[Samba] Time synchronization problem. Chrony, ntp
Rowland Penny
rpenny at samba.org
Sat Jan 18 15:59:32 UTC 2025
On Sat, 18 Jan 2025 07:26:26 -0800
James Browning via samba <samba at lists.samba.org> wrote:
> On Saturday, January 18, 2025 4:36:59 AM Pacific Standard Time miguel
> medalha via samba wrote:
> > I have the exact same problem with my Windows clients. Many of
> > their clocks are drifting and I can't find a solution. I have a GPO
> > according to the Samba Wiki page, but it doesn't work, apparently.
> > > Running 'w32tm /query /status' still showed the 'local' clock as
> > > time source, so: w32tm /resync
> > > To force a sync from the pdc_emulator
> >
> > I am not that lucky:
> >
> > w32tm /resync
> > Sending resync command to local computer
> > The computer did not resync because no time data was available
> >
> > But:
> >
> > w32tm /query /peers /verbose
> > #Peers: 1
> > Peer: DC-2.mydomain.com
> > State: Active
> > Time Remaining: 26.6768908s
> > Mode: 3 (Client)
> > Stratum: 0 (unspecified)
> > PeerPoll Interval: 0 (unspecified)
> > HostPoll Interval: 6 (64s)
> > Last Successful Sync Time: (null)
> > LastSyncError: 0x800705B4 (Esta operação foi devolvida porque o
> > tempo limite expirou. ) LastSyncErrorMsgId: 0x00000000 (Succeeded)
> > AuthTypeMsgId: 0x0000009B (NtSignature )
> > Resolve Attempts: 0
> > ValidDataCounter: 1
> > Reachability: 2
> >
> > w32tm /monitor
> > DC-2.mydomain.com[xxx.xxx.xxx.8:123]:
> > ICMP: 0ms delay
> > NTP: +0.0003020s offset from DC-1.mydomain.com
> > RefID: ntp04x.oal.ul.pt [194.117.9.136]
> > Stratum: 3
> > DC-1.mydomain.com *** PDC ***[ xxx.xxx.xxx.2:123]:
> > ICMP: 0ms delay
> > NTP: +0.0000000s offset from DC-1.mydomain.com
> > RefID: ntp04x.oal.ul.pt [194.117.9.136]
> > Stratum: 3
> >
> > w32tm /query /status
> > Leap Indicator: 3(not synchronized)
> > Stratum: 0 (unspecified)
> > Precision: -23 (119.209ns per tick)
> > Root Delay: 0.0000000s
> > Root Dispersion: 0.0000000s
> > ReferenceId: 0x00000000 (unspecified)
> > Last Successful Sync Time: unspecified
> > Source: Local CMOS Clock
> > Poll Interval: 6 (64s)
> >
> > So, no deal.
>
> It looks like one of five things. I would probably check the follow
> mostly non- CIFSish thing on DC-1.mydomain.com and DC-2.mydomain.com
>
> - Is the firewall not allowing NTP traffic through?
> - Is the NTP server (usually chrony/NTPsec/NTPd) running?
> - Is the NTP server configured correctly?
> - Is there an issue with samba (signd process not running)?
> - Is MS-Windows just being a pain in the butt?
>
> -30-
>
>
>
In my case, the answers to those questions are:
There is no firewall.
Yes
Yes
No
Oh most definitely
I have found a pdf here:
https://ftp.jadefalconllc.com/sharing/1.%20Domain%20Controllers%20-%2020200704.pdf
Which suggests setting the GPO up a bit differently to the Samba wiki,
anyone care to try it and get back to us ?
Rowland
More information about the samba
mailing list