[Samba] Getting the time to work with a DC inside an LXC container
Marco Gaiarin
gaio at sv.lnf.it
Mon Mar 15 13:32:19 UTC 2021
Mandi! Oleg Blyahher via samba
In chel di` si favelave...
> What's the easiest way of telling domain joined machines where to look for
> the time? I'm perfectly fine with using someone else's time servers.
Two way:
a) remove the CAP_SYS_TIME capability from the 'drop' list, eg enable
it; supposing:
root at clerk:~# lxc-info -n 100 -c lxc.cap.drop
lxc.cap.drop = mac_admin
mac_override
sys_time
sys_module
sys_rawio
add to container config file:
lxc.cap.drop:
lxc.cap.drop: mac_admin mac_override sys_module sys_rawio
b) remove ntpd hardware access, eg add in ntp.conf:
# don't update the system's clock
disable kernel
note taht clock of the container is the clock of the host, so you have
to keep host clock in sync by other means if option b).
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list