[Samba] Time sync problem samba 4.20.0 chrony debian11
Luis Peromarta
lperoma at icloud.com
Mon Jun 17 15:29:20 UTC 2024
LP
On Jun 17, 2024 at 15:40 +0100, Daniel Müller via samba <samba at lists.samba.org>, wrote:
> Dear all,
>
> we are running two samba 4.20 on debian 11(as dcs) with chrony/oldstable,now 4.0-8+deb11u2 amd64 as ntpserver.
> Our clients are windows 11 and windows 10 machines. A few of them where in an old samba 4 domain without any time issues (ntp/centos7)!?
> What we see, ist hat none of them syncs his time excactly from our dcs. There is a difference from 2 to 10 minutes. Can you point us to find the error?
>
> Our chrony.conf just the same of both dcs but bindcmaddress is different:
>
> keyfile /etc/chrony/chrony.keys
> driftfile /var/lib/chrony/chrony.drift
> log tracking measurements statistics
> logdir /var/log/chrony
> maxupdateskew 100.0
> hwclockfile /etc/adjtime
> rtcsync
> makestep 1 3
> # ipaddress of this DC
> bindcmdaddress our.samba.dc.loc
I’d say this should be an IP.
> # The source, where we are receiving the time from
> server 0.pool.ntp.org iburst
> server 1.pool.ntp.org iburst
> server 2.pool.ntp.org iburst
> # dns netmask
> allow 192.168.135.0/24
> allow 192.168.134.0/24
> allow 192.168.50.0/24
> allow 192.168.131.0/24
> allow 192.168.139.0/24
> allow 192.168.140.0/24
> allow 0.0.0.0/0
If you are allowing 0.0.0.0/0, why the other declarations ?
> ntpsigndsocket /var/lib/samba/ntp_signd
> confdir /etc/chrony/conf.d
>
> Verifying rights to use signed socket:
> root at dommaster:~# ls -ld /var/lib/samba/ntp_signd
> drwxr-x--- 2 root _chrony 4096 8. Mai 07:26 /var/lib/samba/ntp_signd
>
> Show chrony status, running:
>
> service chrony status
> ● chrony.service - chrony, an NTP client/server
> Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
> Active: active (running) since Mon 2024-06-17 16:06:43 CEST; 5s ago
> Docs: man:chronyd(8)
> man:chronyc(1)
> man:chrony.conf(5)
> Process: 926202 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0/SUCCESS)
> Main PID: 926206 (chronyd)
> Tasks: 2 (limit: 154241)
> Memory: 1.2M
> CPU: 35ms
> CGroup: /system.slice/chrony.service
> ├─926206 /usr/sbin/chronyd -F 1
> └─926207 /usr/sbin/chronyd -F 1
>
> Jun 17 16:06:43 dommaster systemd[1]: Starting chrony, an NTP client/server...
> Jun 17 16:06:43 dommaster chronyd[926206]: chronyd version 4.0 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND >
> Jun 17 16:06:43 dommaster chronyd[926206]: Frequency 26.454 +/- 0.158 ppm read from /var/lib/chrony/chrony.drift
> Jun 17 16:06:43 dommaster chronyd[926206]: MS-SNTP authentication enabled
> Jun 17 16:06:43 dommaster chronyd[926206]: Loaded seccomp filter
> Jun 17 16:06:43 dommaster systemd[1]: Started chrony, an NTP client/server.
>
> tcpdump udp port 123
> tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
> listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
> 16:22:47.608803 IP pc2304.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120
> 16:22:53.692770 IP schulung6.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120
I don’t see your windows machines talking to your server. Only to stratum servers in the internet.
This is all I know about crony for samba:
http://samba.bigbird.es/doku.php?id=samba:install-chrony
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list