[Samba] Long Term Support Samba releases?

Luke Barone lukebarone at gmail.com
Thu Aug 10 01:34:33 UTC 2023 

How about chrony? It seems to work in our network with Bookworm

On Wed, Aug 9, 2023 at 12:43 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 09/08/2023 20:20, Andrew Bartlett via samba wrote:
> > On Wed, 2023-08-09 at 14:26 -0300, Elias Pereira via samba wrote:
> >> hello,
> >>
> >> The wiki configuration for ntp does not work with this
> >> configuration samba4.18.5 + debian 12 + ntpsec. At least for me, it
> >> didn't
> >> work.
> >>
> >> I had to remove the "notrap" and "mssntp" options so that the Windows
> >> clients could synchronize with the DCs again.
> >>
> >> # Access control
> >> # Default restriction: Allow clients only to query the time
> >> restrict default kod nomodify notrap nopeer limited mssntp
> >>
> >> What is the implication regarding security in removing these options?
> >
> > I wrote the mssntp feature for ntp, and got it merged upstream.
> >
> > mssntp provides a feature where the time responses are signed using the
> > computer account's password.  This allows the computer to trust the
> > Samba AD DC to provide secure time.  Without it the time server will
> > not be automatically trusted.
> >
> > I spoke with the ntpsec project manager at a confernece after their
> > launch, and they said that they removed it as they didn't know what it
> > was for.  The ntpsec project didn't reach out to me about it sadly, I
> > would have glady explained it.
> >
> > It is unfortunate, but I would note in their defence they were trimming
> > down a lot of portability and other historical features to meet their
> > new mission, and clearly Samba AD is not a core part of their mission,
> > as it seems neither have they restore it.
> >
> > Andrew Bartlett
> >
>
> Well, I can understand (to a certain extent) removing what could be dead
> code, but when they are told that they have made a mistake and don't
> seem to have made any attempt to fix the problem, then words fail me.
>
> It might just be easier to get Debian to bring back NTP.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list