[Samba] Time sync problem samba 4.20.0 chrony debian11

Stefan Fuhrmann stefan at fuhrmann.homedns.org
Mon Jun 17 20:46:55 UTC 2024 

sorry english version:

https://www.meinbergglobal.com/english/sw/ntp.htm


greetz Stefan

Am 17.06.24 um 22:35 schrieb Stefan Fuhrmann via samba:
> Ahoi,
>
>
> its more the windows ntp client that doesnt work correctly....
>
> try this one on your win machines:
>
> https://www.meinberg.de/german/sw/ntp.htm#ntp_stable
>
> greetz
>
> Stefan
>
>
> Am 17.06.24 um 16:23 schrieb Daniel Müller via samba:
>> Dear all,
>>
>> we are running two samba 4.20 on debian 11(as dcs) with 
>> chrony/oldstable,now 4.0-8+deb11u2 amd64 as ntpserver.
>> Our clients are windows 11 and windows 10 machines. A few of them 
>> where in an old samba 4 domain without any time issues (ntp/centos7)!?
>> What we see, ist hat none of them syncs his time excactly from our 
>> dcs. There is a difference from 2 to 10 minutes. Can you point us to 
>> find the error?
>>
>> Our chrony.conf just the same of both dcs but bindcmaddress is 
>> different:
>>
>> keyfile /etc/chrony/chrony.keys
>> driftfile /var/lib/chrony/chrony.drift
>> log tracking measurements statistics
>> logdir /var/log/chrony
>> maxupdateskew 100.0
>> hwclockfile /etc/adjtime
>> rtcsync
>> makestep 1 3
>> # ipaddress of this DC
>> bindcmdaddress our.samba.dc.loc
>> # The source, where we are receiving the time from
>> server 0.pool.ntp.org     iburst
>> server 1.pool.ntp.org     iburst
>> server 2.pool.ntp.org     iburst
>> # dns netmask
>> allow 192.168.135.0/24
>> allow 192.168.134.0/24
>> allow 192.168.50.0/24
>> allow 192.168.131.0/24
>> allow 192.168.139.0/24
>> allow 192.168.140.0/24
>> allow 0.0.0.0/0
>> ntpsigndsocket  /var/lib/samba/ntp_signd
>> confdir /etc/chrony/conf.d
>>
>> Verifying  rights to use signed socket:
>> root at dommaster:~# ls -ld /var/lib/samba/ntp_signd
>> drwxr-x--- 2 root _chrony 4096  8. Mai 07:26 /var/lib/samba/ntp_signd
>>
>> Show chrony status, running:
>>
>> service chrony status
>> ● chrony.service - chrony, an NTP client/server
>>       Loaded: loaded (/lib/systemd/system/chrony.service; enabled; 
>> vendor preset: enabled)
>>       Active: active (running) since Mon 2024-06-17 16:06:43 CEST; 5s 
>> ago
>>         Docs: man:chronyd(8)
>>               man:chronyc(1)
>>               man:chrony.conf(5)
>>      Process: 926202 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS 
>> (code=exited, status=0/SUCCESS)
>>     Main PID: 926206 (chronyd)
>>        Tasks: 2 (limit: 154241)
>>       Memory: 1.2M
>>          CPU: 35ms
>>       CGroup: /system.slice/chrony.service
>>               ├─926206 /usr/sbin/chronyd -F 1
>>               └─926207 /usr/sbin/chronyd -F 1
>>
>> Jun 17 16:06:43 dommaster systemd[1]: Starting chrony, an NTP 
>> client/server...
>> Jun 17 16:06:43 dommaster chronyd[926206]: chronyd version 4.0 
>> starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND >
>> Jun 17 16:06:43 dommaster chronyd[926206]: Frequency 26.454 +/- 0.158 
>> ppm read from /var/lib/chrony/chrony.drift
>> Jun 17 16:06:43 dommaster chronyd[926206]: MS-SNTP authentication 
>> enabled
>> Jun 17 16:06:43 dommaster chronyd[926206]: Loaded seccomp filter
>> Jun 17 16:06:43 dommaster systemd[1]: Started chrony, an NTP 
>> client/server.
>>
>> tcpdump udp port 123
>> tcpdump: verbose output suppressed, use -v[v]... for full protocol 
>> decode
>> listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 
>> 262144 bytes
>> 16:22:47.608803 IP pc2304.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, 
>> Client, length                           120
>> 16:22:53.692770 IP schulung6.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, 
>> Client, length 120
>>
