----- Original Message -----> From: "Robert Gurdon" <sandboxheh at gmail.com>
> To: "Andrew Martin" <amartin at xes-inc.com>
> Sent: Saturday, July 27, 2013 7:02:51 AM
> Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6?
>
> Yo,
>
> Could you attach your ntp log when you start/restart it?
>
> Robert
>
>
> 2013-07-27 08:26 keltez?ssel, Andrew Martin ?rta:
> > Hello,
> >
> > I recently compiled Samba 4.0.6 (as an AD DC) and am running it on
> > Ubuntu 12.04.
> > I followed the instructions on the Samba wiki
> > (https://wiki.samba.org/index.php/Configure_NTP)
> > for how to configure ntp, however the domain clients are rejecting
> > the DCs as
> > being acceptable time sources. Below is my ntp.conf:
> >
> > server 127.127.1.0
> > fudge 127.127.1.0 stratum 10
> > server 0.pool.ntp.org iburst prefer
> > server 1.pool.ntp.org iburst prefer
> > driftfile /var/lib/ntp/ntp.drift
> > logfile /var/log/ntp
> > ntpsigndsocket /var/run/samba/ntp_signd
> > restrict default kod nomodify notrap nopeer mssntp
> > restrict 127.0.0.1
> > restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer
> > noquery
> > restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer
> > noquery
> >
> > Using Ubuntu, I am not using SELinux. I do not believe there to be
> > any problems
> > with apparmor, as it contains these lines in
> > /etc/apparmor.d/usr.sbin.ntpd:
> > # samba4 ntp signing socket
> > /{,var/}run/samba/ntp_signd/socket rw,
> >
> > What is the correct procedure for configuring NTP for a Samba4 AD
> > DC?
> >
> > Thanks,
> >
> > Andrew
>
> --
> Kind regards:
>
> Robert
>
>
>
Robert,
Sure, thanks for the help. Here are log messages when I restart ntpd:
Jul 27 09:14:02 dc1 ntpd[30565]: ntpd exiting on signal 15
Jul 27 09:14:04 dc1 ntpd[5957]: ntpd 4.2.6p3 at 1.2290-o Tue Jun 5 20:12:08 UTC
2012 (1)
Jul 27 09:14:04 dc1 ntpd[5958]: proto: precision = 0.345 usec
Jul 27 09:14:04 dc1 ntpd[5958]: ntp_io: estimated max descriptors: 1024, initial
socket boundary: 16
Jul 27 09:14:04 dc1 ntpd[5958]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Jul 27 09:14:04 dc1 ntpd[5958]: Listen and drop on 1 v6wildcard :: UDP 123
Jul 27 09:14:04 dc1 ntpd[5958]: Listen normally on 2 lo 127.0.0.1 UDP 123
Jul 27 09:14:04 dc1 ntpd[5958]: Listen normally on 3 eth0 192.168.0.102 UDP 123
Jul 27 09:14:04 dc1 ntpd[5958]: Listen normally on 4 eth0 192.168.0.221 UDP 123
Jul 27 09:14:04 dc1 ntpd[5958]: Listen normally on 5 eth0
fe80::5054:ff:fece:1e3b UDP 123
Jul 27 09:14:04 dc1 ntpd[5958]: Listen normally on 6 lo ::1 UDP 123
Jul 27 09:14:04 dc1 ntpd[5958]: peers refreshed
Jul 27 09:14:04 dc1 ntpd[5958]: Listening on routing socket on fd #23 for
interface updates
Jul 27 09:14:04 dc1 ntpd[5958]: MS-SNTP signd operations currently block ntpd
degrading service to all clients.
The ntp_signd directory is empty:
root at dc1:/# ls -l /var/run/samba/ntp_signd
total 0
root at dc1:/# ls -l /var/run/samba/ | grep ntp
drwxr-x--- 2 ntp ntp 40 Jul 8 16:40 ntp_signd
Thanks,
Andrew