Recently we have been having a lot of trouble with time
synchronisation between our samba DC and the domain clients. We are
not sure what started this issue since the Samba domain went live on
October 11, 2016 and the issues only began to surface this past
January but at some point the time on the clients and the DC diverged
enough that we began to get strange network errors. Once we figured
out that these were caused by time divergence they were not so
strange, but to begin with they were most mysterious.
In any case, we have resolved most of these issues. In dealing with
this I ran across
https://wiki.samba.org/index.php/Time_Synchronisation which contains
this instruction:
Set up the ntpd.conf File on a DC
. . .
ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
Now, on the FreeBSD host I see this instead:
# sockstat | grep ntp
root ntpd 6229 3 dgram -> /var/run/logpriv
root ntpd 6229 20 udp6 *:123 *:*
root ntpd 6229 21 udp4 *:123 *:*
root ntpd 6229 22 udp4 192.168.8.65:123 *:*
root ntpd 6229 23 udp6 ::1:123 *:*
root ntpd 6229 24 udp6 fe80::1%lo0:123 *:*
root ntpd 6229 25 udp4 127.0.0.1:123 *:*
root samba 766 24 stream /var/run/samba4/ntp_signd/socket
So I altered /etc/ntp.conf as follows:
ntpsigndsocket /var/run/samba4/ntp_signd/
However, as I have no idea what this does or how (or even if) al this
works I would like to have this setup explained to me.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
On Tue, 2017-02-07 at 13:06 -0500, James B. Byrne via samba wrote:> Recently we have been having a lot of trouble with time > synchronisation between our samba DC and the domain clients. We are > not sure what started this issue since the Samba domain went live on > October 11, 2016 and the issues only began to surface this past > January but at some point the time on the clients and the DC diverged > enough that we began to get strange network errors. Once we figured > out that these were caused by time divergence they were not so > strange, but to begin with they were most mysterious. > > In any case, we have resolved most of these issues. In dealing with > this I ran across > https://wiki.samba.org/index.php/Time_Synchronisation which contains > this instruction: > > Set up the ntpd.conf File on a DC > . . . > ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ > > Now, on the FreeBSD host I see this instead: > > # sockstat | grep ntp > root ntpd 6229 3 dgram -> /var/run/logpriv > root ntpd 6229 20 udp6 *:123 *:* > root ntpd 6229 21 udp4 *:123 *:* > root ntpd 6229 22 udp4 192.168.8.65:123 *:* > root ntpd 6229 23 udp6 ::1:123 *:* > root ntpd 6229 24 udp6 fe80::1%lo0:123 *:* > root ntpd 6229 25 udp4 127.0.0.1:123 *:* > root samba 766 24 stream /var/run/samba4/ntp_signd/socket > > > So I altered /etc/ntp.conf as follows: > > ntpsigndsocket /var/run/samba4/ntp_signd/ > > > However, as I have no idea what this does or how (or even if) al this > works I would like to have this setup explained to me.Have you also set mssntp in the restrict line for your clients? This is required to make it talk to the socket. I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Tue, February 7, 2017 13:15, Andrew Bartlett wrote:> > Have you also set mssntp in the restrict line for your clients? > > This is required to make it talk to the socket. > > I hope this helps, > > Andrew BartlettI regret to say that I do not know what that means. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
On 02/07/2017 08:15 PM, Andrew Bartlett via samba wrote:> On Tue, 2017-02-07 at 13:06 -0500, James B. Byrne via samba wrote: >> Recently we have been having a lot of trouble with time >> synchronisation between our samba DC and the domain clients. We are >> not sure what started this issue since the Samba domain went live on >> October 11, 2016 and the issues only began to surface this past >> January but at some point the time on the clients and the DC diverged >> enough that we began to get strange network errors. Once we figured >> out that these were caused by time divergence they were not so >> strange, but to begin with they were most mysterious. >> >> In any case, we have resolved most of these issues. In dealing with >> this I ran across >> https://wiki.samba.org/index.php/Time_Synchronisation which contains >> this instruction: >> >> Set up the ntpd.conf File on a DC >> . . . >> ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ >> >> Now, on the FreeBSD host I see this instead: >> >> # sockstat | grep ntp >> root ntpd 