[Samba] AD DC in a container: NTP
Sven Schwedas
sven.schwedas at tao.at
Wed Jan 9 11:51:46 UTC 2019
> I guess that confirms it: Using the AD DC as a time source does indeed
> require NTP. For the sake of argument, is it possible to use a machine that
> is not a DC, and potentially not even part of the AD, to serve time to
> other domain members?
That's what Roland said, yes. All AD (in particular the Kerberos part)
really cares about is *consistent* time. Distributing it via DCs is the
easiest, but not the only way.
> And how would you go about automatically pointing
> domain hosts to said machine? Group policy for clients, scripts for
> servers, or is there a simpler way?
DHCP can set NTP servers, YMMV if that's easier with your particular
network setup.
> It seems to me the cleanest way, and closest to best practice, is to keep
> the DC(s) serving time. The obvious exception would be in situations where
> all domain hosts are containerized, then ntp is not needed in any of the
> containers.
You still need to make sure all container hosts have their time
synchronised, obviously.
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas at tao.at | ☎ +43 680 301 7167
TAO Digital | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz | https://www.tao-digital.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20190109/777b6239/signature.sig>
More information about the samba
mailing list