[Samba] Time sync problem samba 4.20.0 chrony debian11

Daniel Müller mueller at tropenklinik.de
Tue Jun 18 06:12:56 UTC 2024 

I have done that a thousend times. It will not work.

 

Greetings

Daniel

 

Von: Sonic [mailto:sonicsmith at gmail.com] 
Gesendet: Montag, 17. Juni 2024 17:53
An: mueller at tropenklinik.de
Cc: samba samba <samba at lists.samba.org>
Betreff: Re: [Samba] Time sync problem samba 4.20.0 chrony debian11

 

Try resetting the time service on your Windows domain members:

Do this in an elevated prompt:
==========================
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
==========================

 

 

On Mon, Jun 17, 2024 at 10:41 AM Daniel Müller via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> > wrote:

Dear all,

we are running two samba 4.20 on debian 11(as dcs) with  chrony/oldstable,now 4.0-8+deb11u2 amd64 as ntpserver.
Our clients are windows 11 and windows 10 machines. A few of them where in an old samba 4 domain without any time issues (ntp/centos7)!?
What we see, ist hat none of them syncs his time excactly from our dcs. There is a difference from 2 to 10 minutes. Can you point us to find the error?

Our chrony.conf just the same of both dcs but bindcmaddress is different:

keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
log tracking measurements statistics
logdir /var/log/chrony
maxupdateskew 100.0
hwclockfile /etc/adjtime
rtcsync
makestep 1 3
# ipaddress of this DC
bindcmdaddress our.samba.dc.loc
# The source, where we are receiving the time from
server 0.pool.ntp.org <http://0.pool.ntp.org>      iburst
server 1.pool.ntp.org <http://1.pool.ntp.org>      iburst
server 2.pool.ntp.org <http://2.pool.ntp.org>      iburst
# dns netmask
allow 192.168.135.0/24 <http://192.168.135.0/24> 
allow 192.168.134.0/24 <http://192.168.134.0/24> 
allow 192.168.50.0/24 <http://192.168.50.0/24> 
allow 192.168.131.0/24 <http://192.168.131.0/24> 
allow 192.168.139.0/24 <http://192.168.139.0/24> 
allow 192.168.140.0/24 <http://192.168.140.0/24> 
allow 0.0.0.0/0 <http://0.0.0.0/0> 
ntpsigndsocket  /var/lib/samba/ntp_signd
confdir /etc/chrony/conf.d

Verifying  rights to use signed socket:
root at dommaster:~# ls -ld /var/lib/samba/ntp_signd
drwxr-x--- 2 root _chrony 4096  8. Mai 07:26 /var/lib/samba/ntp_signd

Show chrony status, running:

service chrony status
● chrony.service - chrony, an NTP client/server
     Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-06-17 16:06:43 CEST; 5s ago
       Docs: man:chronyd(8)
             man:chronyc(1)
             man:chrony.conf(5)
    Process: 926202 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0/SUCCESS)
   Main PID: 926206 (chronyd)
      Tasks: 2 (limit: 154241)
     Memory: 1.2M
        CPU: 35ms
     CGroup: /system.slice/chrony.service
             ├─926206 /usr/sbin/chronyd -F 1
             └─926207 /usr/sbin/chronyd -F 1

Jun 17 16:06:43 dommaster systemd[1]: Starting chrony, an NTP client/server...
Jun 17 16:06:43 dommaster chronyd[926206]: chronyd version 4.0 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND >
Jun 17 16:06:43 dommaster chronyd[926206]: Frequency 26.454 +/- 0.158 ppm read from /var/lib/chrony/chrony.drift
Jun 17 16:06:43 dommaster chronyd[926206]: MS-SNTP authentication enabled
Jun 17 16:06:43 dommaster chronyd[926206]: Loaded seccomp filter
Jun 17 16:06:43 dommaster systemd[1]: Started chrony, an NTP client/server.

tcpdump udp port 123
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:22:47.608803 IP pc2304.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length                           120
16:22:53.692770 IP schulung6.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120

