[Samba] I can't get Win10 clients to sync time with the DC

[Sonic]

On Sat, Nov 16, 2019 at 10:34 AM Viktor Trojanovic <viktor at troja.ch> wrote:
> I think you may be confusing privileged with unprivileged containers,
> what you describe is perfectly possible with a privileged container but
> would be a bit more complicated to set up with an unprivileged one
> (since the user id's in the container would be different from the ones
> on the host).

Oh yes, you're right. I am running privileged containers. LXC
containers using Debian (both host and containers).

> It seems like this would be worth a shot if no one else comes up with a
> better solution. I never used chrony before, how do you tell it not to
> try and change the system time? Can you share your whole conf file?

I want it to keep (update/change if/when needed) the system time -
it's running on the host OS, not in the container. I'm just placing
the socket inside the container so that samba can also use the socket.
I was using ntpd but switched to chrony for no specific reason. I'm
guessing either would work.
chrony.conf:
===========================
pool us.pool.ntp.org iburst
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
logdir /var/log/chrony
maxupdateskew 100.0
directive.
hwclockfile /etc/adjtime
directive.
rtcsync
makestep 1 3
local stratum 8
manual
allow 192.168.1.0/24
bindcmdaddress 192.168.1.1
ntpsigndsocket /mnt/containers/dc/rootfs/usr/local/samba/var/lib/ntp_signd
===========================

As can be seen the socket for chrony, which is running on the host, is
inside the container (/mnt/containers/dc/rootfs/), both the host OS
and the container OS have access to it.

Chris