[Samba] Time sync problem samba 4.20.0 chrony debian11
Daniel Müller
mueller at tropenklinik.de
Tue Jun 18 06:12:56 UTC 2024
I have done that a thousend times. It will not work.
Greetings
Daniel
Von: Sonic [mailto:sonicsmith at gmail.com]
Gesendet: Montag, 17. Juni 2024 17:53
An: mueller at tropenklinik.de
Cc: samba samba <samba at lists.samba.org>
Betreff: Re: [Samba] Time sync problem samba 4.20.0 chrony debian11
Try resetting the time service on your Windows domain members:
Do this in an elevated prompt:
==========================
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
==========================
On Mon, Jun 17, 2024 at 10:41 AM Daniel Müller via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> > wrote:
Dear all,
we are running two samba 4.20 on debian 11(as dcs) with chrony/oldstable,now 4.0-8+deb11u2 amd64 as ntpserver.
Our clients are windows 11 and windows 10 machines. A few of them where in an old samba 4 domain without any time issues (ntp/centos7)!?
What we see, ist hat none of them syncs his time excactly from our dcs. There is a difference from 2 to 10 minutes. Can you point us to find the error?
Our chrony.conf just the same of both dcs but bindcmaddress is different:
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
log tracking measurements statistics
logdir /var/log/chrony
maxupdateskew 100.0
hwclockfile /etc/adjtime
rtcsync
makestep 1 3
# ipaddress of this DC
bindcmdaddress our.samba.dc.loc
# The source, where we are receiving the time from
server 0.pool.ntp.org <http://0.pool.ntp.org> iburst
server 1.pool.ntp.org <http://1.pool.ntp.org> iburst
server 2.pool.ntp.org <http://2.pool.ntp.org> iburst
# dns netmask
allow 192.168.135.0/24 <http://192.168.135.0/24>
allow 192.168.134.0/24 <http://192.168.134.0/24>
allow 192.168.50.0/24 <http://192.168.50.0/24>
allow 192.168.131.0/24 <http://192.168.131.0/24>
allow 192.168.139.0/24 <http://192.168.139.0/24>
allow 192.168.140.0/24 <http://192.168.140.0/24>
allow 0.0.0.0/0 <http://0.0.0.0/0>
ntpsigndsocket /var/lib/samba/ntp_signd
confdir /etc/chrony/conf.d
Verifying rights to use signed socket:
root at dommaster:~# ls -ld /var/lib/samba/ntp_signd
drwxr-x--- 2 root _chrony 4096 8. Mai 07:26 /var/lib/samba/ntp_signd
Show chrony status, running:
service chrony status
● chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2024-06-17 16:06:43 CEST; 5s ago
Docs: man:chronyd(8)
man:chronyc(1)
man:chrony.conf(5)
Process: 926202 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0/SUCCESS)
Main PID: 926206 (chronyd)
Tasks: 2 (limit: 154241)
Memory: 1.2M
CPU: 35ms
CGroup: /system.slice/chrony.service
├─926206 /usr/sbin/chronyd -F 1
└─926207 /usr/sbin/chronyd -F 1
Jun 17 16:06:43 dommaster systemd[1]: Starting chrony, an NTP client/server...
Jun 17 16:06:43 dommaster chronyd[926206]: chronyd version 4.0 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND >
Jun 17 16:06:43 dommaster chronyd[926206]: Frequency 26.454 +/- 0.158 ppm read from /var/lib/chrony/chrony.drift
Jun 17 16:06:43 dommaster chronyd[926206]: MS-SNTP authentication enabled
Jun 17 16:06:43 dommaster chronyd[926206]: Loaded seccomp filter
Jun 17 16:06:43 dommaster systemd[1]: Started chrony, an NTP client/server.
