On Sat Jan 6 03:34:43 2024 Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Fri, 5 Jan 2024 23:53:52 +0000 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > You think ntp works with samba but it doesn?t. > > Sorry, but 'ntp' does work, it is the rewrite for more security > 'ntpsec' that doesn't seem to work. > > > > > You *must* use chrony. It will take you exactly 5 minutes to get it > > up and running. > > Chrony does seem to work, I just hope they do not follow ntpsec down > the same path. > > The other thing that you have to know, Mark Foley is using Slackware, > > RowlandIn this case, I think Slackware is not a factor. For one thing, I downloaded the ntp 4.2.8p17 source and built it using --enable-ntp-signd; not the as-shipped Slackware version. Also, I've used ntp 4.2.8p15 for several years, also with --enable-ntp-signd, on my current Slackware DC and all Windows domain members were able to use it as the time source. As well, the fact that I am getting "Local CMOS Clock" when I do 'w32tm /query /source' on the Windows box certainly has nothing to do with either Slackware or ntpd. I have deleted the GPO for "Time Sources", but Windows still says my time settings are controlled by the DC and I still get "Local CMOS Clock". So, my next step is to post an issue to Microsoft to see how I can get my time source reset to "default" which, if everyone on this thread is correct, should resolve to my DC without me having to do anything special. I'll post back what I find. --Mark
Rowland Penny
2024-Jan-06 18:24 UTC
[Samba] Joining Windows 10 Domain Member to Samba AD/DC
On Sat, 06 Jan 2024 13:06:48 -0500 Mark Foley via samba <samba at lists.samba.org> wrote:> On Sat Jan 6 03:34:43 2024 Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > > On Fri, 5 Jan 2024 23:53:52 +0000 > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > > > You think ntp works with samba but it doesn?t. > > > > Sorry, but 'ntp' does work, it is the rewrite for more security > > 'ntpsec' that doesn't seem to work. > > > > > > > > You *must* use chrony. It will take you exactly 5 minutes to get > > > it up and running. > > > > Chrony does seem to work, I just hope they do not follow ntpsec down > > the same path. > > > > The other thing that you have to know, Mark Foley is using > > Slackware, > > > > Rowland > > In this case, I think Slackware is not a factor. For one thing, I > downloaded the ntp 4.2.8p17 source and built it using > --enable-ntp-signd; not the as-shipped Slackware version. >I was trying to point out that your version of 'ntp' might be okay because it came from Slackware (which seemingly it doesn't). The problem with 'ntp' became apparent on Debian 12, where the 'ntp' package was replaced by the 'ntpsec' package, where 'ntpsec' appears to be a rewrite of 'ntp' to provide more security. The only problem is that the connection between Samba and ntp was secure and 'ntpsec' seems to have broken this and cannot seem to fix it (my understanding, which may be wrong, is that they haven't a clue how it worked between 'ntp' and 'Samba', so they do not really know what, if anything, they removed.). My understanding is that if you are using 'ntp' (and not ntpsec), then it should still work. Rowland