[Samba] Samba domain time sync woes (Debian Bookworm)

Philippe LeCavalier support at plecavalier.com
Thu Aug 10 16:13:13 UTC 2023

On Wed, Aug 9, 2023 at 11:16 AM Luis Peromarta via samba <
samba at lists.samba.org> wrote:

> From
> https://wiki.samba.org/index.php/Time_Synchronisation
> "As a workaround for this, set the same external time servers on all DC's,
> then if the PDC emulator goes offline and cannot easily be restarted,
> transfer or seize the PDC emulator role to another DC."
> I have all DCs configured with chrony to get time from external time
> servers, all with identical chrony config.
> Is this the right way to do it then ?
> On 9 Aug 2023 at 11:05 +0200, samba at lists.samba.org, wrote:
> >
> > All DCs get their time from the DC
> > that holds the PDC_Emulator FSMO role, which gets its time from an
> > external source.
> --

I think there may be some confusion here... The DCs time and how the DC
gets time is independent from Samba offering time on the client side. In
other words, it doesn't matter how your DC gets the time whether it is ntp
or ntpsec so just configure ntpsec (or crony or whatever else you want) so
that the server has the right time and then Samba will offer up that time.
As indicated, Samba doesn't actually give the time but more so the Windows
client sync's to an available DC based on Microsoft's implementation of
ntp. Now to my knowledge (and maybe I've been mistaken all this time) Samba
has it's own ntp service builtin which would not be affected by Bookworm
moving to ntpsec.

More information about the samba mailing list