[Samba] Samba4 Windows Client Time Sync Issue

Andrey Repin arepin at hostkey.com
Tue Jun 27 12:58:18 UTC 2023

Hello Marco Shmerykowsky PE,

Monday, June 26, 2023, 6:10:41 PM, you wrote:

> On 6/24/2023 5:23 PM, Andrey Repin wrote:
>> Hello Marco Shmerykowsky PE,
>> > Friday, June 23, 2023, 6:32:38 PM, you wrote:
>> >> I just realized that some of my Windows 10 clients do
>>> not appear to be syncing the time correctly.
>> >> I setup NTP to run on my Netgate PFSense server.  It is
>>> using pfsense.pool.ntp.org Time Servers.  I configured NTP
>>> on my Samba servers to point to back to the PFSense Server.
>> >> NTP on the samba servers have the following ntp.conf files:
>> >> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
>> >> driftfile /var/lib/ntp/ntp.drift
>> >> statistics loopstats peerstats clockstats
>>> filegen loopstats file loopstats type day enable
>>> filegen peerstats file peerstats type day enable
>>> filegen clockstats file clockstats type day enable
>> >> server PFSENSE-SERVER iburst
>> > Write full DNS name here for clarity, or use IP address if name resolution
>> could fail.
>> >> restrict -4 default kod notrap nomodify nopeer noquery limited
>>> restrict -6 default kod notrap nomodify nopeer noquery limited
>> >> restrict
>>> restrict ::1
>> >> restrict source notrap nomodify noquery
>> >> Should this be working? If not what should I be correcting?
>> > For win10 clients, reset and restart w32tm service.
>> > w32tm /unregister
>> w32tm /register
>> w32tm /config ...
>> > 
> The ip address is specified in the config files.
> I just "redacted" it for the post.

> The win32tm commands above didn't change anything.  The client computers
> that are not syncing report "Local CMOS Clock" in response to the
> command "w32tm /query /source".

That's what w32tm /config is there for.
In my experience, using windows domain clock sync is not always the best idea.
NTP is more reliable.

> The machines where the clock is syncing report:

> ip_address_of_NTP_Server,0x9

You don't necessarily SHOULD sync clock with DC itself, but you MUST make sure
both DC and clients get their time from authoritative source(s).

Best regards,
Andrey Repin

More information about the samba mailing list