[Samba] NTP service: ntp daemon exiting
Rowland Penny
rpenny at samba.org
Mon Nov 8 17:46:33 UTC 2021
On Mon, 2021-11-08 at 16:58 +0100, Ilias Chasapakis forumZFD via samba
wrote:
> Hello to all!
>
> We have 3 replicating samba4 AD DC´s with ntp (daemon+utils) version
> 1:4.2.8p12+dfsg-4 installed on the same subnet.
>
> The ntp service dies on 2 of them (samba 4.13.13) after a short time
> (2
> to 4 minutes). The third AD DC runs samba version 4.14.9.
>
> This is an excerpt of the status:
>
> > ntpd[14033]: ntpd 4.2.8p12 at 1.3728-o (1): Starting
> > ntpd[14033]: Command line: /usr/sbin/ntpd -p /var/run/ntpd.pid -g
> > -u
> > 107:113
> > systemd[1]: Started Network Time Service.
> > ntpd[14039]: proto: precision = 0.125 usec (-23)
> > ntpd[14039]: MS-SNTP signd operations currently block ntpd
> > degrading
> > service to all clients.
> > ntpd[14039]: restrict default: KOD does nothing without LIMITED.
> > ntpd[14039]: switching logging to file /var/log/ntp
> > systemd[1]: Stopping Network Time Service...
> > systemd[1]: ntp.service: Succeeded.
> > systemd[1]: Stopped Network Time Service.
>
> We have tried changing permissions to /var/lib/samba/ntp_signd to the
> ones as on the working machine and in general confronted the
> configuration files (ntp.conf, smb.conf etc.) to see what could be
> different, to no avail.
>
> My colleague then used the guide here so as to do things from scratch
> on
> one of the failing ones:
>
> https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_DC
Thanks for pointing that out, where it says:
# Default restriction: Allow clients only to query the time
restrict default kod nomodify notrap nopeer mssntp
It should say:
# Default restriction: Allow clients only to query the time
restrict default kod nomodify notrap nopeer limited mssntp
Try that, it should fix it, meanwhile I will update the wiki.
Rowland
More information about the samba
mailing list