[Samba] Getting the time to work with a DC inside an LXC container
L.P.H. van Belle
belle at bazuin.nl
Wed Mar 24 12:52:08 UTC 2021
See comment lower..
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sonic via samba
> Verzonden: woensdag 24 maart 2021 13:43
> Aan: Oleg Blyahher
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Getting the time to work with a DC inside an LXC
> container
>
> The following, using chrony on Debian, works for me allowing the AD
> clients to sync with the Samba server:
>
> Changes to chrony.conf -
> remove any server directives
> add:
> local stratum 8
> ntpsigndsocket /usr/local/samba/var/lib/ntp_signd (use your specific
> location)
> allow a.b.c.d/mm
> allow w.x.y.z/nn (use your allowed subnets)
>
> My chrony.conf is:
> ===============================
> local stratum 8
> manual
> keyfile /etc/chrony/chrony.keys
> driftfile /var/lib/chrony/chrony.drift
> maxupdateskew 100.0
> allow a.b.c.d/mm
> allow w.x.y.z/nn
> ntpsigndsocket /usr/local/samba/var/lib/ntp_signd
> ===============================
>
> Changes to chrony.service -
> remove or comment out "ConditionCapability=CAP_SYS_TIME"
>
> My chrony.service is:
> ===============================
> [Unit]
> Description=chrony, an NTP client/server
> Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
> Conflicts=systemd-timesyncd.service openntpd.service ntp.service
> ntpsec.service
> After=network.target
> #ConditionCapability=CAP_SYS_TIME
>
> [Service]
> Type=forking
> PIDFile=/run/chronyd.pid
> EnvironmentFile=-/etc/default/chrony
> ExecStart=/usr/sbin/chronyd $DAEMON_OPTS
> ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon
> PrivateTmp=yes
> ProtectHome=yes
> ProtectSystem=full
>
> [Install]
> Alias=chronyd.service
> WantedBy=multi-user.target
> ===============================
Here i recommend to NOT change the system default service files..
The "correct" way of this edit should be: systemctl edit chrony.service
This creates an override file in /etc/systemd/chrony.service.d/overrided.conf
( dont know from head if that 100% correct but its in /etc/systemd )
Now add :
[Unit]
ConditionCapability=
Save and done.
Way better to keep track on if things changes and this helps with upgrades.
* systemctl edit --full chrony.service copies this file to /etc/systemd fully and you can edit that.
the other option.
>
> Changes to /etc/default/chrony -
> add -x to DAEMON_OPTS
>
> My /etc/default/chrony is:
> ===============================
> DAEMON_OPTS="-F -1 -x"
> ===============================
>
> Before I discovered the above as a working solution I used a GPO to
> set the time service for the clients.
> One example site: https://theitbros.com/configure-ntp-time-sync-group-
> policy/
>
> Chris
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
and thanks for sharing this.
It will help others.
Greetz,
Louis
More information about the samba
mailing list