[Samba] Getting the time to work with a DC inside an LXC container
Sonic
sonicsmith at gmail.com
Wed Mar 24 12:43:14 UTC 2021
The following, using chrony on Debian, works for me allowing the AD
clients to sync with the Samba server:
Changes to chrony.conf -
remove any server directives
add:
local stratum 8
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd (use your specific location)
allow a.b.c.d/mm
allow w.x.y.z/nn (use your allowed subnets)
My chrony.conf is:
===============================
local stratum 8
manual
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
maxupdateskew 100.0
allow a.b.c.d/mm
allow w.x.y.z/nn
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd
===============================
Changes to chrony.service -
remove or comment out "ConditionCapability=CAP_SYS_TIME"
My chrony.service is:
===============================
[Unit]
Description=chrony, an NTP client/server
Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service
After=network.target
#ConditionCapability=CAP_SYS_TIME
[Service]
Type=forking
PIDFile=/run/chronyd.pid
EnvironmentFile=-/etc/default/chrony
ExecStart=/usr/sbin/chronyd $DAEMON_OPTS
ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
[Install]
Alias=chronyd.service
WantedBy=multi-user.target
===============================
Changes to /etc/default/chrony -
add -x to DAEMON_OPTS
My /etc/default/chrony is:
===============================
DAEMON_OPTS="-F -1 -x"
===============================
Before I discovered the above as a working solution I used a GPO to
set the time service for the clients.
One example site: https://theitbros.com/configure-ntp-time-sync-group-policy/
Chris
More information about the samba
mailing list