[Samba] Time sync issue
Peter Milesson
miles at atmos.eu
Mon Mar 10 17:51:48 UTC 2025
On 10.03.2025 18:13, Peter Milesson via samba wrote:
>
>
> On 10.03.2025 17:51, Stefan G. Weichinger via samba wrote:
>> Am 10.03.25 um 17:43 schrieb Rowland Penny via samba:
>>
>>> The only NTP servers that were thought to work with Samba AD were ntp &
>>> chrony, now I not so sure, but I believe that the ntp replacement,
>>> ntpsec, has now been fixed, not sure if chrony works or not.
>>>
>>> I cannot recommend continuing to use openntpd, purely and simply
>>> because, as far as I am aware, it doesn't have the code to 'speak' to
>>> Samba AD.
>>
>> In the meantime I already rolled out chrony, yes.
>>
>> Using my debops/ansible setup that was done in minutes ... now I wait
>> for the happy feedback ;-)
>>
>> Thanks!
>>
>>
> Hi Stefan,
>
> I can confirm that setting
>
> HKLM\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient/SignatureAuthAllowed
>
>
> to 0 is working. You don't need any more complex GPOs than that. I
> have tried it with Windows 7, Windows 10 and Windows 11.
>
> On the flip side, the clients will synchronize with the DCs, the
> drawback is naturally, without the security features. Any other method
> previously described, where time data is supplied by external servers,
> is a last resort option.
>
> Best regards,
>
> Peter
>
>
Hi folks,
Just a note:
If you set this registry entry, you must restart the service w32time.
After that, it will take a some time before the first sync, probably not
more than half a minute. If you set the registry entry by GPO, a reboot
of the Windows PC will be necessary.
Best regards,
Peter
More information about the samba
mailing list