tcpdump udp port 123
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
16:22:47.608803 IP pc2304.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120
16:22:53.692770 IP schulung6.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120
What we see on our Windows clients, without the right time is set:
w32tm /monitor
dommaster.tlk.loc *** PDC ***[192.168.135.206:123 <http://192.168.135.206:123> ]:
ICMP: 0ms Verzögerung
NTP: +0.0000000s Offset von dommaster.tlk.loc
RefID: time.convar.net <http://time.convar.net> [213.206.165.21]
Stratum: 3
dom2.tlk.loc[192.168.134.36:123 <http://192.168.134.36:123> ]:
ICMP: 0ms Verzögerung
NTP: +0.0216667s Offset von dommaster.tlk.loc
RefID: eth2-1201.fsn-lf-e02.productsup.int <http://eth2-1201.fsn-lf-e02.productsup.int> [185.252.140.126]
Stratum: 3
w32tm /query /source
Local CMOS Clock
w32tm /query /status
Sprungindikator: 3(nicht synchronisiert)
Stratum: 0 (nicht angegeben)
Präzision: -23 (119.209ns pro Tick)
Stammverzögerung: 0.0000000s
Stammabweichung: 0.0000000s
Referenz-ID: 0x00000000 (nicht angegeben)
Letzte erfolgr. Synchronisierungszeit: nicht angegeben
Quelle: Local CMOS Clock
Abrufintervall: 10 (1024s)
w32tm /query /configuration
[Konfiguration]
EventLogFlags: 2 (Lokal)
AnnounceFlags: 10 (Lokal)
TimeJumpAuditOffset: 28800 (Lokal)
MinPollInterval: 10 (Lokal)
MaxPollInterval: 15 (Lokal)
MaxNegPhaseCorrection: 4294967295 (Lokal)
MaxPosPhaseCorrection: 4294967295 (Lokal)
MaxAllowedPhaseOffset: 300 (Lokal)
FrequencyCorrectRate: 4 (Lokal)
PollAdjustFactor: 5 (Lokal)
LargePhaseOffset: 50000000 (Lokal)
SpikeWatchPeriod: 900 (Lokal)
LocalClockDispersion: 10 (Lokal)
HoldPeriod: 5 (Lokal)
PhaseCorrectRate: 1 (Lokal)
UpdateInterval: 30000 (Lokal)
FileLogName: (Lokal)
FileLogEntries: 0-300 (Lokal)
FileLogSize: 16777216 (Lokal)
[Zeitanbieter]
NtpClient (Lokal)
DllName: C:\windows\system32\w32time.dll (Lokal)
Enabled: 1 (Lokal)
InputProvider: 1 (Lokal)
CrossSiteSyncFlags: 2 (Lokal)
AllowNonstandardModeCombinations: 1 (Lokal)
ResolvePeerBackoffMinutes: 15 (Lokal)
ResolvePeerBackoffMaxTimes: 7 (Lokal)
CompatibilityFlags: 2147483648 (Lokal)
EventLogFlags: 1 (Lokal)
LargeSampleSkew: 3 (Lokal)
SpecialPollInterval: 3600 (Lokal)
Type: NT5DS (Lokal)
NtpServer (Lokal)
DllName: C:\windows\system32\w32time.dll (Lokal)
Enabled: 0 (Lokal)
InputProvider: 0 (Lokal)
C:\Users\administrator.TLK>w32tm /resync /nowait
Befehl zum erneuten Synchronisieren wird an den lokalen Computer gesendet.
Der Befehl wurde erfolgreich ausgeführt.
C:\Users\administrator.TLK>w32tm /query /status
Sprungindikator: 3(nicht synchronisiert)
Stratum: 0 (nicht angegeben)
Präzision: -23 (119.209ns pro Tick)
Stammverzögerung: 0.0000000s
Stammabweichung: 0.0000000s
Referenz-ID: 0x00000000 (nicht angegeben)
Letzte erfolgr. Synchronisierungszeit: nicht angegeben
Quelle: Local CMOS Clock
Abrufintervall: 10 (1024s)
The log File on a windows 10 pc:
154665 13:43:18.8148252s - Computed Secure Time:
154665 13:46:30.4880028s - ---------- Log File Opened -----------------
154665 13:46:30.4882081s - Initializing Data IO
154665 13:46:30.4884036s - Initializing compute
154665 13:46:30.4884672s - Successfully opened handles to VM Generation counters
154665 13:46:30.4884807s - Failed to read vm genId counter. error: 0x00000006n
154665 13:46:30.4884898s - Secure Time Aggregation initialization complete
154665 13:46:30.5122261s - Computed Secure Time:
154665 13:46:30.6142804s - Computed Secure Time:
154665 13:46:30.6202869s - Computed Secure Time:
154665 13:46:30.8519384s - Computed Secure Time:
154665 13:46:32.0122878s - Computed Secure Time:
154665 13:51:32.0040470s - Computed Secure Time:
Greetings
Daniel
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list