samba - Jan 2024 - Joining Windows 10 Domain Member to Samba AD/DC

On Sat Jan  6 03:34:43 2024 Rowland Penny via samba <samba at
lists.samba.org> wrote:
>
> On Fri, 5 Jan 2024 23:53:52 +0000
> Luis Peromarta via samba <samba at lists.samba.org> wrote:
>
> > You think ntp works with samba but it doesn?t.
>
> Sorry, but 'ntp' does work, it is the rewrite for more security
> 'ntpsec' that doesn't seem to work.
>
> > 
> > You *must* use chrony. It will take you exactly 5 minutes to get it
> > up and running. 
>
> Chrony does seem to work, I just hope they do not follow ntpsec down
> the same path.
>
> The other thing that you have to know, Mark Foley is using Slackware,
>
> Rowland
In this case, I think Slackware is not a factor. For one thing, I downloaded the
ntp 4.2.8p17 source and built it using --enable-ntp-signd; not the as-shipped
Slackware version.

Also, I've used ntp 4.2.8p15 for several years, also with
--enable-ntp-signd, on
my current Slackware DC and all Windows domain members were able to use it as
the time source.

As well, the fact that I am getting "Local CMOS Clock" when I do
'w32tm /query
/source' on the Windows box certainly has nothing to do with either
Slackware or
ntpd.  I have deleted the GPO for "Time Sources", but Windows still
says my time
settings are controlled by the DC and I still get "Local CMOS Clock". 

So, my next step is to post an issue to Microsoft to see how I can get my time
source reset to "default" which, if everyone on this thread is
correct, should
resolve to my DC without me having to do anything special.

I'll post back what I find.

--Mark

On Sat, 06 Jan 2024 13:06:48 -0500
Mark Foley via samba <samba at lists.samba.org> wrote:
> On Sat Jan  6 03:34:43 2024 Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> >
> > On Fri, 5 Jan 2024 23:53:52 +0000
> > Luis Peromarta via samba <samba at lists.samba.org> wrote:
> >
> > > You think ntp works with samba but it doesn?t.
> >
> > Sorry, but 'ntp' does work, it is the rewrite for more
security
> > 'ntpsec' that doesn't seem to work.
> >
> > > 
> > > You *must* use chrony. It will take you exactly 5 minutes to get
> > > it up and running. 
> >
> > Chrony does seem to work, I just hope they do not follow ntpsec down
> > the same path.
> >
> > The other thing that you have to know, Mark Foley is using
> > Slackware,
> >
> > Rowland
> 
> In this case, I think Slackware is not a factor. For one thing, I
> downloaded the ntp 4.2.8p17 source and built it using
> --enable-ntp-signd; not the as-shipped Slackware version.
> 
I was trying to point out that your version of 'ntp' might be okay
because it came from Slackware (which seemingly it doesn't). The
problem with 'ntp' became apparent on Debian 12, where the 'ntp'
package was replaced by the 'ntpsec' package, where 'ntpsec'
appears to
be a rewrite of 'ntp' to provide more security. The only problem is
that the connection between Samba and ntp was secure and 'ntpsec' seems
to have broken this and cannot seem to fix it (my understanding, which
may be wrong, is that they haven't a clue how it worked between
'ntp'
and 'Samba', so they do not really know what, if anything, they
removed.).

My understanding is that if you are using 'ntp' (and not ntpsec), then
it should still work.

Rowland