[Samba] Samba4 Windows Client Time Sync Issue

Andrey Repin arepin at hostkey.com
Tue Jun 27 12:58:18 UTC 2023

Hello Marco Shmerykowsky PE,

Monday, June 26, 2023, 6:10:41 PM, you wrote:

> On 6/24/2023 5:23 PM, Andrey Repin wrote:
>> Hello Marco Shmerykowsky PE,
>> > Friday, June 23, 2023, 6:32:38 PM, you wrote:
>> >> I just realized that some of my Windows 10 clients do
>>> not appear to be syncing the time correctly.
>> >> I setup NTP to run on my Netgate PFSense server.  It is
>>> using pfsense.pool.ntp.org Time Servers.  I configured NTP
>>> on my Samba servers to point to back to the PFSense Server.
>> >> NTP on the samba servers have the following ntp.conf files:
>> >> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
>> >> driftfile /var/lib/ntp/ntp.drift
>> >> statistics loopstats peerstats clockstats
>>> filegen loopstats file loopstats type day enable
>>> filegen peerstats file peerstats type day enable
>>> filegen clockstats file clockstats type day enable
>> >> server PFSENSE-SERVER iburst
>> > Write full DNS name here for clarity, or use IP address if name resolution
>> could fail.
>> >> restrict -4 default kod notrap nomodify nopeer noquery limited
>>> restrict -6 default kod notrap nomodify nopeer noquery limited
>> >> restrict
>>> restrict ::1
>> >> restrict source notrap nomodify noquery
>> >> Should this be working? If not what should I be correcting?
>> > For win10 clients, reset and restart w32tm service.
>> > w32tm /unregister
>> w32tm /register
>> w32tm /config ...
>> > 
> The ip address is specified in the config files.
> I just "redacted" it for the post.

> The win32tm commands above didn't change anything.  The client computers
> that are not syncing report "Local CMOS Clock" in response to the
> command "w32tm /query /source".

That's what w32tm /config is there for.
In my experience, using windows domain clock sync is not always the best idea.
NTP is more reliable.

> The machines where the clock is syncing report:

> ip_address_of_NTP_Server,0x9

You don't necessarily SHOULD sync clock with DC itself, but you MUST make sure
both DC and clients get their time from authoritative source(s).

Best regards,
Andrey Repin

