[Samba] AD DC in a container: NTP

Rowland Penny rpenny at samba.org
Wed Jan 9 09:50:55 UTC 2019


On Wed, 9 Jan 2019 10:24:40 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> What Marco and Robert already did say. 
>  
> This is what i mean ( and Robert ). Marco's option to disable though
> kernel is also an option. 
> Maybe a bit cryptic but like this. 
>  
> HOST              - CONTAINER - SambaDC- samba-AD distibuting time to
> PC's. ||                         |||
> HOST_its_NTP_Service  => get Internet time 
> ||||
> 
> OTHERHOSTS NTP Client - COINTAINER - SambaMember  - Point ntp to
> HOST_its_NTP_Service 
> OTHERHOST-Random-linux server. -  Point ntp client to
> HOST_its_NTP_Service 
>  
> Only thing here what i dont know, .. Rowland, can you tell this? 
>  
> Does samba "need" the ntp_sigd socket to provide the time over AD? 

Yes and then again, no

Yes, if you are going to use the DC as a time source.
No, if you don't use the DC as a time source.

All that is required is that all domain computers are within 5 minutes
of each other, how you do this is up to you. Best practice is for the
DC with the PDC emulator role to get the time from an external time
server and all other domain computers to then, ultimately, use the PDC
emulator DC as their time server.

If you can ensure that all domain computers are within 5 minutes of
each other, then you shouldn't have problems.
 
Rowland




More information about the samba mailing list