[Samba] Time synchronization issues in Samba 4

Michael Jones samba at jonesmz.com
Tue Aug 4 17:59:40 UTC 2020 

I use systemd-timesyncd to sync time with the rest of the internet.

Then, I use ntpd to allow my samba4 dc to share it's time with joined
domain members.

Most likely my ntpd.conf is horribly insecure and broken, but it's what I
was able to figure out.

/etc/ntpd.conf:

# This bizarre rule makes ntp fall back to reading from the
# bios clock if no network connection is available.
server 127.127.1.0
fudge 127.127.1.0 stratum 10

# Access control
# Default restriction: Allow clients only to query the time
restrict default nomodify notrap nopeer mssntp

# No restrictions for "localhost"
restrict 127.0.0.1

# Storage
driftfile /var/lib/ntp/ntp.drift
logfile/var/log/ntp
ntpsigndsocket /var/lib/samba/ntp_signd

On Tue, Aug 4, 2020 at 12:18 PM Marcio Demetrio Bacci via samba <
samba at lists.samba.org> wrote:

> Hi,
>
> I configured my NTP server in samba 4 according to the article "
> https://wiki.samba.org/index.php/Time_Synchronisation" however I verified
> that the NTP server does not respond to requests from Windows NTPv3
> clients, it only responds to NTPv4.
>
> Following my ntp.conf:
>
> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
> driftfile /var/lib/ntp/ntp.drift
> # Enable this if you want statistics to be logged.
> #statsdir /var/log/ntpstats/
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
> # Local clock. Note that is not the "localhost" address!
> server 127.127.1.0 version 3
> fudge  127.127.1.0 stratum 10
> # You do need to talk to an NTP server or two (or three).
> #server ntp.your-provider.example
> # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server
> will
> # pick a different set every time it starts up.  Please consider joining
> the
> # pool: <http://www.pool.ntp.org/join.html>
> server a.st1.ntp.br     iburst prefer
> server b.st1.ntp.br     iburst prefer
> driftfile       /var/lib/ntp/ntp.drift
> logfile         /var/log/ntp
> ntpsigndsocket  /var/lib/samba/ntp_signd/
> # Access control
> # Default restriction: Allow clients only to query the time
> restrict default kod nomodify notrap nopeer mssntp
> # No restrictions for "localhost"
> restrict 127.0.0.1
> # Enable the time sources to only provide time to this host
> restrict a.st1.ntp.br  mask 255.255.255.255    nomodify notrap nopeer
> noquery
> restrict b.st1.ntp.br   mask 255.255.255.255    nomodify notrap nopeer
> noquery
>
> can anybody help me?
>
>
> Regards,
>
> Márcio Bacci
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list