Alexei Rozenvaser
2018-Jun-03 13:29 UTC
[Samba] chrony configuration for secondary samba DC
Hi I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain controller that joined to an Existing Active Directory (Windows 2012R2 server). The question is about Time Synchronization across the domain. How should I configure chrony v3.2 in order to provide time synchronization: 1. between main Windows DC and Samba DC 2. Between Samba DC and windows clients in case when Windows DC is unavailable -- *Alexei*
On Sun, 3 Jun 2018 16:29:04 +0300 Alexei Rozenvaser via samba <samba at lists.samba.org> wrote:> Hi > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain > controllerNo your not, you are just running Samba as another DC, all DCs are equal except for the FSMO roles and they can be on any DC.>that joined to an Existing Active Directory (Windows > 2012R2 server). > The question is about Time Synchronization across the domain. > How should I configure chrony v3.2 in order to provide time > synchronization:apt-get purge chrony apt-get install ntp then read this: https://wiki.samba.org/index.php/Time_Synchronisation Rowland
Alexei Rozenvaser
2018-Jun-03 14:11 UTC
[Samba] chrony configuration for secondary samba DC
On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sun, 3 Jun 2018 16:29:04 +0300 > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > Hi > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain > > controller > > No your not, you are just running Samba as another DC, all DCs are > equal except for the FSMO roles and they can be on any DC. > >>> >>>Yes, you are right. That exactly what i meant. >>> > >that joined to an Existing Active Directory (Windows > > 2012R2 server). > > The question is about Time Synchronization across the domain. > > How should I configure chrony v3.2 in order to provide time > > synchronization: > > apt-get purge chrony > apt-get install ntp > > then read this: > > https://wiki.samba.org/index.php/Time_Synchronisation > > Rowland > >>> >>>I read this article. >>>But unfortunately it applies to ntpd only. >>>Don't you think it better to study how to configure chrony, since it become the default ubunt's NTP server? >>> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Alexei Rozenvaser
Alexei Rozenvaser
2018-Jun-03 14:24 UTC
[Samba] chrony configuration for secondary samba DC
On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sun, 3 Jun 2018 16:29:04 +0300 > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > Hi > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain > > controller > > No your not, you are just running Samba as another DC, all DCs are > equal except for the FSMO roles and they can be on any DC. >Yes, you are right. That exactly what i meant.> >that joined to an Existing Active Directory (Windows > > 2012R2 server). > > The question is about Time Synchronization across the domain. > > How should I configure chrony v3.2 in order to provide time > > synchronization: > > apt-get purge chrony > apt-get install ntp > > then read this: > > https://wiki.samba.org/index.php/Time_Synchronisation > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaI read this article. But unfortunately it applies to ntpd only. Don't you think it better to study how to configure chrony, since it become the default ubunt's NTP server? -- Alexei Rozenvaser
Alexei Rozenvaser
2018-Jun-04 11:50 UTC
[Samba] chrony configuration for secondary samba DC
Meanwhile my Samba setup totally destroyed connection to AD at some of
AD windows clients.
They was unable to get access to shared directories at windows file
servers and even was unable to create RDP connection to them.
There was following errors at windows event log:
* The kerberos client received a KRB_AP_ERR_TKT_NYV error from the
server XXX$. This indicates that the ticket used against that server
is not yet valid (in relationship to that server time). Contact your
system administrator to make sure the client and server times are in
sync, and that the KDC in realm XXXX.LOCAL is in sync with the KDC in
the client realm.
* NtpClient was unable to set a domain peer to use as a time source
because of discovery error. NtpClient will try again in 3473457
minutes and double the reattempt interval thereafter. The error was:
The entry is not found. (0x800706E1)
I discovered that ubuntu-dc clock is out of sync
------------------------------------------------------------
xxx at ubuntu-dc:~$ timedatectl
Local time: Mon 2018-06-04 10:38:48 IDT
Universal time: Mon 2018-06-04 07:38:48 UTC
RTC time: Mon 2018-06-04 06:00:17
Time zone: Asia/Jerusalem (IDT, +0300)
System clock synchronized: no
systemd-timesyncd.service active: yes
RTC in local TZ: no
-------------------------------------------------
While only hardware clock is correct:
-----------------------------------------------------
xxx at ubuntu-dc:~$ sudo hwclock
2018-06-04 09:10:40.462725+0300
---------------------------------------------------
Every thing came back to normal only after I disconnected the
ubuntu-dc from the network.
On Sun, Jun 3, 2018 at 4:29 PM Alexei Rozenvaser <alexei.roz at gmail.com>
wrote:>
> Hi
>
> I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain
controller that joined to an Existing Active Directory (Windows 2012R2 server).
> The question is about Time Synchronization across the domain.
> How should I configure chrony v3.2 in order to provide time
synchronization:
>
> between main Windows DC and Samba DC
> Between Samba DC and windows clients in case when Windows DC is unavailable
>
> --
> Alexei
--
Alexei Rozenvaser
Alexei Rozenvaser
2018-Jun-07 08:56 UTC
[Samba] chrony configuration for secondary samba DC
DC that doesn't holding PDC emulator FSMO role should sync it's time with DC that holdings such role. Right? But I can understand how it works in case of samba DC without PDC emulator FSMO role and with NTP server configured according to https://wiki.samba.org/index.php/Time_Synchronisation#Set_up_the_ntpd.conf_File_on_a_DC . Doesn't it create conflict between samba potential to sync time with other PDC emulator DC and NTP sever that syncs with some external NTP pool? On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sun, 3 Jun 2018 16:29:04 +0300 > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > Hi > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain > > controller > > No your not, you are just running Samba as another DC, all DCs are > equal except for the FSMO roles and they can be on any DC. > > >that joined to an Existing Active Directory (Windows > > 2012R2 server). > > The question is about Time Synchronization across the domain. > > How should I configure chrony v3.2 in order to provide time > > synchronization: > > apt-get purge chrony > apt-get install ntp > > then read this: > > https://wiki.samba.org/index.php/Time_Synchronisation > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Alexei Rozenvaser