?icro MEGAS
2013-Apr-09 15:01 UTC
[Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)
Hi all,
I am using Samba 4.0.4 as AD DC on my test environment and realized that all my
W2k clients (default installation, no special setups made on the clients) cannot
receive the correct time of my samba 4.0.4 AD domain controller. Windows XP and
7 work fine though. The problem occurs at three W2k test clients I tried with.
The default behavior of Windows clients is to use the update type
"Nt5DS" which means, that the client tries to get the time of its
domain controller. Unfortunately this fails for my W2k clients in conjunction
with Samba 4.0.4 and also an error in event log appears, that says that the time
couldnt be retrieved of my samba4 server "mysmb4srv.ad.mycompany.com".
As soon as I execute on win2000 clients cmd prompt "net time
/setsntp:mysmb4srv.ad.mycompany.com" it works. This command causes the
registry entries under HKLM\System\Current Control
Set\Services\W32Time\Parameters to change the default behavior from type=Nt5DS
to type=NTP and adds a line NTP server=mysmb4srv.ad.mycompany.com". With
this setting the time sync works fine as soon as I restart the Windows Time
Service. I have logged the received ntp packets at samba4's side:
Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server
which is installed
and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the
"Nt5DS" discovery mode
on win2000 clients doesnt interact fine with samba4 ??? Here are the
"tcpdump -vv udp port 123" logs
Win2000 Client, set to default behavior (type=Nt5DS) 1st run:
------------------------------------------------------------------------------------
08:46:21.067456 IP (tos 0x0, ttl 128, id 4794, offset 0, flags [none], proto UDP
(17), length 76)
smb4testw2k.dhcp.mycompany.com.1856 > r4dv3ld002.mycompany.com.ntp:
[udp sum ok] NTPv2, length 48
Client, Leap indicator: (0), Stratum 0 (unspecified), poll 11s, precision 0
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
Reference Timestamp: 0.000000000
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3574467978.435999989 (2013/04/09 05:46:18)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3574467978.435999989 (2013/04/09 05:46:18)
08:46:21.067659 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 76)
r4dv3ld002.mycompany.com.ntp > smb4testw2k.dhcp.mycompany.com.1856:
[bad udp cksum 9981!] NTPv2, length 48
Server, Leap indicator: (0), Stratum 11 (secondary reference), poll 11s
, precision -18
Root Delay: 0.000000, Root dispersion: 0.011169, Reference-ID: 127.127.1
.0
Reference Timestamp: 3574478764.256589680 (2013/04/09 08:46:04)
Originator Timestamp: 3574467978.435999989 (2013/04/09 05:46:18)
Receive Timestamp: 3574478781.067456305 (2013/04/09 08:46:21)
Transmit Timestamp: 3574478781.067631855 (2013/04/09 08:46:21)
Originator - Receive Timestamp: +10802.631456315
Originator - Transmit Timestamp: +10802.631631851
Win2000 Client, set to default behavior (type=Nt5DS) 2nd run (to have one more
log):
------------------------------------------------------------------------------------
08:56:24.490199 IP (tos 0x0, ttl 128, id 4847, offset 0, flags [none], proto UDP
(17), length 76)
smb4testw2k.dhcp.mycompany.com.msnp > r4dv3ld002.mycompany.com.ntp:
[udp sum ok] NTPv2, length 48
Client, Leap indicator: (0), Stratum 0 (unspecified), poll 11s, precisi
on 0
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
Reference Timestamp: 0.000000000
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3574468581.232999995 (2013/04/09 05:56:21)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3574468581.232999995 (2013/04/09 05
:56:21)
08:56:24.490414 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17)
, length 76)
r4dv3ld002.mycompany.com.ntp > smb4testw2k.dhcp.mycompany.com.msnp:
[bad udp cksum bd60!] NTPv2, length 48
Server, Leap indicator: (0), Stratum 11 (secondary reference), poll 11s
, precision -18
Root Delay: 0.000000, Root dispersion: 0.011581, Reference-ID: 127.127.1
.0
Reference Timestamp: 3574479340.256625980 (2013/04/09 08:55:40)
Originator Timestamp: 3574468581.232999995 (2013/04/09 05:56:21)
Receive Timestamp: 3574479384.490199267 (2013/04/09 08:56:24)
Transmit Timestamp: 3574479384.490376532 (2013/04/09 08:56:24)
Originator - Receive Timestamp: +10803.257199257
Originator - Transmit Timestamp: +10803.257376521
Win2000 Client, executed on cmd prompt "net time
/setsntp:mysmb4srv.ad.mycompany.com" which
puts the NTP client of the w2k machine into "type=NTP" instead of
"Nt5DS":
-------------------------------------------------------------------------------------------
08:48:32.330828 IP (tos 0x0, ttl 128, id 4811, offset 0, flags [none], proto UDP
(17), length 96)
smb4testw2k.dhcp.mycompany.com.1861 > r4dv3ld002.mycompany.com.ntp:
[udp sum ok] NTPv2, length 68
Client, Leap indicator: (0), Stratum 0 (unspecified), poll 11s, precision 0
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
Reference Timestamp: 0.000000000
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3574468109.125000000 (2013/04/09 05:48:29)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3574468109.125000000 (2013/04/09 05:48:29)
Key id: 131089
Authentication: 000000000099887703000000a82f0c00
08:48:32.331020 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP
(17), length 80)
r4dv3ld002.mycompany.com.ntp > smb4testw2k.dhcp.mycompany.com.1861:
[bad udp cksum 9fab!] NTPv2, length 52
Server, Leap indicator: (0), Stratum 11 (secondary reference), poll 11s
, precision -18
Root Delay: 0.000000, Root dispersion: 0.011230, Reference-ID: 127.127.1
.0
Reference Timestamp: 3574478892.256594210 (2013/04/09 08:48:12)
Originator Timestamp: 3574468109.125000000 (2013/04/09 05:48:29)
