[Samba] Time synchronization problem. Chrony, ntp
Kees van Vloten
keesvanvloten at gmail.com
Mon Jan 20 15:09:29 UTC 2025
Op 20-01-2025 om 16:06 schreef Rowland Penny via samba:
> On Mon, 20 Jan 2025 09:38:50 -0500
> Jeffrey Walton via samba <samba at lists.samba.org> wrote:
>
>> On Sat, Jan 18, 2025 at 3:49 AM Programnet via samba
>> <samba at lists.samba.org> wrote:
>>> I noticed a problem with time synchronization on all Windows
>>> endpoints. I am using Samba 4.21.3 and Chrony 4.3-2.
>>>
>>> When I run the following command in Windows:
>>>
>>> w32tm /monitor
>>> dc1.xxxx.pl *** PDC ***[192.168.45.10:123]:
>>> ICMP: 1ms delay
>>> NTP: +0.0000000s offset from dc1.xxxx.pl
>>> RefID: time.cloudflare.com [162.159.200.123]
>>> Stratum: 4
>>> dc2.xxxx.pl[192.168.45.9:123]:
>>> ICMP: 1ms delay
>>> NTP: -0.0001207s offset from dc1.xxxx.pl
>>> RefID: ntp1.orange.pl [80.50.102.114]
>>> Stratum: 2
>>>
>>> Warning:
>>> Reverse name resolution is best effort. It may not be
>>> correct since RefID field in time packets differs across
>>> NTP implementations and may not be using IP addresses.
>>>
>>> But when I run:
>>>
>>> w32tm /resync
>>> Sending resync command to local computer
>>> The computer did not resync because no time data was available.
>>>
>>> When I check on the DC servers with the |tcpdump| program, there is
>>> an incoming packet, but no outgoing packet.
>>>
>>> I am sure this worked previously. It likely stopped working after
>>> upgrading to Samba version 4.21.1.
>>>
>>> I configured Chrony based on the example:
>>> https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html
>>> <https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html>
>> Based on my [old, dated] experience as a Windows System
>> Administrator... Windows clients have chronic problems keeping time in
>> an AD domain environment. I gave up trying to get Windows clients to
>> use domain controllers for time.
>>
>> Instead, I installed a 3rd party NTP client on each Windows
>> workstation, and had the 3rd party NTP client handle time
>> synchronization. The NTP client ran as a system service and updated
>> time every 4 hours so drift was trivial. The NTP clients I used would
>> sync with NIST time servers, and not domain controllers.
>>
>> I do not know if there are 3rd party NTP clients that can use Samba
>> domain controllers as a time source modulo the security requirements.
>> If there are, you might try one. If there are not, then you might try
>> a plain NTP client synching with NIST time servers. (Of course, use
>> whatever time service you like besides NIST).
>>
>> Things may have changed since I was doing Windows SysAdmin work. But
>> based on this thread, it sounds like not much has changed.
>>
>> Jeff
>>
> If you use plain NTP, then time synchronisation works, it is when you
> try to use MS-SNTP it doesn't, but it used to. with ntp it used to
> work, with ntpsec it never worked, but is supposed to be now fixed, but
> not a current version of Debian. Chrony is supposed to work, but
> apparently nobody has it working. I cannot even setup a GPO to test
> chrony, so all in all, it is a bit of mess at present.
You don't need the GPO, it is just another way to apply a registry
setting. Perhaps it is easier for your test to put it in the registry
directly.
- Kees,
>
> Rowland
>
>
More information about the samba
mailing list