[Samba] problems with time synchronization with Samba 4

Marcio B. marciobacci at gmail.com
Fri May 21 01:24:50 UTC 2021


Hi,

Recently on my network some Windows 10 computers are no longer able to
synchronize the time with DC Samba4.

Apparently my NTP server (it is the same as DC Samba4) is configured
correctly.

I tried to run the net time command at the Windows prompt and a permission
error occurred.

net time \\samba4dc /set /yes
Error 1314
The customer does not have the necessary privilege

I saw some solutions that create a GPO and grant permission for the domain
user to be able to change the system time.

Does anyone know if there is any other solution?

Following is my ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Local clock. Note that is not the "localhost" address!

server 127.127.1.0

fudge  127.127.1.0 stratum 10

# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#server ntp.eb.mil.br    iburst prefer
server a.st1.ntp.br     iburst prefer
server b.st1.ntp.br     iburst prefer

driftfile       /var/lib/ntp/ntp.drift

logfile         /var/log/ntp

ntpsigndsocket  /var/lib/samba/ntp_signd/


# Access control

# Default restriction: Allow clients only to query the time

restrict default kod nomodify notrap nopeer mssntp


# No restrictions for "localhost"

restrict 127.0.0.1


# Enable the time sources to only provide time to this host

restrict a.st1.ntp.br   mask 255.255.255.255    nomodify notrap nopeer
noquery
restrict b.st1.ntp.br   mask 255.255.255.255    nomodify notrap nopeer
noquery

Regards,

Márcio Bacci


More information about the samba mailing list