Jonathan Salomon
2004-Oct-13 10:28 UTC
[Samba] time server directive and synchronizing Win XP clients
Hi all! I have configured a Samba PDC (3.0.7) on a Fedora Core 2 machine with LDAP authentication (conform http://samba.idealx.org/smbldap-howto.en.html). I have about 180 Windows XP Pro clients using this PDC to log onto the domain, which works great! However I seem to have trouble synchronizing the time on the clients to the time on the server. The users (in group Domain Users) do not have permissions to change the time on the clients and therefore 'net time /set /yes' in the netlogon will result in an error, as will 'w32tm /sync'. According to an earlier post to this list I found on Google (http://groups.google.com/groups?q=+pdc+samba+%22time+server+%22&hl=en&lr=&as_drrb=b&as_mind=1&as_minm=1&as_miny=2004&as_maxd=13&as_maxm=10&as_maxy=2004&selm=1Fo2I-86r-5%40gated-at.bofh.it&rnum=1) if the Win XP Pro clients are part of the domain (like in my case) they should automatically synch the time with the PDC if it runs a NTP service. This is exactly what I want, because in my opinion the time sych is something that is related to domain membership and not to domain logins (as with 'net time'). I have tried enabling an NTP service on the PDC and setting 'time server =yes' in smb.conf, but unfortunately the time on the clients still doesn't work. What am I missing here and could someone confirm behaviour described in above mentioned posting? If this is not the the is there another way to achieve what I want? I'd rather not manually grant Domain Users time setting priviledges on 180 clients. Thanks a lot! Jonathan
Gémes Géza
2004-Oct-13 11:40 UTC
[Samba] time server directive and synchronizing Win XP clients
Jonathan Salomon ?rta:>Hi all! > >I have configured a Samba PDC (3.0.7) on a Fedora Core 2 machine with LDAP >authentication (conform http://samba.idealx.org/smbldap-howto.en.html). I >have about 180 Windows XP Pro clients using this PDC to log onto the >domain, which works great! > >However I seem to have trouble synchronizing the time on the clients to >the time on the server. The users (in group Domain Users) do not have >permissions to change the time on the clients and therefore 'net time /set >/yes' in the netlogon will result in an error, as will 'w32tm /sync'. > >According to an earlier post to this list I found on Google >(http://groups.google.com/groups?q=+pdc+samba+%22time+server+%22&hl=en&lr=&as_drrb=b&as_mind=1&as_minm=1&as_miny=2004&as_maxd=13&as_maxm=10&as_maxy=2004&selm=1Fo2I-86r-5%40gated-at.bofh.it&rnum=1) >if the Win XP Pro clients are part of the domain (like in my case) they >should automatically synch the time with the PDC if it runs a NTP service. >This is exactly what I want, because in my opinion the time sych is >something that is related to domain membership and not to domain logins >(as with 'net time'). I have tried enabling an NTP service on the PDC and >setting 'time server =yes' in smb.conf, but unfortunately the time on the >clients still doesn't work. > >What am I missing here and could someone confirm behaviour described in >above mentioned posting? If this is not the the is there another way to >achieve what I want? I'd rather not manually grant Domain Users time >setting priviledges on 180 clients. > >Thanks a lot! >Jonathan > >This is true for an AD domain. But for an NT4 domain such as a Samba controled one is you have to "set" the time server for each of your workstations to the ip adress (or with a working DNS the ip name) of your NTP server. This way your XP machines would sync time automaticaly, and you wouldn't need time server =yes and net time //PDC /set /yes in logon script (only usefull for Windows 9x, or the quite strange case of all of your users beeing domain administrators). To set the timeserver on the XP machines we use the domain policy, with an adm file (attached) made by Andrew Bartlett. Good Luck! -------------- next part -------------- CLASS MACHINE CATEGORY !!Time POLICY !!NTPServer KEYNAME SYSTEM\CurrentControlSet\Services\W32Time\Parameters PART !!NTP_SERVER EDITTEXT VALUENAME "NtpServer" END PART PART !!SERVERTYPE EDITTEXT VALUENAME "type" END PART END POLICY END CATEGORY ; Time [Strings] Time="Time Servers" NTPServer="NTP Server" NTP_SERVER="NTP Server address" SERVERTYPE="Server Type (ntp)"
Andrew Bartlett
2004-Oct-14 10:18 UTC
[Samba] time server directive and synchronizing Win XP clients
On Wed, 2004-10-13 at 21:39, G?mes G?za wrote:> Jonathan Salomon ?rta:> To set the timeserver > on the XP machines we use the domain policy, with an adm file (attached) > made by Andrew Bartlett.Glad to see my ADM files are still doing the rounds :-) Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20041014/f68d547b/attachment.bin