[Samba] Time synchronization problem. Chrony, ntp

Rowland Penny rpenny at samba.org
Sun Jan 19 15:05:36 UTC 2025


On Sun, 19 Jan 2025 05:16:59 -0800
James Browning via samba <samba at lists.samba.org> wrote:


> 
> Being the child of Omelas, everyone will beat on and abuse it. To
> firmly set the record less crooked: The ntp_signd.c file never went
> away, it just got worked over and unplugged. 

I do not write 'C', so I had to rely on what the person who wrote the
code to connect ntp to Samba for signing said and they said the code
had been removed. Having said that, reworking and unplugging the code
isn't that much different.

> After I took a turn
> beating on it (adding error logging for the first time in forever), I
> asked for people to test it and got no reply. Oh, yeah, check the
> unenclosed git log or shut your keyboard about it.

I attempted to test it, but it couldn't get it to work for me (probably
definitely my fault) and told you so. I have no control over what
others do.

> 
> > Did Chrony ever support signed time ? Have we been mis-advised all
> > these years ?
> 
> Chrony added MS-SNTP support in 2016. There was one commit to the
> MS-SNTP code there back in April to change logging, and the change
> before that was in 2020.
> 
> ----
> ntp: log failed connection to Samba signd socket
> 
> Log an error message (in addition to the socket-specific debug
> message) when the connection to signd socket fails, but only once
> before a successful signd exchange to avoid flooding the system log.
> ----
> 
> Of course, nobody has the vertebrae to actually mention this to
> Miroslav.

I have since found the relevant github page:
https://github.com/mlichvar/chrony/blob/master/ntp_signd.c

What would you like me to tell Miroslav ?

> 
> > Does systemd-timesync support signing ? If not, should Samba be
> > advising its use ?
> 
> It's a cheap and easy client to keep your clocks synced up as long as
> you presumably do not care about microseconds.

Yes, it works as an ntp client, but presumably it has no concept of
MS-SNTP.

I am not pointing anything at anyone here, it just seems that Samba
doesn't match Windows when it comes to time in an AD domain.

Rowland




More information about the samba mailing list