[Samba] Getting the time to work with a DC inside an LXC container

Oleg Blyahher oleg.blyahher at bluetest.se
Mon Mar 15 12:23:17 UTC 2021

Hi everyone,

Running Samba DC Version 4.12.10-Debian on Debian 10, inside a 
privileged LXC on a host with Ubuntu 20.04 with LXD.

I've migrated to this one from another setup that wasn't working so 
well, but that had a working time server.

I had tried following this wiki article: 
https://wiki.samba.org/index.php/Time_Synchronisation but to no avail. 
Both Chrony and ntpd want access to the host's kernel and don't really work.

I've also edited the group policy so that domain-joined clients will 
simply use Microsoft's default time servers, but
*w32tm /query /source*

returns "Local CMOS Clock".

What's the easiest way of telling domain joined machines where to look 
for the time? I'm perfectly fine with using someone else's time servers.

Here's my smb.conf, just in case:

# Global parameters
         netbios name = DC
         realm = REALM
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = MYGROUP
         idmap_ldb:use rfc2307  = yes
         template shell = /bin/bash
         template homedir = /home/%U
         ldap server require strong auth = no

         tls enabled  = yes
         tls keyfile  = /etc/ssl/private/cert.pem
         tls certfile = /etc/ssl/certs/cert.key
         ldap debug level = 3

         ntlm auth = mschapv2-and-ntlmv2-only
         log level = 3 auth:5 winbind:5

         check password script = /usr/bin/crackcheck -d 

         path = /var/lib/samba/sysvol/domain.com/scripts
         read only = No

         path = /var/lib/samba/sysvol
         read only = No


More information about the samba mailing list