>> What we see on our Windows clients, without the right time is set:
>>
>> w32tm /monitor
>> dommaster.tlk.loc *** PDC ***[192.168.135.206:123]:
>>      ICMP: 0ms Verzögerung
>>      NTP: +0.0000000s Offset von dommaster.tlk.loc
>>          RefID: time.convar.net [213.206.165.21]
>>          Stratum: 3
>> dom2.tlk.loc[192.168.134.36:123]:
>>      ICMP: 0ms Verzögerung
>>      NTP: +0.0216667s Offset von dommaster.tlk.loc
>>          RefID: eth2-1201.fsn-lf-e02.productsup.int [185.252.140.126]
>>          Stratum: 3
>>
>> w32tm /query /source
>> Local CMOS Clock
>>
>> w32tm /query /status
>> Sprungindikator: 3(nicht synchronisiert)
>> Stratum: 0 (nicht angegeben)
>> Präzision: -23 (119.209ns pro Tick)
>> Stammverzögerung: 0.0000000s
>> Stammabweichung: 0.0000000s
>> Referenz-ID: 0x00000000 (nicht angegeben)
>> Letzte erfolgr. Synchronisierungszeit: nicht angegeben
>> Quelle: Local CMOS Clock
>> Abrufintervall: 10 (1024s)
>>
>> w32tm /query /configuration
>> [Konfiguration]
>>
>> EventLogFlags: 2 (Lokal)
>> AnnounceFlags: 10 (Lokal)
>> TimeJumpAuditOffset: 28800 (Lokal)
>> MinPollInterval: 10 (Lokal)
>> MaxPollInterval: 15 (Lokal)
>> MaxNegPhaseCorrection: 4294967295 (Lokal)
>> MaxPosPhaseCorrection: 4294967295 (Lokal)
>> MaxAllowedPhaseOffset: 300 (Lokal)
>>
>> FrequencyCorrectRate: 4 (Lokal)
>> PollAdjustFactor: 5 (Lokal)
>> LargePhaseOffset: 50000000 (Lokal)
>> SpikeWatchPeriod: 900 (Lokal)
>> LocalClockDispersion: 10 (Lokal)
>> HoldPeriod: 5 (Lokal)
>> PhaseCorrectRate: 1 (Lokal)
>> UpdateInterval: 30000 (Lokal)
>>
>> FileLogName:  (Lokal)
>> FileLogEntries: 0-300 (Lokal)
>> FileLogSize: 16777216 (Lokal)
>>
>> [Zeitanbieter]
>>
>> NtpClient (Lokal)
>> DllName: C:\windows\system32\w32time.dll (Lokal)
>> Enabled: 1 (Lokal)
>> InputProvider: 1 (Lokal)
>> CrossSiteSyncFlags: 2 (Lokal)
>> AllowNonstandardModeCombinations: 1 (Lokal)
>> ResolvePeerBackoffMinutes: 15 (Lokal)
>> ResolvePeerBackoffMaxTimes: 7 (Lokal)
>> CompatibilityFlags: 2147483648 (Lokal)
>> EventLogFlags: 1 (Lokal)
>> LargeSampleSkew: 3 (Lokal)
>> SpecialPollInterval: 3600 (Lokal)
>> Type: NT5DS (Lokal)
>>
>> NtpServer (Lokal)
>> DllName: C:\windows\system32\w32time.dll (Lokal)
>> Enabled: 0 (Lokal)
>> InputProvider: 0 (Lokal)
>>
>> C:\Users\administrator.TLK>w32tm /resync /nowait
>> Befehl zum erneuten Synchronisieren wird an den lokalen Computer 
>> gesendet.
>> Der Befehl wurde erfolgreich ausgeführt.
>>
>> C:\Users\administrator.TLK>w32tm /query /status
>> Sprungindikator: 3(nicht synchronisiert)
>> Stratum: 0 (nicht angegeben)
>> Präzision: -23 (119.209ns pro Tick)
>> Stammverzögerung: 0.0000000s
>> Stammabweichung: 0.0000000s
>> Referenz-ID: 0x00000000 (nicht angegeben)
>> Letzte erfolgr. Synchronisierungszeit: nicht angegeben
>> Quelle: Local CMOS Clock
>> Abrufintervall: 10 (1024s)
>>
>> The log File on a windows 10 pc:
>> 154665 13:43:18.8148252s - Computed Secure Time:
>> 154665 13:46:30.4880028s - ---------- Log File Opened -----------------
>> 154665 13:46:30.4882081s - Initializing Data IO
>> 154665 13:46:30.4884036s - Initializing compute
>> 154665 13:46:30.4884672s - Successfully opened handles to VM 
>> Generation counters
>> 154665 13:46:30.4884807s - Failed to read vm genId counter. error: 
>> 0x00000006n
>> 154665 13:46:30.4884898s - Secure Time Aggregation initialization 
>> complete
>> 154665 13:46:30.5122261s - Computed Secure Time:
>> 154665 13:46:30.6142804s - Computed Secure Time:
>> 154665 13:46:30.6202869s - Computed Secure Time:
>> 154665 13:46:30.8519384s - Computed Secure Time:
>> 154665 13:46:32.0122878s - Computed Secure Time:
>> 154665 13:51:32.0040470s - Computed Secure Time:
>>
>> Greetings
>> Daniel
>>
>>
>>
>>
>

More information about the samba mailing list