[Samba] Time synchronization problem. Chrony, ntp
Jeffrey Walton
noloader at gmail.com
Mon Jan 20 14:38:50 UTC 2025
On Sat, Jan 18, 2025 at 3:49 AM Programnet via samba
<samba at lists.samba.org> wrote:
>
> I noticed a problem with time synchronization on all Windows endpoints.
> I am using Samba 4.21.3 and Chrony 4.3-2.
>
> When I run the following command in Windows:
>
> w32tm /monitor
> dc1.xxxx.pl *** PDC ***[192.168.45.10:123]:
> ICMP: 1ms delay
> NTP: +0.0000000s offset from dc1.xxxx.pl
> RefID: time.cloudflare.com [162.159.200.123]
> Stratum: 4
> dc2.xxxx.pl[192.168.45.9:123]:
> ICMP: 1ms delay
> NTP: -0.0001207s offset from dc1.xxxx.pl
> RefID: ntp1.orange.pl [80.50.102.114]
> Stratum: 2
>
> Warning:
> Reverse name resolution is best effort. It may not be
> correct since RefID field in time packets differs across
> NTP implementations and may not be using IP addresses.
>
> But when I run:
>
> w32tm /resync
> Sending resync command to local computer
> The computer did not resync because no time data was available.
>
> When I check on the DC servers with the |tcpdump| program, there is an
> incoming packet, but no outgoing packet.
>
> I am sure this worked previously. It likely stopped working after
> upgrading to Samba version 4.21.1.
>
> I configured Chrony based on the example:
> https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html
> <https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html>
Based on my [old, dated] experience as a Windows System
Administrator... Windows clients have chronic problems keeping time in
an AD domain environment. I gave up trying to get Windows clients to
use domain controllers for time.
Instead, I installed a 3rd party NTP client on each Windows
workstation, and had the 3rd party NTP client handle time
synchronization. The NTP client ran as a system service and updated
time every 4 hours so drift was trivial. The NTP clients I used would
sync with NIST time servers, and not domain controllers.
I do not know if there are 3rd party NTP clients that can use Samba
domain controllers as a time source modulo the security requirements.
If there are, you might try one. If there are not, then you might try
a plain NTP client synching with NIST time servers. (Of course, use
whatever time service you like besides NIST).
Things may have changed since I was doing Windows SysAdmin work. But
based on this thread, it sounds like not much has changed.
Jeff
More information about the samba
mailing list