[Samba] Time sync issue
Peter Milesson
miles at atmos.eu
Thu Mar 6 16:25:13 UTC 2025
On 06.03.2025 17:05, Luis Peromarta via samba wrote:
> Hi Miguel.
>
> I can update the wiki (and my web page) if needs be. However , and I have tried a few times, I can not reproduce the problem and all my clientes sync up correctly without this key.
>
> Can you help me reproduce ?
> On 6 Mar 2025 at 16:02 +0000, miguel medalha via samba <samba at lists.samba.org>, wrote:
>>>>> And feedback from Chrony list was, that it seems, that Windows was
>>>>> using "extended MS-SNTP authenticator", that they think is not supported
>>>>> by samba... After registry change it used classic MS-SNTP authenticator
>>>>> requests.
>>> I confirm that your tip does work and effectively solves the issue of
>> secure NTP.
>>> HKLM\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient/
>> SignatureAuthAllowed
>>> Change from 1 to 0.
>>> After distributing this registry setting via GPO, the Windows clients are
>> synchronizing correctly.
>>
>> Can someone with the required access please update the Samba Wiki with this
>> information?
>>
>> https://wiki.samba.org/index.php/Time_Synchronisation
>>
>> This could prevent a lot of grief and head scratching to many sysadmins...
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
Hi folks,
For me, time sync does not work without setting this registry entry
since about Samba 4.17.something.
Setting the registry value does not solve the basic problem, however. If
the value is set to zero, the time sync is without signature. In small
to medium size settings, where the sysadmins have got personal knowledge
of every device, this is probably just annoying. In large to very large
installations, it is definitely a security issue, albeit not a serious one.
Just my buck...
Best regards,
Peter
More information about the samba
mailing list