On 6/24/2023 5:23 PM, Andrey Repin wrote:> Hello Marco Shmerykowsky PE, > > Friday, June 23, 2023, 6:32:38 PM, you wrote: > >> I just realized that some of my Windows 10 clients do >> not appear to be syncing the time correctly. > >> I setup NTP to run on my Netgate PFSense server. It is >> using pfsense.pool.ntp.org Time Servers. I configured NTP >> on my Samba servers to point to back to the PFSense Server. > >> NTP on the samba servers have the following ntp.conf files: > >> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help > >> driftfile /var/lib/ntp/ntp.drift > >> statistics loopstats peerstats clockstats >> filegen loopstats file loopstats type day enable >> filegen peerstats file peerstats type day enable >> filegen clockstats file clockstats type day enable > >> server PFSENSE-SERVER iburst > > Write full DNS name here for clarity, or use IP address if name resolution > could fail. > >> restrict -4 default kod notrap nomodify nopeer noquery limited >> restrict -6 default kod notrap nomodify nopeer noquery limited > >> restrict 127.0.0.1 >> restrict ::1 > >> restrict source notrap nomodify noquery > >> Should this be working? If not what should I be correcting? > > For win10 clients, reset and restart w32tm service. > > w32tm /unregister > w32tm /register > w32tm /config ... > >The ip address is specified in the config files. I just "redacted" it for the post. The win32tm commands above didn't change anything. The client computers that are not syncing report "Local CMOS Clock" in response to the command "w32tm /query /source". The machines where the clock is syncing report: ip_address_of_NTP_Server,0x9 Another point. The Samba wiki notes to set ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ in the ntp.conf file. I don't have that line in the config files, but 'netstat -xpln|grep signd' des return something: unix 2 [ ACC ] STREAM LISTENING 106800290 32101/samba: task[n /var/lib/samba/ntp_signd/socket
On 26/06/2023 16:10, Marco Shmerykowsky PE via samba wrote:> On 6/24/2023 5:23 PM, Andrey Repin wrote: >> Hello Marco Shmerykowsky PE, >> >> Friday, June 23, 2023, 6:32:38 PM, you wrote: >> >>> I just realized that some of my Windows 10 clients do >>> not appear to be syncing the time correctly. >> >>> I setup NTP to run on my Netgate PFSense server.? It is >>> using pfsense.pool.ntp.org Time Servers.? I configured NTP >>> on my Samba servers to point to back to the PFSense Server. >> >>> NTP on the samba servers have the following ntp.conf files: >> >>> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help >> >>> driftfile /var/lib/ntp/ntp.drift >> >>> statistics loopstats peerstats clockstats >>> filegen loopstats file loopstats type day enable >>> filegen peerstats file peerstats type day enable >>> filegen clockstats file clockstats type day enable >> >>> server PFSENSE-SERVER iburst >> >> Write full DNS name here for clarity, or use IP address if name >> resolution >> could fail. >> >>> restrict -4 default kod notrap nomodify nopeer noquery limited >>> restrict -6 default kod notrap nomodify nopeer noquery limited >> >>> restrict 127.0.0.1 >>> restrict ::1 >> >>> restrict source notrap nomodify noquery >> >>> Should this be working? If not what should I be correcting? >> >> For win10 clients, reset and restart w32tm service. >> >> w32tm /unregister >> w32tm /register >> w32tm /config ... >> >> > > The ip address is specified in the config files. > I just "redacted" it for the post. > > The win32tm commands above didn't change anything.? The client computers > that are not syncing report "Local CMOS Clock" in response to the > command "w32tm /query /source".? The machines where the clock is > syncing report: > > ip_address_of_NTP_Server,0x9 > > Another point.? The Samba wiki notes to set > > ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ > > in the ntp.conf file.? I don't have that line in the config files, but > 'netstat -xpln|grep signd' des return something: > > unix? 2????? [ ACC ]???? STREAM???? LISTENING???? 106800290 32101/samba: > task[n? /var/lib/samba/ntp_signd/socket > >Your clients should be using a DC as their time server and the DC's could then use your netgate appliance. You might want to read this: https://wiki.samba.org/index.php/Time_Synchronisation Rowland
Hello Marco Shmerykowsky PE, Monday, June 26, 2023, 6:10:41 PM, you wrote:> On 6/24/2023 5:23 PM, Andrey Repin wrote: >> Hello Marco Shmerykowsky PE, >> > Friday, June 23, 2023, 6:32:38 PM, you wrote: >> >> I just realized that some of my Windows 10 clients do >>> not appear to be syncing the time correctly. >> >> I setup NTP to run on my Netgate PFSense server. It is >>> using pfsense.pool.ntp.org Time Servers. I configured NTP >>> on my Samba servers to point to back to the PFSense Server. >> >> NTP on the samba servers have the following ntp.conf files: >> >> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help >> >> driftfile /var/lib/ntp/ntp.drift >> >> statistics loopstats peerstats clockstats >>> filegen loopstats file loopstats type day enable >>> filegen peerstats file peerstats type day enable >>> filegen clockstats file clockstats type day enable >> >> server PFSENSE-SERVER iburst >> > Write full DNS name here for clarity, or use IP address if name resolution >> could fail. >> >> restrict -4 default kod notrap nomodify nopeer noquery limited >>> restrict -6 default kod notrap nomodify nopeer noquery limited >> >> restrict 127.0.0.1 >>> restrict ::1 >> >> restrict source notrap nomodify noquery >> >> Should this be working? If not what should I be correcting? >> > For win10 clients, reset and restart w32tm service. >> > w32tm /unregister >> w32tm /register >> w32tm /config ... >> > > The ip address is specified in the config files. > I just "redacted" it for the post.> The win32tm commands above didn't change anything. The client computers > that are not syncing report "Local CMOS Clock" in response to the > command "w32tm /query /source".That's what w32tm /config is there for. In my experience, using windows domain clock sync is not always the best idea. NTP is more reliable.> The machines where the clock is syncing report:> ip_address_of_NTP_Server,0x9You don't necessarily SHOULD sync clock with DC itself, but you MUST make sure both DC and clients get their time from authoritative source(s). -- Best regards, Andrey Repin