[Samba] File server questions

Flávio Silveira fggs at terra.com.br
Wed Sep 13 13:16:42 UTC 2017 


Em 12/09/2017 14:59, Rowland Penny via samba escreveu:
> On Tue, 12 Sep 2017 14:41:42 -0300
> Flávio Silveira via samba <samba at lists.samba.org> wrote:
>
>> Ok, I understand now, one question though: if realm is
>> AD.TECNOPON.COM.BR, does domain need to be AD?
> No, you can use anything you like, provided it is one word, 15
> characters or less, without punctuation.
>
>> If I understand
>> correctly, realm is "full domain with subdomain" and domain is the
>> subdomain, yes?
>>
> No, the AD realm is the dns domain of the computer in uppercase, it
> being a subdomain does not come into it. From your example above, the
> dns domain would be: ad.tecnopon.com.br
> The realm would be: AD.TECNOPON.COM.BR
>
> Rowland
>

Great! I've provisioned the domain and moved towards setting up Time 
Synchronisation by reading this: 
https://wiki.samba.org/index.php/Time_Synchronisation

I've set the permissions accordingly:

root at dc1:~# ls -ld /var/lib/samba/ntp_signd/
drwxr-x--- 2 root ntp 4096 Sep 12 16:43 /var/lib/samba/ntp_signd/
root at dc1:~#

Now I'm working on editing ntp.conf.

The tutorial gives a config example as below:

> # Local clock. Note that is not the "localhost" address!
> server 127.127.1.0
> fudge  127.127.1.0 stratum 10
>
> # Where to retrieve the time from
> server 0.pool.ntp.org     iburst prefer
> server 1.pool.ntp.org     iburst prefer
> server 2.pool.ntp.org     iburst prefer
>
> driftfile       /var/lib/ntp/ntp.drift
> logfile         /var/log/ntp
> ntpsigndsocket  /usr/local/samba/var/lib/ntp_signd/
>
> # Access control
> # Default restriction: Allow clients only to query the time
> restrict default kod nomodify notrap nopeer mssntp
>
> # No restrictions for "localhost"
> restrict 127.0.0.1
>
> # Enable the time sources to only provide time to this host
> restrict 0.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
> restrict 1.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery
> restrict 2.pool.ntp.org   mask 255.255.255.255    nomodify notrap nopeer noquery

Debian ntp.conf default is:

> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
>
> driftfile /var/lib/ntp/ntp.drift
>
> # Enable this if you want statistics to be logged.
> #statsdir /var/log/ntpstats/
>
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
>
>
> # You do need to talk to an NTP server or two (or three).
> #server ntp.your-provider.example
>
> # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your 
> server will
> # pick a different set every time it starts up.  Please consider 
> joining the
> # pool: <http://www.pool.ntp.org/join.html>
> pool 0.debian.pool.ntp.org iburst
> pool 1.debian.pool.ntp.org iburst
> pool 2.debian.pool.ntp.org iburst
> pool 3.debian.pool.ntp.org iburst
>
>
> # Access control configuration; see 
> /usr/share/doc/ntp-doc/html/accopt.html for
> # details.  The web page 
> <http://support.ntp.org/bin/view/Support/AccessRestrictions>
> # might also be helpful.
> #
> # Note that "restrict" applies to both servers and clients, so a 
> configuration
> # that might be intended to block requests from certain clients could 
> also end
> # up blocking replies from your own upstream servers.
>
> # By default, exchange time with everybody, but don't allow configuration.
> restrict -4 default kod notrap nomodify nopeer noquery limited
> restrict -6 default kod notrap nomodify nopeer noquery limited
>
> # Local users may interrogate the ntp server more closely.
> restrict 127.0.0.1
> restrict ::1
>
> # Needed for adding pool entries
> restrict source notrap nomodify noquery
>
> # Clients from this (example!) subnet have unlimited access, but only if
> # cryptographically authenticated.
> #restrict 192.168.123.0 mask 255.255.255.0 notrust
>
>
> # If you want to provide time to your local subnet, change the next line.
> # (Again, the address is an example only.)
> #broadcast 192.168.123.255
>
> # If you want to listen to time broadcasts on your local subnet, 
> de-comment the
> # next lines.  Please do this only if you trust everybody on the network!
> #disable auth
> #broadcastclient

Giving all that I'm guessing I can do something like this, right?

> # Local clock. Note that is not the "localhost" address!
> server 127.127.1.0
> fudge  127.127.1.0 stratum 10
>
> # Where to retrieve the time from
> server 0.br.pool.ntp.org iburst prefer
> server 1.br.pool.ntp.org iburst prefer
> server 2.br.pool.ntp.org iburst prefer
> server 3.br.pool.ntp.org iburst prefer
>
> driftfile       /var/lib/ntp/ntp.drift
> logfile         /var/log/ntpstats
> ntpsigndsocket  /var/lib/samba/ntp_signd/
>
> # Access control
> # Default restriction: Allow clients only to query the time
> restrict default kod nomodify notrap nopeer mssntp
>
> # No restrictions for "localhost"
> restrict 127.0.0.1
>
> # Enable the time sources to only provide time to this host
> restrict 0.br.pool.ntp.org   mask 255.255.255.255    nomodify notrap 
> nopeer noquery
> restrict 1.br.pool.ntp.org   mask 255.255.255.255    nomodify notrap 
> nopeer noquery
> restrict 2.br.pool.ntp.org   mask 255.255.255.255    nomodify notrap 
> nopeer noquery
> restrict 3.br.pool.ntp.org   mask 255.255.255.255    nomodify notrap 
> nopeer noquery

Does this looks correct? Can I ignore Debian's ntp.conf file completely?

Thank you

More information about the samba mailing list