[Samba] Joining Windows 10 Domain Member to Samba AD/DC

Mark Foley mfoley at novatec-inc.com
Fri Jan 5 19:30:48 UTC 2024


On Fri Jan  5 03:23:48 2024 Peter Milesson via samba <samba at lists.samba.org> wrote:
>
> On 05.01.2024 1:28, Mark Foley via samba wrote:
> > I've added a Windows 10 domain member to my Domain. I'm now following the
> > procedure in https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member.
> >
> > I've created the Group Policy for the "Time Sources". This doesn't seem to be
> > working. This did work fine with my old 4.8.2 DC, so I know it works in
> > principle.
> >
> > I have additional notes and have tried (on the Windows member):
> >
> > net stop w32time
> > w32tm /unregister
> > w32tm /register
> > net start w32time
> >
> > I've rebooted both the DC and the Windows member. On the Windows member I still
> > get:
> >
> >> w32tm /query /source
> > Local CMOS Clock
> >
> > whereas I expect the return to be "dc1.hprs.locl"
> >
> > I have confirmed that the Group Policy exists and is configured correctly.
> >
> > What's going wrong here?
> >
> > Thanks --Mark
> >
> Hi Mark,
>
> If you're using ntpsec on the DC, that wont work. You must use chrony. I 
> had the same problem some half year ago.
>
> Also, no need to use a GPO for this. The domain members get their time 
> from a DC anyway.
>
> HTH,
>
> Peter

Well, I may end up trying chrony. I don't know what ntpsec is. I'm using
ntp-4.2.8p17. Version 4.2.8p15 works fine on current DC. 

In the 3 responses to my post from you, Sonic and Lewis, you've all said I don't
need a GPO for this. I use one in my current DC and why would there be a wiki on
this (https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member)
if a GPO is not needed? I would think the wikis would mention the GPO not being
needed.

How do you know you're syncing with the DC? What does your 'w32tm /query /source'
give you?

I'll experiment more. The chrony option would not affect what's happening on the
Windows domain member and why the w32tm /config is not "taking".

Is there any way to confirm whether my ntpd was build with --enable-ntp-signd?



More information about the samba mailing list