[Samba] samba4.18.5 + debian 12 + ntpsec

Peter Milesson miles at atmos.eu
Wed Aug 9 18:07:12 UTC 2023

On 09.08.2023 19:54, Rowland Penny via samba wrote:
> On 09/08/2023 18:44, Michael Tokarev via samba wrote:
>> 09.08.2023 20:41, Michael Tokarev пишет:
>>> 09.08.2023 20:26, Elias Pereira via samba пишет:
>>>> hello,
>>>> The wiki configuration for ntp does not work with this
>>>> configuration samba4.18.5 + debian 12 + ntpsec. At least for me, it 
>>>> didn't
>>>> work.
>>>> I had to remove the "notrap" and "mssntp" options so that the Windows
>>>> clients could synchronize with the DCs again.
>>>> # Access control
>>>> # Default restriction: Allow clients only to query the time
>>>> restrict default kod nomodify notrap nopeer limited mssntp
>> FWIW, I have:
>>   restrict default kod nomodify nopeer noquery limited
> On your DCs, you should have 'mssntp' on the end of that line and also 
> have a line similar to this:
> ntpsigndsocket /var/lib/samba/ntp_signd
> Rowland

I assume that you cannot synchronize a Windows client with a DC using 
the setting "w32tm /config /syncfromflags:domhier", if ntpsignd and 
mssntp is missing. I haven't tested it, however.

Well, you could always setup a GPO synchronizing clients with whatever 
NTP servers you want using "w32tm /config /manualpeerlist:"server server 
server". Maybe it's a better and more fault tolerant solution. But in a 
scenario where there's no internet connection, you're out of luck.

After my battle with ntpsec yesterday, I have switched to Chrony 

Best regards,


More information about the samba mailing list