[Samba] I can't get Win10 clients to sync time with the DC

[Viktor Trojanovic]

On 16.11.2019 15:17, Sonic wrote:
> On Thu, Nov 14, 2019 at 1:56 PM Viktor Trojanovic via samba
> <samba at lists.samba.org> wrote:
>> I'm running a Samba AD DC v4.9.9 with Windows 10 clients connected to it
>> and just noticed that the clients are not synchronizing time with the
>> server. I'm not sure why not.
>>
>> My setup is a bit special in that the DC is running inside a (privileged)
>> linux container.
> This may or may not lead to a solution as I'm not running the DC in a
> privileged container. I run chrony on the host with the socket inside
> the container.
> chrony.conf on the host contains:
> ==================
> ntpsigndsocket /mnt/containers/dc/rootfs/usr/local/samba/var/lib/ntp_signd
> ==================
>
> And the DC looks for the socket at (the default location, no statement
> in smb.conf):
> ==================
> ntp signd socket directory = /usr/local/samba/var/lib/ntp_signd
> ==================
>
> In your case, due to the privileged container, the host may not have
> access to the file system in the container (really don't know, haven't
> worked with one).
> But this is working for me, only one chrony running on the host, which
> also serves up tine directly but allows samba in the container to use
> the socket as well.
>
> Chris

I think you may be confusing privileged with unprivileged containers, 
what you describe is perfectly possible with a privileged container but 
would be a bit more complicated to set up with an unprivileged one 
(since the user id's in the container would be different from the ones 
on the host).

It seems like this would be worth a shot if no one else comes up with a 
better solution. I never used chrony before, how do you tell it not to 
try and change the system time? Can you share your whole conf file?

Viktor