[Samba] Chrony (tested on Debian9/ubuntu 18.04)
Rowland Penny
rpenny at samba.org
Mon Jun 4 14:11:50 UTC 2018
On Mon, 4 Jun 2018 16:01:42 +0200
L.P.H. van Belle <belle at bazuin.nl> wrote:
> He Rowland/list,
>
> Not that im pro chrony, i still preffer ntp.
>
> If everybody with an os below test this, and report back like below,
> then all settings are findable through the list.
>
> Please review / check it.
>
>
> Requirements, chrony 3.x+, this is depends on distro version.
> Debian 9 : 3.0 checked - done - OK
> Ubuntu 17.10 : 3.1
> Ubuntu 18.04 : 3.2 checked - done - OK
> Fedora 26 : 3.2
> Mageia Cauldron : 3.3
> Centos 7.5 : 3.2
> openSuse 15 : 3.2
>
> ################################################################
> Below is tested on Debian 9 and Ubuntu 18.04:
>
> apt-get install chrony
> # Install and cleanup ntp is apt-get install chrony --autoremove
> chgrp "_chrony" /var/lib/samba/ntp_signd
>
> Add the following at the end of /etc/chrony/chrony.conf
>
> echo "
> #(optional : bindaddress 192.168.1.1 of the FQDN of the AD DC)
> ntpsigndsocket /var/lib/samba/ntp_signd
>
> #(optional allow/deny in order of processing)
> #allow 192.168.1.0/24
> # or set more allow/deny. Watch the order ( top to bottem )!
> #allow 192.168.1.2
> #deny 192.168.1
> #allow 192.168.2"
> >> /etc/chrony/chrony.conf
>
> editor /etc/chrony/chrony.conf
> And set your own timeservers.
> Format: server your.time.server.tld iburst
>
> systemctl restart chrony
> systemctl restart samba-ad-dc
>
> And check chrony time with :
> chronyc tracking
> ################################################################
>
>
> Reboot a pc, login and check time via event log messages.
>
> For the list members, sofare it looks like its no problem if you run
> chrony and ntp on different servers. Atm im now my DC1 with chrony
> and DC2 with ntp.
>
> Important note here is you must set the source servers manualy.
> If you use pool server, these can rotate and can give a out of sync
> in your time. So do set a close (stratum 1 public NTP) server.
>
>
> Greetz,
>
> Louis
>
Yours looks very similar to mine and I agree that ntp on one and chrony
on the other seems to work ok.
It just seems that you don't have the fine security control that ntp
does, unless I haven't found the right documentation yet ;-)
Rowland
More information about the samba
mailing list