[Samba] running ntpd with samba DC: containers?
mjt at tls.msk.ru
Mon Oct 31 09:11:38 UTC 2022
As it often happens these days, more and more often a DS (primary or not)
is run in a linux container of one sort or another, because samba DC needs
its own unique configuration which is not compatible with file services.
But now there's a question: what to do with NTP and w32time in this case?
The problem is that running ntpd within a container is usually a bad idea,
and actually it doesn't even work, since only the host system does the
timekeeping, containers aren't even allowed to touch system time, and it
would be a conflict anyway. Running a DC inside a virtual machine (e.g.
qemu) where it's possible to run ntpd, will be even worse, since accurate
time and a virtual machine is not well-compatible.
windowsclient $> w32tm /monitor
PDC.domain *** PDC *** [192.168.177.6:123]:
ICMP: 0ms delay
NTP: error WSAECONNRESET - no server listening NTP-port
It looks like the clock on the client machines is not syncronized, even
if w32tm /resync says "Command is completed successfully" - on at least
one of our machines it is ~4sec different than on the PDC.
More, when windows client is joined to a domain, it can't use regular
NTP (with given ntp server) anymore, the NTP configuration is grayed
out with a message "some parameters are disabled by your organization"
or something like that.
What's the right way to syncronize time for windows clients in this case?
More information about the samba