[Samba] Joining Windows 10 Domain Member to Samba AD/DC
Mark Foley
mfoley at novatec-inc.com
Sun Jan 7 00:13:01 UTC 2024
On Sat Jan 6 13:25:08 2024 Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> On Sat, 06 Jan 2024 13:06:48 -0500
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > On Sat Jan 6 03:34:43 2024 Rowland Penny via samba
> > <samba at lists.samba.org> wrote:
> > >
> > > On Fri, 5 Jan 2024 23:53:52 +0000
> > > Luis Peromarta via samba <samba at lists.samba.org> wrote:
> > >
> > > > You think ntp works with samba but it doesn’t.
> > >
> > > Sorry, but 'ntp' does work, it is the rewrite for more security
> > > 'ntpsec' that doesn't seem to work.
> > >
> > > >
> > > > You *must* use chrony. It will take you exactly 5 minutes to get
> > > > it up and running.
> > >
> > > Chrony does seem to work, I just hope they do not follow ntpsec down
> > > the same path.
> > >
> > > The other thing that you have to know, Mark Foley is using
> > > Slackware,
> > >
> > > Rowland
> >
> > In this case, I think Slackware is not a factor. For one thing, I
> > downloaded the ntp 4.2.8p17 source and built it using
> > --enable-ntp-signd; not the as-shipped Slackware version.
> >
>
> I was trying to point out that your version of 'ntp' might be okay
> because it came from Slackware (which seemingly it doesn't). The
> problem with 'ntp' became apparent on Debian 12, where the 'ntp'
> package was replaced by the 'ntpsec' package, where 'ntpsec' appears to
> be a rewrite of 'ntp' to provide more security. The only problem is
> that the connection between Samba and ntp was secure and 'ntpsec' seems
> to have broken this and cannot seem to fix it (my understanding, which
> may be wrong, is that they haven't a clue how it worked between 'ntp'
> and 'Samba', so they do not really know what, if anything, they
> removed.).
>
> My understanding is that if you are using 'ntp' (and not ntpsec), then
> it should still work.
>
> Rowland
Right, I've not heard of ntpsec and Slackware ships with ntpd 4.2.8p17. However,
I cannot tell whether the as-shipped ntpd is build with --enable-ntp-signd, so I
downloaded the sources and built it myself.
But, I'll be sure to steer clear of ntpsec!
--Mark
More information about the samba
mailing list