What we see on our Windows clients, without the right time is set:

w32tm /monitor
dommaster.tlk.loc *** PDC ***[192.168.135.206:123 <http://192.168.135.206:123> ]:
    ICMP: 0ms Verzögerung
    NTP: +0.0000000s Offset von dommaster.tlk.loc
        RefID: time.convar.net <http://time.convar.net>  [213.206.165.21]
        Stratum: 3
dom2.tlk.loc[192.168.134.36:123 <http://192.168.134.36:123> ]:
    ICMP: 0ms Verzögerung
    NTP: +0.0216667s Offset von dommaster.tlk.loc
        RefID: eth2-1201.fsn-lf-e02.productsup.int <http://eth2-1201.fsn-lf-e02.productsup.int>  [185.252.140.126]
        Stratum: 3

w32tm /query /source
Local CMOS Clock

w32tm /query /status
Sprungindikator: 3(nicht synchronisiert)
Stratum: 0 (nicht angegeben)
Präzision: -23 (119.209ns pro Tick)
Stammverzögerung: 0.0000000s
Stammabweichung: 0.0000000s
Referenz-ID: 0x00000000 (nicht angegeben)
Letzte erfolgr. Synchronisierungszeit: nicht angegeben
Quelle: Local CMOS Clock
Abrufintervall: 10 (1024s)

w32tm /query /configuration
[Konfiguration]

EventLogFlags: 2 (Lokal)
AnnounceFlags: 10 (Lokal)
TimeJumpAuditOffset: 28800 (Lokal)
MinPollInterval: 10 (Lokal)
MaxPollInterval: 15 (Lokal)
MaxNegPhaseCorrection: 4294967295 (Lokal)
MaxPosPhaseCorrection: 4294967295 (Lokal)
MaxAllowedPhaseOffset: 300 (Lokal)

FrequencyCorrectRate: 4 (Lokal)
PollAdjustFactor: 5 (Lokal)
LargePhaseOffset: 50000000 (Lokal)
SpikeWatchPeriod: 900 (Lokal)
LocalClockDispersion: 10 (Lokal)
HoldPeriod: 5 (Lokal)
PhaseCorrectRate: 1 (Lokal)
UpdateInterval: 30000 (Lokal)

FileLogName:  (Lokal)
FileLogEntries: 0-300 (Lokal)
FileLogSize: 16777216 (Lokal)

[Zeitanbieter]

NtpClient (Lokal)
DllName: C:\windows\system32\w32time.dll (Lokal)
Enabled: 1 (Lokal)
InputProvider: 1 (Lokal)
CrossSiteSyncFlags: 2 (Lokal)
AllowNonstandardModeCombinations: 1 (Lokal)
ResolvePeerBackoffMinutes: 15 (Lokal)
ResolvePeerBackoffMaxTimes: 7 (Lokal)
CompatibilityFlags: 2147483648 (Lokal)
EventLogFlags: 1 (Lokal)
LargeSampleSkew: 3 (Lokal)
SpecialPollInterval: 3600 (Lokal)
Type: NT5DS (Lokal)

NtpServer (Lokal)
DllName: C:\windows\system32\w32time.dll (Lokal)
Enabled: 0 (Lokal)
InputProvider: 0 (Lokal)

C:\Users\administrator.TLK>w32tm /resync /nowait
Befehl zum erneuten Synchronisieren wird an den lokalen Computer gesendet.
Der Befehl wurde erfolgreich ausgeführt.

C:\Users\administrator.TLK>w32tm /query /status
Sprungindikator: 3(nicht synchronisiert)
Stratum: 0 (nicht angegeben)
Präzision: -23 (119.209ns pro Tick)
Stammverzögerung: 0.0000000s
Stammabweichung: 0.0000000s
Referenz-ID: 0x00000000 (nicht angegeben)
Letzte erfolgr. Synchronisierungszeit: nicht angegeben
Quelle: Local CMOS Clock
Abrufintervall: 10 (1024s)

The log File on a windows 10 pc:
154665 13:43:18.8148252s - Computed Secure Time:
154665 13:46:30.4880028s - ---------- Log File Opened -----------------
154665 13:46:30.4882081s - Initializing Data IO
154665 13:46:30.4884036s - Initializing compute
154665 13:46:30.4884672s - Successfully opened handles to VM Generation counters
154665 13:46:30.4884807s - Failed to read vm genId counter. error: 0x00000006n
154665 13:46:30.4884898s - Secure Time Aggregation initialization complete
154665 13:46:30.5122261s - Computed Secure Time:
154665 13:46:30.6142804s - Computed Secure Time:
154665 13:46:30.6202869s - Computed Secure Time:
154665 13:46:30.8519384s - Computed Secure Time:
154665 13:46:32.0122878s - Computed Secure Time:
154665 13:51:32.0040470s - Computed Secure Time:

Greetings
Daniel




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list