6229 3 dgram -> /var/run/logpriv >> root ntpd 6229 20 udp6 *:123 *:* >> root ntpd 6229 21 udp4 *:123 *:* >> root ntpd 6229 22 udp4 192.168.8.65:123 *:* >> root ntpd 6229 23 udp6 ::1:123 *:* >> root ntpd 6229 24 udp6 fe80::1%lo0:123 *:* >> root ntpd 6229 25 udp4 127.0.0.1:123 *:* >> root samba 766 24 stream /var/run/samba4/ntp_signd/socket >> >> >> So I altered /etc/ntp.conf as follows: >> >> ntpsigndsocket /var/run/samba4/ntp_signd/ >> >> >> However, as I have no idea what this does or how (or even if) al this >> works I would like to have this setup explained to me. > Have you also set mssntp in the restrict line for your clients? > > This is required to make it talk to the socket. > > I hope this helps, > > Andrew BartlettMay I ask an off-topic question? James, does saying "samba43" mean you installed this FreeBSD port or package? Which is known to crash during provisioning as DC. Did you find the solution to that issue? Alnis
On Tue, February 7, 2017 13:06, James B. Byrne wrote:> In any case, we have resolved most of these issues. In dealing with > this I ran across > https://wiki.samba.org/index.php/Time_Synchronisation which contains > this instruction: > > Set up the ntpd.conf File on a DC > . . . > ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ > > Now, on the FreeBSD host I see this instead: > > # sockstat | grep ntp > root ntpd 6229 3 dgram -> /var/run/logpriv > root ntpd 6229 20 udp6 *:123 *:* > root ntpd 6229 21 udp4 *:123 *:* > root ntpd 6229 22 udp4 192.168.8.65:123 *:* > root ntpd 6229 23 udp6 ::1:123 *:* > root ntpd 6229 24 udp6 fe80::1%lo0:123 *:* > root ntpd 6229 25 udp4 127.0.0.1:123 *:* > root samba 766 24 stream /var/run/samba4/ntp_signd/socket > > > So I altered /etc/ntp.conf as follows: > > ntpsigndsocket /var/run/samba4/ntp_signd/ > > > However, as I have no idea what this does or how (or even if) al this > works I would like to have this setup explained to me. >I feel that I am in the realm of the cargo cult with respect to MS, Samba and ntp. Is there a reference that someone can point me to that explains what ntpsigndsocket actually accomplishes; as in how is the socket used and by what? Obviously it is tying Samba and ntp together somehow but I do not understand what this accomplishes. If the setting is not placed in ntp.conf then what are the implications? Is the directory used arbitrary configured in the Samba build or is it configurable? if so how and where; smb4.conf? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
On Wed, 8 Feb 2017 10:47:25 -0500 "James B. Byrne via samba" <samba at lists.samba.org> wrote:> > On Tue, February 7, 2017 13:06, James B. Byrne wrote: > > > In any case, we have resolved most of these issues. In dealing with > > this I ran across > > https://wiki.samba.org/index.php/Time_Synchronisation which > > contains this instruction: > > > > Set up the ntpd.conf File on a DC > > . . . > > ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ > > > > Now, on the FreeBSD host I see this instead: > > > > # sockstat | grep ntp > > root ntpd 6229 3 dgram -> /var/run/logpriv > > root ntpd 6229 20 udp6 *:123 *:* > > root ntpd 6229 21 udp4 *:123 *:* > > root ntpd 6229 22 udp4 192.168.8.65:123 *:* > > root ntpd 6229 23 udp6 ::1:123 *:* > > root ntpd 6229 24 udp6 fe80::1%lo0:123 *:* > > root ntpd 6229 25 udp4 127.0.0.1:123 *:* > > root samba 766 24 stream /var/run/samba4/ntp_signd/socket > > > > > > So I altered /etc/ntp.conf as follows: > > > > ntpsigndsocket /var/run/samba4/ntp_signd/ > > > > > > However, as I have no idea what this does or how (or even if) al > > this works I would like to have this setup explained to me. > > > > I feel that I am in the realm of the cargo cult with respect to MS, > Samba and ntp. Is there a reference that someone can point me to that > explains what ntpsigndsocket actually accomplishes; as in how is the > socket used and by what? > > Obviously it is tying Samba and ntp together somehow but I do not > understand what this accomplishes. If the setting is not placed in > ntp.conf then what are the implications? Is the directory used > arbitrary configured in the Samba build or is it configurable? if so > how and where; smb4.conf? > >Try reading the Samba wiki page: https://wiki.samba.org/index.php/Time_Synchronisation To find out just where your ntp socket dir is, run 'samba -b' and look at the line that starts 'NTP_SIGND_SOCKET_DIR' The location is set when Samba is compiled from options passed to './configure' Rowland