Rowland Penny
2024-Jan-06 18:24 UTC
[Samba] Joining Windows 10 Domain Member to Samba AD/DC
On Sat, 06 Jan 2024 13:06:48 -0500 Mark Foley via samba <samba at lists.samba.org> wrote:> On Sat Jan 6 03:34:43 2024 Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > > On Fri, 5 Jan 2024 23:53:52 +0000 > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > > > You think ntp works with samba but it doesn?t. > > > > Sorry, but 'ntp' does work, it is the rewrite for more security > > 'ntpsec' that doesn't seem to work. > > > > > > > > You *must* use chrony. It will take you exactly 5 minutes to get > > > it up and running. > > > > Chrony does seem to work, I just hope they do not follow ntpsec down > > the same path. > > > > The other thing that you have to know, Mark Foley is using > > Slackware, > > > > Rowland > > In this case, I think Slackware is not a factor. For one thing, I > downloaded the ntp 4.2.8p17 source and built it using > --enable-ntp-signd; not the as-shipped Slackware version. >I was trying to point out that your version of 'ntp' might be okay because it came from Slackware (which seemingly it doesn't). The problem with 'ntp' became apparent on Debian 12, where the 'ntp' package was replaced by the 'ntpsec' package, where 'ntpsec' appears to be a rewrite of 'ntp' to provide more security. The only problem is that the connection between Samba and ntp was secure and 'ntpsec' seems to have broken this and cannot seem to fix it (my understanding, which may be wrong, is that they haven't a clue how it worked between 'ntp' and 'Samba', so they do not really know what, if anything, they removed.). My understanding is that if you are using 'ntp' (and not ntpsec), then it should still work. Rowland
On Sat Jan 6 13:25:08 2024 Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sat, 06 Jan 2024 13:06:48 -0500 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > On Sat Jan 6 03:34:43 2024 Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > > > > On Fri, 5 Jan 2024 23:53:52 +0000 > > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > > > > > You think ntp works with samba but it doesn?t. > > > > > > Sorry, but 'ntp' does work, it is the rewrite for more security > > > 'ntpsec' that doesn't seem to work. > > > > > > > > > > > You *must* use chrony. It will take you exactly 5 minutes to get > > > > it up and running. > > > > > > Chrony does seem to work, I just hope they do not follow ntpsec down > > > the same path. > > > > > > The other thing that you have to know, Mark Foley is using > > > Slackware, > > > > > > Rowland > > > > In this case, I think Slackware is not a factor. For one thing, I > > downloaded the ntp 4.2.8p17 source and built it using > > --enable-ntp-signd; not the as-shipped Slackware version. > > > > I was trying to point out that your version of 'ntp' might be okay > because it came from Slackware (which seemingly it doesn't). The > problem with 'ntp' became apparent on Debian 12, where the 'ntp' > package was replaced by the 'ntpsec' package, where 'ntpsec' appears to > be a rewrite of 'ntp' to provide more security. The only problem is > that the connection between Samba and ntp was secure and 'ntpsec' seems > to have broken this and cannot seem to fix it (my understanding, which > may be wrong, is that they haven't a clue how it worked between 'ntp' > and 'Samba', so they do not really know what, if anything, they > removed.). > > My understanding is that if you are using 'ntp' (and not ntpsec), then > it should still work. > > RowlandRight, I've not heard of ntpsec and Slackware ships with ntpd 4.2.8p17. However, I cannot tell whether the as-shipped ntpd is build with --enable-ntp-signd, so I downloaded the sources and built it myself. But, I'll be sure to steer clear of ntpsec! --Mark