[Samba] DC Time Problems

Rowland Penny rpenny at samba.org
Wed Oct 25 18:16:09 UTC 2023

On Wed, 25 Oct 2023 11:53:07 -0500
Ham via samba <samba at lists.samba.org> wrote:

> It appears that none of our windows clients are syncing their time
> with the samba DC.    From what I can tell they are not able to get a 
> response from the DC.  For example, where the DC is named athena:
>      >w32tm /monitor /computers:athena
>     athena[]
>        ICMP: 0ms delay
>        NTP: error ERROR_TIMEOUT - no response from server in 1000ms
>  From a Linux machine there is also no response:
>     ntpdate -q athena
>     24 Oct 16:47:41 ntpdate[33581]: no server suitable for
>     synchronization found
> Here is the DC /etc/ntpsec/ntp.conf:
> # Where to retrieve the time from
> server 0.pool.ntp.org     iburst prefer
> server 1.pool.ntp.org     iburst prefer
> server 2.pool.ntp.org     iburst prefer
> driftfile       /var/lib/ntpsec/ntp.drift
> logfile         /var/log/ntp.log
> #logconfig =all
> ntpsigndsocket  /var/lib/samba/ntp_signd/
> # Access control
> # Default restriction: Allow clients only to query the time
> #restrict default kod nomodify notrap nopeer limited mssntp
> restrict -4 default kod limited nomodify notrap nopeer noquery mssntp
> # No restrictions for "localhost"
> restrict
> # Enable the time sources to only provide time to this host
> restrict 0.pool.ntp.org   mask    nomodify notrap
> nopeer noquery
> restrict 1.pool.ntp.org   mask    nomodify notrap
> nopeer noquery
> restrict 2.pool.ntp.org   mask    nomodify notrap
> nopeer noquery
> My DC is using Debian 11 and the Samba package from Debian.
> Any ideas on what the problem is?

Yes, ntpsec has replaced ntp and they (ntpsec) seem to have broken
ntp_signd. They also do not seem to be able to fix it. I also found out
that when the code was written to connect ntp and Samba, a Linux client
was never written.

Just use Chrony.


More information about the samba mailing list