[Samba] Joining Windows 10 Domain Member to Samba AD/DC

Mark Foley mfoley at novatec-inc.com
Wed Jan 24 05:04:17 UTC 2024 

This is a follow-up on this thread which was ultimately about time
synchronization on Windows domain members.  To recap, I was not able to get
Windows domain members to use the DC as the time server, even though they could
connect to the DC time server port (see stripchart test in previous emails). 

I thought perhaps this was because I tried to change the DC FDQN and realm from
mail.hprs.local to a more acceptable dc1.hprs.locl, which required chaning a lot
of Registry settings on the domain members. So, I wiped the DC and started over,
provisioning as the old name mail.hprs.local. 

Unfortunately, that didn't work which probably meant I could have kept the new
and improved domain name. No going back now!

After doing absolutely nothing at all on the newly provisioned DC, I joined all
the office Windows Domain Members, then checked their 'w32tm /query /source'.
Some came back as "Free-running System Clock", some came back as "Local CMOS
Clock". None came back as the expected "mail.hprs.local". Thus, for those of you
who thought the Domain Members should just "automatically" find the time server,
that did not prove to be true in my case.

I then tried the following on several of the domain members from my notes when
using the old Samba 4.8.2 (which worked perfectly), and from various forum
suggestions and suggestions from this thread:

(worked on Samba 4.8.2)
net stop w32time
w32tm /unregister
w32tm /register
net start w32time

net stop w32time                                                                                                                         
w32tm /unregister
w32tm /register
w32tm /config /manualpeerlist:mail,0x8 /syncfromflags:MANUAL
net start w32time
w32tm /config /update

[powershell]
stop-service w32time 
w32tm /unregister 
w32tm /register 
start-service w32time 
w32tm /config /manualpeerlist:0.pool.ntp.org /syncfromflags:manual /update
w32tm /config /reliable:yes 
restart-service w32time 
w32tm /resync 
w32tm /query /source

None of these worked.  After trying the first two all members went to "Local
CMOS Clock".  Afer the 'w32tm /resync' command in PowerShell I got "The computer
did not resync because no time data was available."

I've tried with and without a configuring time source Group Policy, with ntpd
(compiled with --enable-ntp-signd) and with chrony. 

As you can see from the last attempt, I even tried using 0.pool.ntp.org as the
time source which should have had no reliance on the DC at all.

Nne of this worked.

This message is mostly an FYI to inform the SambaList folks who have been
interested in this topic, but if any of you have any additional suggestions,
please feel free to comment. 

I am planning on opening a ticket with Microsoft, which will cost money, but oh
well!

--Mark

More information about the samba mailing list