[Samba] Getting the time to work with a DC inside an LXC container
Oleg Blyahher
oleg.blyahher at bluetest.se
Mon Mar 15 12:23:17 UTC 2021
Hi everyone,
Running Samba DC Version 4.12.10-Debian on Debian 10, inside a
privileged LXC on a host with Ubuntu 20.04 with LXD.
I've migrated to this one from another setup that wasn't working so
well, but that had a working time server.
I had tried following this wiki article:
https://wiki.samba.org/index.php/Time_Synchronisation but to no avail.
Both Chrony and ntpd want access to the host's kernel and don't really work.
I've also edited the group policy so that domain-joined clients will
simply use Microsoft's default time servers, but
*w32tm /query /source*
returns "Local CMOS Clock".
What's the easiest way of telling domain joined machines where to look
for the time? I'm perfectly fine with using someone else's time servers.
Here's my smb.conf, just in case:
# Global parameters
[global]
netbios name = DC
realm = REALM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = MYGROUP
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
template homedir = /home/%U
ldap server require strong auth = no
tls enabled = yes
tls keyfile = /etc/ssl/private/cert.pem
tls certfile = /etc/ssl/certs/cert.key
ldap debug level = 3
ntlm auth = mschapv2-and-ntlmv2-only
log level = 3 auth:5 winbind:5
check password script = /usr/bin/crackcheck -d
/var/cache/cracklib/cracklib_dict
[netlogon]
path = /var/lib/samba/sysvol/domain.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Thanks!
More information about the samba
mailing list