[Samba] samba4.18.5 + debian 12 + ntpsec
Peter Milesson
miles at atmos.eu
Wed Aug 9 18:07:12 UTC 2023
On 09.08.2023 19:54, Rowland Penny via samba wrote:
>
>
> On 09/08/2023 18:44, Michael Tokarev via samba wrote:
>> 09.08.2023 20:41, Michael Tokarev пишет:
>>> 09.08.2023 20:26, Elias Pereira via samba пишет:
>>>> hello,
>>>>
>>>> The wiki configuration for ntp does not work with this
>>>> configuration samba4.18.5 + debian 12 + ntpsec. At least for me, it
>>>> didn't
>>>> work.
>>>>
>>>> I had to remove the "notrap" and "mssntp" options so that the Windows
>>>> clients could synchronize with the DCs again.
>>>>
>>>> # Access control
>>>> # Default restriction: Allow clients only to query the time
>>>> restrict default kod nomodify notrap nopeer limited mssntp
>>
>> FWIW, I have:
>> restrict default kod nomodify nopeer noquery limited
>
> On your DCs, you should have 'mssntp' on the end of that line and also
> have a line similar to this:
>
> ntpsigndsocket /var/lib/samba/ntp_signd
>
> Rowland
>
Hi,
I assume that you cannot synchronize a Windows client with a DC using
the setting "w32tm /config /syncfromflags:domhier", if ntpsignd and
mssntp is missing. I haven't tested it, however.
Well, you could always setup a GPO synchronizing clients with whatever
NTP servers you want using "w32tm /config /manualpeerlist:"server server
server". Maybe it's a better and more fault tolerant solution. But in a
scenario where there's no internet connection, you're out of luck.
After my battle with ntpsec yesterday, I have switched to Chrony
permanently.
Best regards,
Peter
More information about the samba
mailing list