[Samba] NTP service: ntp daemon exiting

Ilias Chasapakis forumZFD chasapakis at forumZFD.de
Mon Nov 8 15:58:02 UTC 2021


Hello to all!

We have 3 replicating samba4 AD DC´s with ntp (daemon+utils) version
1:4.2.8p12+dfsg-4 installed on the same subnet.

The ntp service dies on 2 of them (samba 4.13.13) after a short time (2
to 4 minutes). The third AD DC runs samba version 4.14.9.

This is an excerpt of the status:

> ntpd[14033]: ntpd 4.2.8p12 at 1.3728-o (1): Starting
> ntpd[14033]: Command line: /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u
> 107:113
> systemd[1]: Started Network Time Service.
> ntpd[14039]: proto: precision = 0.125 usec (-23)
> ntpd[14039]: MS-SNTP signd operations currently block ntpd degrading
> service to all clients.
> ntpd[14039]: restrict default: KOD does nothing without LIMITED.
> ntpd[14039]: switching logging to file /var/log/ntp
> systemd[1]: Stopping Network Time Service...
> systemd[1]: ntp.service: Succeeded.
> systemd[1]: Stopped Network Time Service.

We have tried changing permissions to /var/lib/samba/ntp_signd to the
ones as on the working machine and in general confronted the
configuration files (ntp.conf, smb.conf etc.) to see what could be
different, to no avail.

My colleague then used the guide here so as to do things from scratch on
one of the failing ones:

https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_DC


but the ntp service exited again with "Signal 15 (Terminated)".

What we want is having the DC to distribute the time to (mainly windows)
clients correctly independently on which machine they land on to
authenticate. But of course if the ntp service does not work at all on 2
out of 3 machines, well, this becomes difficult.

Would it be possible to have some guidance on where to check better for
clues?

Thank you.

Ilias

-- 
forumZFD
Entschieden für Frieden|Committed to Peace

Ilias Chasapakis
Referent IT | IT Consultant

Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany

Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de

Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln

Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20211108/50ac1af8/OpenPGP_signature.sig>


More information about the samba mailing list