On 09/08/2023 09:46, Peter Milesson via samba wrote:>> > Thanks for the link Rowland. But there is an ambiguity. Below the > diagram, there is stated that "all other workstations get their time > from any DC".? In the next sentence there is "Windows clients get their > time from the PDC emulator DC". In my case, the Windows 10 client does > not get the time from the DC with the PDC emulator role, which also > contradicts the second statement. > > Best regards, > > Peter > >Thanks for pointing that out, I have rewritten it. Basically a client will ask any DC for the current time and it will return what it thinks is the time. All DCs get their time from the DC that holds the PDC_Emulator FSMO role, which gets its time from an external source. Rowland
Michael Tokarev
2023-Aug-09 09:13 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
09.08.2023 12:05, Rowland Penny via samba wrote:> ... All DCs get their time from the DC that holds > the PDC_Emulator FSMO role...What do you mean by that? Are you saying that if I run a samba AD-DC, samba will mess with system time? There are so many questions here... We already run ntp on all linux machines, including the ones where samba ad-dc is running. Does samba mess with system time? Can't other (not holding PDC_Emulator role) DCs just use the system time? What if the PDC_Emulator DC is not available or is on a remote site? This sounds.. wrong. /mjt
Peter Milesson
2023-Aug-09 09:14 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
On 09.08.2023 11:05, Rowland Penny via samba wrote:> > > On 09/08/2023 09:46, Peter Milesson via samba wrote: >>> >> Thanks for the link Rowland. But there is an ambiguity. Below the >> diagram, there is stated that "all other workstations get their time >> from any DC".? In the next sentence there is "Windows clients get >> their time from the PDC emulator DC". In my case, the Windows 10 >> client does not get the time from the DC with the PDC emulator role, >> which also contradicts the second statement. >> >> Best regards, >> >> Peter >> >> > > Thanks for pointing that out, I have rewritten it. > Basically a client will ask any DC for the current time and it will > return what it thinks is the time. All DCs get their time from the DC > that holds the PDC_Emulator FSMO role, which gets its time from an > external source. > > Rowland >Hi Rowland, Thanks for the clarification. Now it makes sense. Having one single point of failure in the DC having the PDC emulator FSMO role, is of course not a good design. Like a Windows 10 client sending time requests using a Windows 2000 protocol. But that's what we have got to live with... Best regards, Peter
Luis Peromarta
2023-Aug-09 15:15 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
From https://wiki.samba.org/index.php/Time_Synchronisation "As a workaround for this, set the same external time servers on all DC's, then if the PDC emulator goes offline and cannot easily be restarted, transfer or seize the PDC emulator role to another DC." I have all DCs configured with chrony to get time from external time servers, all with identical chrony config. Is this the right way to do it then ? On 9 Aug 2023 at 11:05 +0200, samba at lists.samba.org, wrote:> > All DCs get their time from the DC > that holds the PDC_Emulator FSMO role, which gets its time from an > external source.