[Samba] Time synchronization problem. Chrony, ntp

Rowland Penny rpenny at samba.org
Sat Jan 18 15:59:32 UTC 2025


On Sat, 18 Jan 2025 07:26:26 -0800
James Browning via samba <samba at lists.samba.org> wrote:

> On Saturday, January 18, 2025 4:36:59 AM Pacific Standard Time miguel
> medalha via samba wrote:
> > I have the exact same problem with my Windows clients. Many of
> > their clocks are drifting and I can't find a solution. I have a GPO
> > according to the Samba Wiki page, but it doesn't work, apparently.
> > > Running 'w32tm /query /status' still showed the 'local' clock as
> > > time source, so: w32tm /resync
> > > To force a sync from the pdc_emulator
> > 
> > I am not that lucky:
> > 
> > w32tm /resync
> > Sending resync command to local computer
> > The computer did not resync because no time data was available
> > 
> > But:
> > 
> > w32tm /query /peers /verbose
> > #Peers: 1
> > Peer: DC-2.mydomain.com
> > State: Active
> > Time Remaining: 26.6768908s
> > Mode: 3 (Client)
> > Stratum: 0 (unspecified)
> > PeerPoll Interval: 0 (unspecified)
> > HostPoll Interval: 6 (64s)
> > Last Successful Sync Time: (null)
> > LastSyncError: 0x800705B4 (Esta operação foi devolvida porque o
> > tempo limite expirou. ) LastSyncErrorMsgId: 0x00000000 (Succeeded)
> > AuthTypeMsgId: 0x0000009B (NtSignature )
> > Resolve Attempts: 0
> > ValidDataCounter: 1
> > Reachability: 2
> > 
> > w32tm /monitor
> > DC-2.mydomain.com[xxx.xxx.xxx.8:123]:
> >     ICMP: 0ms delay
> >     NTP: +0.0003020s offset from DC-1.mydomain.com
> >         RefID: ntp04x.oal.ul.pt [194.117.9.136]
> >         Stratum: 3
> > DC-1.mydomain.com *** PDC ***[ xxx.xxx.xxx.2:123]:
> >     ICMP: 0ms delay
> >     NTP: +0.0000000s offset from DC-1.mydomain.com
> >         RefID: ntp04x.oal.ul.pt [194.117.9.136]
> >         Stratum: 3
> > 
> > w32tm /query /status
> > Leap Indicator: 3(not synchronized)
> > Stratum: 0 (unspecified)
> > Precision: -23 (119.209ns per tick)
> > Root Delay: 0.0000000s
> > Root Dispersion: 0.0000000s
> > ReferenceId: 0x00000000 (unspecified)
> > Last Successful Sync Time: unspecified
> > Source: Local CMOS Clock
> > Poll Interval: 6 (64s)
> > 
> > So, no deal.
> 
> It looks like one of five things. I would probably check the follow
> mostly non- CIFSish thing on DC-1.mydomain.com and DC-2.mydomain.com
> 
> - Is the firewall not allowing NTP traffic through?
> - Is the NTP server (usually chrony/NTPsec/NTPd) running?
> - Is the  NTP server configured correctly?
> - Is there an issue with samba (signd process not running)?
> - Is MS-Windows just being a pain in the butt?
> 
> -30-
> 
> 
> 

In my case, the answers to those questions are:

There is no firewall.
Yes
Yes
No
Oh most definitely  

I have found a pdf here:

https://ftp.jadefalconllc.com/sharing/1.%20Domain%20Controllers%20-%2020200704.pdf

Which suggests setting the GPO up a bit differently to the Samba wiki,
anyone care to try it and get back to us ?

Rowland





More information about the samba mailing list