[Samba] Time sync problem samba 4.20.0 chrony debian11

Sonic sonicsmith at gmail.com
Mon Jun 17 15:53:14 UTC 2024 

Try resetting the time service on your Windows domain members:
Do this in an elevated prompt:
==========================
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
==========================


On Mon, Jun 17, 2024 at 10:41 AM Daniel Müller via samba <
samba at lists.samba.org> wrote:

> Dear all,
>
> we are running two samba 4.20 on debian 11(as dcs) with
> chrony/oldstable,now 4.0-8+deb11u2 amd64 as ntpserver.
> Our clients are windows 11 and windows 10 machines. A few of them where in
> an old samba 4 domain without any time issues (ntp/centos7)!?
> What we see, ist hat none of them syncs his time excactly from our dcs.
> There is a difference from 2 to 10 minutes. Can you point us to find the
> error?
>
> Our chrony.conf just the same of both dcs but bindcmaddress is different:
>
> keyfile /etc/chrony/chrony.keys
> driftfile /var/lib/chrony/chrony.drift
> log tracking measurements statistics
> logdir /var/log/chrony
> maxupdateskew 100.0
> hwclockfile /etc/adjtime
> rtcsync
> makestep 1 3
> # ipaddress of this DC
> bindcmdaddress our.samba.dc.loc
> # The source, where we are receiving the time from
> server 0.pool.ntp.org     iburst
> server 1.pool.ntp.org     iburst
> server 2.pool.ntp.org     iburst
> # dns netmask
> allow 192.168.135.0/24
> allow 192.168.134.0/24
> allow 192.168.50.0/24
> allow 192.168.131.0/24
> allow 192.168.139.0/24
> allow 192.168.140.0/24
> allow 0.0.0.0/0
> ntpsigndsocket  /var/lib/samba/ntp_signd
> confdir /etc/chrony/conf.d
>
> Verifying  rights to use signed socket:
> root at dommaster:~# ls -ld /var/lib/samba/ntp_signd
> drwxr-x--- 2 root _chrony 4096  8. Mai 07:26 /var/lib/samba/ntp_signd
>
> Show chrony status, running:
>
> service chrony status
> ● chrony.service - chrony, an NTP client/server
>      Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor
> preset: enabled)
>      Active: active (running) since Mon 2024-06-17 16:06:43 CEST; 5s ago
>        Docs: man:chronyd(8)
>              man:chronyc(1)
>              man:chrony.conf(5)
>     Process: 926202 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited,
> status=0/SUCCESS)
>    Main PID: 926206 (chronyd)
>       Tasks: 2 (limit: 154241)
>      Memory: 1.2M
>         CPU: 35ms
>      CGroup: /system.slice/chrony.service
>              ├─926206 /usr/sbin/chronyd -F 1
>              └─926207 /usr/sbin/chronyd -F 1
>
> Jun 17 16:06:43 dommaster systemd[1]: Starting chrony, an NTP
> client/server...
> Jun 17 16:06:43 dommaster chronyd[926206]: chronyd version 4.0 starting
> (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND >
> Jun 17 16:06:43 dommaster chronyd[926206]: Frequency 26.454 +/- 0.158 ppm
> read from /var/lib/chrony/chrony.drift
> Jun 17 16:06:43 dommaster chronyd[926206]: MS-SNTP authentication enabled
> Jun 17 16:06:43 dommaster chronyd[926206]: Loaded seccomp filter
> Jun 17 16:06:43 dommaster systemd[1]: Started chrony, an NTP client/server.
>
> tcpdump udp port 123
> tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
> listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 262144
> bytes
> 16:22:47.608803 IP pc2304.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client,
> length                           120
> 16:22:53.692770 IP schulung6.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3,
> Client, length 120
>
> What we see on our Windows clients, without the right time is set:
>
> w32tm /monitor
