[Samba] Time sync issue
Peter Milesson
miles at atmos.eu
Mon Mar 10 17:13:12 UTC 2025
On 10.03.2025 17:51, Stefan G. Weichinger via samba wrote:
> Am 10.03.25 um 17:43 schrieb Rowland Penny via samba:
>
>> The only NTP servers that were thought to work with Samba AD were ntp &
>> chrony, now I not so sure, but I believe that the ntp replacement,
>> ntpsec, has now been fixed, not sure if chrony works or not.
>>
>> I cannot recommend continuing to use openntpd, purely and simply
>> because, as far as I am aware, it doesn't have the code to 'speak' to
>> Samba AD.
>
> In the meantime I already rolled out chrony, yes.
>
> Using my debops/ansible setup that was done in minutes ... now I wait
> for the happy feedback ;-)
>
> Thanks!
>
>
Hi Stefan,
I can confirm that setting
HKLM\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient/SignatureAuthAllowed
to 0 is working. You don't need any more complex GPOs than that. I have
tried it with Windows 7, Windows 10 and Windows 11.
On the flip side, the clients will synchronize with the DCs, the
drawback is naturally, without the security features. Any other method
previously described, where time data is supplied by external servers,
is a last resort option.
Best regards,
Peter
More information about the samba
mailing list