Verzonden: woensdag 28 oktober 2015 11:09
>> Aan: Rowland Penny
>> CC: sambalist
>> Onderwerp: Re: [Samba] net ads info: failed to get server's current time
>>
>> On Thu, Oct 22, 2015 at 10:53:30PM +0100, Rowland Penny wrote:
>> >On 22/10/15 22:33, Guy-Laurent Subri wrote:
>> >> On Thu, Oct 22, 2015 at 10:13:01PM +0100, Rowland Penny wrote:
>> >>> On 22/10/15 21:51, Guy-Laurent Subri wrote:
>> >>>> On Wed, Oct 21, 2015 at 07:06:33PM +0100, Rowland Penny wrote:
>> >>>>> On 21/10/15 18:35, Guy-Laurent Subri wrote:
>> >>>>>> Hi all,
>> >>>>>> We're having issues with Samba at work. I've searched a bit and the
>> >>>>>> only
>> >>>>>> thing that have caught my eye is this: when I run the 'net ads
>> info'
>> >>>>>> command on our DC --we have a Debian on which samba4 is installed
>> and
>> >>>>>> configured as a AD DC-- I have the message "Failed to get server's
>> >>>>>> current time!", and "Server time: Thu, 01 Jan 1970 01:00:00 CET".
>> >>>>>
>> >>>>> It works for me on a Debian 4.1.17 DC, so you may have something
>> >>>>> mis-configured, have you altered the smb.conf in any way ?
>> >>>>
>> >>>> I don't think the modifications I did to smb.conf are relevant
>> >>>> enough to
>> >>>> cause problem, but here's our smb.conf, just in case:
>> >>>>
>> >>>> # Global parameters
>> >>>> [global]
>> >>>>    workgroup = TRS-CH
>> >>>>    realm = TRS-CH.COM
>> >>>>    netbios name = PDC
>> >>>>    server role = active directory domain controller
>> >>>>    server services = +s3fs, +rpc, +nbt, +wrepl, +ldap, +cldap, +kdc,
>> >>>> +drepl,
>> >>>>                        +winbind, +ntp_signd, +kcc, +dnsupdate
>> >>>> [netlogon]
>> >>>>   path = /var/lib/samba/sysvol/trs-ch.com/scripts
>> >>>>   read only = No
>> >>>>
>> >>>> [sysvol]
>> >>>>   path = /var/lib/samba/sysvol
>> >>>>   read only = No
>> >>>>
>> >>>>> do you have ntp installed and configured correctly ?
>> >>>> Yes, I have it installed and everything works fine.
>> >>>>
>> >>>> I also already tested the DNS by running the commands described here:
>> >>>>
>> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Con
>> troller
>> >>>>
>> >>>>
>> >>>> Everything is reachable.
>> >>>>
>> >>>> I tested kerberos by doing:
>> >>>> 'kinit administrator at TRS-CH.COM'
>> >>>> It showed up when I did 'klist'.
>> >>>>
>> >>>> Do you need more information ?
>> >>>>
>> >>>> Thanks !
>> >>>> Cheers,
>> >>>> Guy-Laurent Subri
>> >>>
>> >>> Are you running with Bind9 ?
>> >>>
>> >>> I think you need to remove all the '+' signs you have added to the
>> >>> 'server services' line, you normally only use the '+' sign to add a
>> >>> service to the line, I think you may still be using the un-shown 'dns'
>> >>> option.
>> >>> I would also recommend that you use the new separate 'winbindd'
>> instead
>> >>> of the 'winbind' that you are using. I think that before long the old
>> >>> 'winbind' built into the samba daemon is going to disappear, so you
>> >>> might as well get used to it now.
>> >> Yes, I'm running Bind9.
>> >> If I either remove the + sings or change 'windbind' to 'windbindd' I
>> >> cannot contact the server again. (The result of the command 'net ads
>> >> info' is : no logon servers, didn't find the ldap server).