> dommaster.tlk.loc *** PDC ***[192.168.135.206:123]:
>     ICMP: 0ms Verzögerung
>     NTP: +0.0000000s Offset von dommaster.tlk.loc
>         RefID: time.convar.net [213.206.165.21]
>         Stratum: 3
> dom2.tlk.loc[192.168.134.36:123]:
>     ICMP: 0ms Verzögerung
>     NTP: +0.0216667s Offset von dommaster.tlk.loc
>         RefID: eth2-1201.fsn-lf-e02.productsup.int [185.252.140.126]
>         Stratum: 3
>
> w32tm /query /source
> Local CMOS Clock
>
> w32tm /query /status
> Sprungindikator: 3(nicht synchronisiert)
> Stratum: 0 (nicht angegeben)
> Präzision: -23 (119.209ns pro Tick)
> Stammverzögerung: 0.0000000s
> Stammabweichung: 0.0000000s
> Referenz-ID: 0x00000000 (nicht angegeben)
> Letzte erfolgr. Synchronisierungszeit: nicht angegeben
> Quelle: Local CMOS Clock
> Abrufintervall: 10 (1024s)
>
> w32tm /query /configuration
> [Konfiguration]
>
> EventLogFlags: 2 (Lokal)
> AnnounceFlags: 10 (Lokal)
> TimeJumpAuditOffset: 28800 (Lokal)
> MinPollInterval: 10 (Lokal)
> MaxPollInterval: 15 (Lokal)
> MaxNegPhaseCorrection: 4294967295 (Lokal)
> MaxPosPhaseCorrection: 4294967295 (Lokal)
> MaxAllowedPhaseOffset: 300 (Lokal)
>
> FrequencyCorrectRate: 4 (Lokal)
> PollAdjustFactor: 5 (Lokal)
> LargePhaseOffset: 50000000 (Lokal)
> SpikeWatchPeriod: 900 (Lokal)
> LocalClockDispersion: 10 (Lokal)
> HoldPeriod: 5 (Lokal)
> PhaseCorrectRate: 1 (Lokal)
> UpdateInterval: 30000 (Lokal)
>
> FileLogName:  (Lokal)
> FileLogEntries: 0-300 (Lokal)
> FileLogSize: 16777216 (Lokal)
>
> [Zeitanbieter]
>
> NtpClient (Lokal)
> DllName: C:\windows\system32\w32time.dll (Lokal)
> Enabled: 1 (Lokal)
> InputProvider: 1 (Lokal)
> CrossSiteSyncFlags: 2 (Lokal)
> AllowNonstandardModeCombinations: 1 (Lokal)
> ResolvePeerBackoffMinutes: 15 (Lokal)
> ResolvePeerBackoffMaxTimes: 7 (Lokal)
> CompatibilityFlags: 2147483648 (Lokal)
> EventLogFlags: 1 (Lokal)
> LargeSampleSkew: 3 (Lokal)
> SpecialPollInterval: 3600 (Lokal)
> Type: NT5DS (Lokal)
>
> NtpServer (Lokal)
> DllName: C:\windows\system32\w32time.dll (Lokal)
> Enabled: 0 (Lokal)
> InputProvider: 0 (Lokal)
>
> C:\Users\administrator.TLK>w32tm /resync /nowait
> Befehl zum erneuten Synchronisieren wird an den lokalen Computer gesendet.
> Der Befehl wurde erfolgreich ausgeführt.
>
> C:\Users\administrator.TLK>w32tm /query /status
> Sprungindikator: 3(nicht synchronisiert)
> Stratum: 0 (nicht angegeben)
> Präzision: -23 (119.209ns pro Tick)
> Stammverzögerung: 0.0000000s
> Stammabweichung: 0.0000000s
> Referenz-ID: 0x00000000 (nicht angegeben)
> Letzte erfolgr. Synchronisierungszeit: nicht angegeben
> Quelle: Local CMOS Clock
> Abrufintervall: 10 (1024s)
>
> The log File on a windows 10 pc:
> 154665 13:43:18.8148252s - Computed Secure Time:
> 154665 13:46:30.4880028s - ---------- Log File Opened -----------------
> 154665 13:46:30.4882081s - Initializing Data IO
> 154665 13:46:30.4884036s - Initializing compute
> 154665 13:46:30.4884672s - Successfully opened handles to VM Generation
> counters
> 154665 13:46:30.4884807s - Failed to read vm genId counter. error:
> 0x00000006n
> 154665 13:46:30.4884898s - Secure Time Aggregation initialization complete
> 154665 13:46:30.5122261s - Computed Secure Time:
> 154665 13:46:30.6142804s - Computed Secure Time:
> 154665 13:46:30.6202869s - Computed Secure Time:
> 154665 13:46:30.8519384s - Computed Secure Time:
> 154665 13:46:32.0122878s - Computed Secure Time:
> 154665 13:51:32.0040470s - Computed Secure Time:
>
> Greetings
> Daniel
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list