[Samba] Time synchronization problem. Chrony, ntp
Rowland Penny
rpenny at samba.org
Mon Jan 20 15:06:03 UTC 2025
On Mon, 20 Jan 2025 09:38:50 -0500
Jeffrey Walton via samba <samba at lists.samba.org> wrote:
> On Sat, Jan 18, 2025 at 3:49 AM Programnet via samba
> <samba at lists.samba.org> wrote:
> >
> > I noticed a problem with time synchronization on all Windows
> > endpoints. I am using Samba 4.21.3 and Chrony 4.3-2.
> >
> > When I run the following command in Windows:
> >
> > w32tm /monitor
> > dc1.xxxx.pl *** PDC ***[192.168.45.10:123]:
> > ICMP: 1ms delay
> > NTP: +0.0000000s offset from dc1.xxxx.pl
> > RefID: time.cloudflare.com [162.159.200.123]
> > Stratum: 4
> > dc2.xxxx.pl[192.168.45.9:123]:
> > ICMP: 1ms delay
> > NTP: -0.0001207s offset from dc1.xxxx.pl
> > RefID: ntp1.orange.pl [80.50.102.114]
> > Stratum: 2
> >
> > Warning:
> > Reverse name resolution is best effort. It may not be
> > correct since RefID field in time packets differs across
> > NTP implementations and may not be using IP addresses.
> >
> > But when I run:
> >
> > w32tm /resync
> > Sending resync command to local computer
> > The computer did not resync because no time data was available.
> >
> > When I check on the DC servers with the |tcpdump| program, there is
> > an incoming packet, but no outgoing packet.
> >
> > I am sure this worked previously. It likely stopped working after
> > upgrading to Samba version 4.21.1.
> >
> > I configured Chrony based on the example:
> > https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html
> > <https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html>
>
> Based on my [old, dated] experience as a Windows System
> Administrator... Windows clients have chronic problems keeping time in
> an AD domain environment. I gave up trying to get Windows clients to
> use domain controllers for time.
>
> Instead, I installed a 3rd party NTP client on each Windows
> workstation, and had the 3rd party NTP client handle time
> synchronization. The NTP client ran as a system service and updated
> time every 4 hours so drift was trivial. The NTP clients I used would
> sync with NIST time servers, and not domain controllers.
>
> I do not know if there are 3rd party NTP clients that can use Samba
> domain controllers as a time source modulo the security requirements.
> If there are, you might try one. If there are not, then you might try
> a plain NTP client synching with NIST time servers. (Of course, use
> whatever time service you like besides NIST).
>
> Things may have changed since I was doing Windows SysAdmin work. But
> based on this thread, it sounds like not much has changed.
>
> Jeff
>
If you use plain NTP, then time synchronisation works, it is when you
try to use MS-SNTP it doesn't, but it used to. with ntp it used to
work, with ntpsec it never worked, but is supposed to be now fixed, but
not a current version of Debian. Chrony is supposed to work, but
apparently nobody has it working. I cannot even setup a GPO to test
chrony, so all in all, it is a bit of mess at present.
Rowland
More information about the samba
mailing list