[Samba] chrony configuration for secondary samba DC

Alexei Rozenvaser alexei.roz at gmail.com
Mon Jun 4 11:50:00 UTC 2018 

Meanwhile my Samba setup totally destroyed connection to AD at some of
AD windows clients.
They was unable to get access to shared directories at windows file
servers and even was unable to create RDP connection to them.
There was following errors at windows event log:
* The kerberos client received a KRB_AP_ERR_TKT_NYV error from the
server XXX$. This indicates that the ticket used against that server
is not yet valid (in relationship to that server time).  Contact your
system administrator to make sure the client and server times are in
sync, and that the KDC in realm XXXX.LOCAL is in sync with the KDC in
the client realm.
* NtpClient was unable to set a domain peer to use as a time source
because of discovery error. NtpClient will try again in 3473457
minutes and double the reattempt interval thereafter. The error was:
The entry is not found. (0x800706E1)

I discovered that ubuntu-dc clock is out of sync
------------------------------------------------------------
xxx at ubuntu-dc:~$ timedatectl
                      Local time: Mon 2018-06-04 10:38:48 IDT
                  Universal time: Mon 2018-06-04 07:38:48 UTC
                        RTC time: Mon 2018-06-04 06:00:17
                       Time zone: Asia/Jerusalem (IDT, +0300)
       System clock synchronized: no
systemd-timesyncd.service active: yes
                 RTC in local TZ: no
-------------------------------------------------
While only hardware clock is correct:
-----------------------------------------------------
xxx at ubuntu-dc:~$ sudo hwclock
2018-06-04 09:10:40.462725+0300
---------------------------------------------------

Every thing came back to normal only after I disconnected the
ubuntu-dc from the network.
On Sun, Jun 3, 2018 at 4:29 PM Alexei Rozenvaser <alexei.roz at gmail.com> wrote:
>
> Hi
>
> I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain controller that joined to an Existing Active Directory (Windows 2012R2 server).
> The question is about Time Synchronization across the domain.
> How should I configure chrony v3.2 in order to provide time synchronization:
>
> between main Windows DC and Samba DC
> Between Samba DC and windows clients in case when Windows DC is unavailable
>
> --
> Alexei



-- 
Alexei Rozenvaser

More information about the samba mailing list