>> >>
>> >> Cheers,
>> >> Guy-Laurent Subri
>> >
>> >OK, I have just joined a new DC to my domain and I am using Bind9 and
>> >this is what I have in smb.conf:
>> >
>> >server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> >winbindd, ntp_signd, kcc, dnsupdate
>> >
>> >Note the lack of '+' signs
>> >
>> >This is with Samba 4.3.1
>> My version of Samba is 4.1.17. I don't think this changes anything, but
>> I can try to upgrade if needed.
>> >I have also checked and 'net ads info' works as well, so if yours isn't
>> >working, then something else is wrong, can you post your ntp.conf and
>> >bind9 conf files, also your /etc/resolv.conf & /etc/krb5.conf
>> >
>> >Rowland
>>
>> Here are the files:
>>
>> /etc/ntp.conf
>> -------------
>> driftfile /var/lib/ntp/ntp.drift
>> ntpsigndsocket /var/lib/samba/ntp_signd
>>
>> statsdir /var/log/ntpstats/
>>
>> server 0.ch.pool.ntp.org
>> server 1.ch.pool.ntp.org
>> server 2.ch.pool.ntp.org
>> server 3.ch.pool.ntp.org
>>
>> restrict -4 default kod notrap nomodify nopeer noquery mssntp
>> restrict -6 default kod notrap nomodify nopeer noquery mssntp
>>
>> restrict 127.0.0.1
>> restrict ::1
>>
>> restrict 0.ch.pool.ntp.org mask 255.255.255 nomodify notrap nopeer noquery
>>
>> broadcast 192.168.123.255
>>
>> /etc/bind/named.conf
>> --------------------
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> /etc/bind/named.conf.options
>> ----------------------------
>> options {
>>     directory "/var/cache/bind";
>>
>>     forwarders {
>>         192.168.1.185;
>>     };
>>
>>     dnssec-validation auto;
>>
>>     auth-nxdomain no;
>>     allow-query { localhost; any; };
>>     listen-on port 53 { 127.0.0.1; 192.168.1.17; };
>>     listen-on-v6 { any; };
>> };
>>
>> /etc/bind/named.conf.local
>> --------------------------
>> is empty
>>
>> /etc/bind/named.conf.default-zones
>> ----------------------------------
>> zone "." {
>>     type hint;
>>     file "/etc/bind/db.root";
>> };
>>
>> zone "localhost" {
>>     type master;
>>     file "/etc/bind/db.local";
>> };
>>
>> zone "127.in-addr.arpa" {
>>     type master;
>>     file "/etc/bind/db.127";
>> };
>>
>> zone "0.in-addr.arpa" {
>>     type master;
>>     file "/etc/bind/db.0";
>> };
>>
>> zone "255.in-addr.arpa" {
>>     type master;
>>     file "/etc/bind/db.255";
>> };
>>
>> /var/lib/samba/private/named.conf
>> ---------------------------------
>> zone "trs-ch.com." IN {
>>     type master;
>>     file "/var/lib/samba/private/dns/trs-ch.com.zone";
>>     include "/var/lib/samba/private/named.conf.update";
>>     check-names ignore;
>> };
>>
>> resolv.conf
>> -----------
>> search trs-ch.com
>> nameserver 192.168.1.17
>> nameserver 192.168.1.7
>>
>> krb5.conf
>> ---------
>> [libdefaults]
>> default_realm = TRS-CH.COM
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>> [realms]
>> TRS-CH.COM = {
>>     kdc = 192.168.1.17
>>         admin_server = 192.168.1.17
>>         default_domain = trs-ch.com
>> }
>> [TRS-CH.COM]
>> .trs-ch.com = TRS-CH.COM
>> trs.ch.com =
>> TRS-CH.COM
>>
>> Thank you for your time!
>>
>> Cheers,
>> Guy-Laurent
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list