Receive Timestamp: 3574478912.330828607 (2013/04/09 08:48:32)
Transmit Timestamp: 3574478912.330993115 (2013/04/09 08:48:32)
Originator - Receive Timestamp: +10803.205828621
Originator - Transmit Timestamp: +10803.205993115
Key id: 0
08:48:37.322220 IP (tos 0x0, ttl 128, id 4812, offset 0, flags [none], proto UDP
(17), length 96)
smb4testw2k.dhcp.mycompany.com.1861 > r4dv3ld002.mycompany.com.ntp:
[udp sum ok] NTPv2, length 68
Client, Leap indicator: (0), Stratum 0 (unspecified), poll 11s, precisi
on 0
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
Reference Timestamp: 0.000000000
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3574468114.125000000 (2013/04/09 05:48:34)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3574468114.125000000 (2013/04/09 05
:48:34)
Key id: 131089
Authentication: 000000000099887703000000a82f0c00
08:48:37.322409 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17)
, length 80)
r4dv3ld002.mycompany.com.ntp > smb4testw2k.dhcp.mycompany.com.1861:
[bad udp cksum 5a0c!] NTPv2, length 52
Server, Leap indicator: (0), Stratum 11 (secondary reference), poll 11s
, precision -18
Root Delay: 0.000000, Root dispersion: 0.011306, Reference-ID: 127.127.1
.0
Reference Timestamp: 3574478892.256594210 (2013/04/09 08:48:12)
Originator Timestamp: 3574468114.125000000 (2013/04/09 05:48:34)
Receive Timestamp: 3574478917.322220683 (2013/04/09 08:48:37)
Transmit Timestamp: 3574478917.322383612 (2013/04/09 08:48:37)
Originator - Receive Timestamp: +10803.197220697
Originator - Transmit Timestamp: +10803.197383612
Key id: 0
Any help appreciated.
Lucas (local at irc.freenode.net)
Gregory Sloop
2013-Apr-09 15:14 UTC
[Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)
iM> I am using Samba 4.0.4 as AD DC on my test environment and iM> realized that all my W2k clients (default installation, no special iM> setups made on the clients) cannot receive the correct time of my iM> samba 4.0.4 AD domain controller. Windows XP and 7 work fine iM> though. The problem occurs at three W2k test clients I tried with. iM> The default behavior of Windows clients is to use the update type iM> "Nt5DS" which means, that the client tries to get the time of its iM> domain controller. Unfortunately this fails for my W2k clients in iM> conjunction with Samba 4.0.4 and also an error in event log iM> appears, that says that the time couldnt be retrieved of my samba4 iM> server "mysmb4srv.ad.mycompany.com". iM> As soon as I execute on win2000 clients cmd prompt "net time iM> /setsntp:mysmb4srv.ad.mycompany.com" it works. This command causes iM> the registry entries under HKLM\System\Current Control iM> Set\Services\W32Time\Parameters to change the default behavior iM> from type=Nt5DS to type=NTP and adds a line NTP iM> server=mysmb4srv.ad.mycompany.com". With this setting the time iM> sync works fine as soon as I restart the Windows Time Service. I iM> have logged the received ntp packets at samba4's side: iM> Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server which is installed iM> and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the "Nt5DS" discovery mode iM> on win2000 clients doesnt interact fine with samba4 ??? Here are iM> the "tcpdump -vv udp port 123" logs I'm sure someone will give you more data, but W2000 was completely out of maintenance mode, what, two+ years ago? Making changes to the registry so it will use NTP for time updates is fairly easy - which will make it compatible with the AD server. It would seem, to me at least, a bad use of resources to trouble-shoot/fix a Win2000 problem when there are work-around's and when Win2000 is not supported any more, and has multiple unpatched vulnerabilities. Just my opinion of course. -Greg
Andrew Bartlett
2013-Apr-10 02:50 UTC
[Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)
On Tue, 2013-04-09 at 19:01 +0400, ?icro MEGAS wrote:> Hi all, > > I am using Samba 4.0.4 as AD DC on my test environment and realized that all my W2k clients (default installation, no special setups made on the clients) cannot receive the correct time of my samba 4.0.4 AD domain controller. Windows XP and 7 work fine though. The problem occurs at three W2k test clients I tried with. The default behavior of Windows clients is to use the update type "Nt5DS" which means, that the client tries to get the time of its domain controller. Unfortunately this fails for my W2k clients in conjunction with Samba 4.0.4 and also an error in event log appears, that says that the time couldnt be retrieved of my samba4 server "mysmb4srv.ad.mycompany.com". > > As soon as I execute on win2000 clients cmd prompt "net time /setsntp:mysmb4srv.ad.mycompany.com" it works. This command causes the registry entries under HKLM\System\Current Control Set\Services\W32Time\Parameters to change the default behavior from type=Nt5DS to type=NTP and adds a line NTP server=mysmb4srv.ad.mycompany.com". With this setting the time sync works fine as soon as I restart the Windows Time Service. I have logged the received ntp packets at samba4's side: > > Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server which is installed > and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the "Nt5DS" discovery mode > on win2000 clients doesnt interact fine with samba4 ??? Here are the "tcpdump -vv udp port 123" logsTo even have a chance of offering an opionin on this, you need to get us the pcap file, not the text output (this applies at any time anybody is asking for a packet capture - the text output is next to useless).> Any help appreciated. > > Lucas (local at irc.freenode.net)-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org