[Samba] I can't get Win10 clients to sync time with the DC

[Sonic]

On Sun, Nov 17, 2019 at 5:37 AM Viktor Trojanovic <viktor at troja.ch> wrote:
> I'm not sure I understand your setup. It seems like you are running
> Chrony on the host only and you just share the socket with the
> container, no chrony running there.

Yes, you have it correct. That's exactly what I'm doing.

> So, how can clients query the DC for
> time? I thought it's the time service (chrony/ntp) that sends the time
> to the clients, not Samba itself... or did I get that wrong?

If Samba is a time server it is sending the time to the clients. If
Samba isn't sending the time to the client, and it's chrony/ntp
instead why does it need to be a time server?
The dhcp server does list the host system as the ntp server (option
ntp-servers) and that's for the systems that actually accept and use
that option, mainly 'nix systems, switches, some printers, etc.
It's really only the DC members that ask for the time from the Samba server.

If I "run as administrator" a command prompt or power shell and type
"net time \\dc.example.com /set /y" with dc.example.com being the
hostname of the container running Samba the result is "Current time at
\\dc.example.com is 11/17/2019 9:47:43 AM" "The command completed
successfully."
And also as expected my member systems have the same time as the
container, which of course has the same time as the host.

My thinking is that Samba reads the time from the ntp_signd socket and
passes that on to the member clients. The host itself, not running
Samba, has no need for the ntp_signd option it only exists to feed the
time to Samba. Basically the results speak for themselves unless some
other weird magic is happening that I have no clue about.

Chris