Alexei Rozenvaser
2018-Jun-03  14:11 UTC
[Samba] chrony configuration for secondary samba DC
On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sun, 3 Jun 2018 16:29:04 +0300 > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > Hi > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) domain > > controller > > No your not, you are just running Samba as another DC, all DCs are > equal except for the FSMO roles and they can be on any DC. > >>> >>>Yes, you are right. That exactly what i meant. >>> > >that joined to an Existing Active Directory (Windows > > 2012R2 server). > > The question is about Time Synchronization across the domain. > > How should I configure chrony v3.2 in order to provide time > > synchronization: > > apt-get purge chrony > apt-get install ntp > > then read this: > > https://wiki.samba.org/index.php/Time_Synchronisation > > Rowland > >>> >>>I read this article. >>>But unfortunately it applies to ntpd only. >>>Don't you think it better to study how to configure chrony, since it become the default ubunt's NTP server? >>> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Alexei Rozenvaser
On Sun, 3 Jun 2018 17:11:47 +0300 Alexei Rozenvaser <alexei.roz at gmail.com> wrote:> On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > > On Sun, 3 Jun 2018 16:29:04 +0300 > > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > > > Hi > > > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) > > > domain controller > > > > No your not, you are just running Samba as another DC, all DCs are > > equal except for the FSMO roles and they can be on any DC. > > > >>> > >>>Yes, you are right. That exactly what i meant. > >>> > > >that joined to an Existing Active Directory (Windows > > > 2012R2 server). > > > The question is about Time Synchronization across the domain. > > > How should I configure chrony v3.2 in order to provide time > > > synchronization: > > > > apt-get purge chrony > > apt-get install ntp > > > > then read this: > > > > https://wiki.samba.org/index.php/Time_Synchronisation > > > > Rowland > > > >>> > >>>I read this article. > >>>But unfortunately it applies to ntpd only. > >>>Don't you think it better to study how to configure chrony, since > >>>it become the default ubunt's NTP server? > >>> > >It might be Ubuntu's default time server, but it will not work on a Samba DC, you must use ntp. Try running 'sudo samba -b | grep 'SIGND', what are the first three letters in the output ? Rowland
Alexei Rozenvaser
2018-Jun-03  14:37 UTC
[Samba] chrony configuration for secondary samba DC
The output is: alexei at ubuntu-dc:~$ sudo samba -b | grep 'SIGND' NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd On Sun, Jun 3, 2018 at 5:32 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sun, 3 Jun 2018 17:11:47 +0300 > Alexei Rozenvaser <alexei.roz at gmail.com> wrote: > > > On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > > > > On Sun, 3 Jun 2018 16:29:04 +0300 > > > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > > > > > Hi > > > > > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) > > > > domain controller > > > > > > No your not, you are just running Samba as another DC, all DCs are > > > equal except for the FSMO roles and they can be on any DC. > > > > > >>> > > >>>Yes, you are right. That exactly what i meant. > > >>> > > > >that joined to an Existing Active Directory (Windows > > > > 2012R2 server). > > > > The question is about Time Synchronization across the domain. > > > > How should I configure chrony v3.2 in order to provide time > > > > synchronization: > > > > > > apt-get purge chrony > > > apt-get install ntp > > > > > > then read this: > > > > > > https://wiki.samba.org/index.php/Time_Synchronisation > > > > > > Rowland > > > > > >>> > > >>>I read this article. > > >>>But unfortunately it applies to ntpd only. > > >>>Don't you think it better to study how to configure chrony, since > > >>>it become the default ubunt's NTP server? > > >>> > > > > > It might be Ubuntu's default time server, but it will not work on a > Samba DC, you must use ntp. > Try running 'sudo samba -b | grep 'SIGND', what are the first three > letters in the output ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Alexei Rozenvaser
Alexei Rozenvaser
2018-Jun-03  14:40 UTC
[Samba] chrony configuration for secondary samba DC
By the way there is ntpsigndsocket option in chrony configuration file. https://chrony.tuxfamily.org/doc/3.3/chrony.conf.html#ntpsigndsocket Can you please look at https://wiki.alpinelinux.org/wiki/Setting_up_a_samba-ad-dc and may be https://chrony.tuxfamily.org/comparison.html ? On Sun, Jun 3, 2018 at 5:32 PM Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sun, 3 Jun 2018 17:11:47 +0300 > Alexei Rozenvaser <alexei.roz at gmail.com> wrote: > > > On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba > > <samba at lists.samba.org> wrote: > > > > > > On Sun, 3 Jun 2018 16:29:04 +0300 > > > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > > > > > Hi > > > > > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) > > > > domain controller > > > > > > No your not, you are just running Samba as another DC, all DCs are > > > equal except for the FSMO roles and they can be on any DC. > > > > > >>> > > >>>Yes, you are right. That exactly what i meant. > > >>> > > > >that joined to an Existing Active Directory (Windows > > > > 2012R2 server). > > > > The question is about Time Synchronization across the domain. > > > > How should I configure chrony v3.2 in order to provide time > > > > synchronization: > > > > > > apt-get purge chrony > > > apt-get install ntp > > > > > > then read this: > > > > > > https://wiki.samba.org/index.php/Time_Synchronisation > > > > > > Rowland > > > > > >>> > > >>>I read this article. > > >>>But unfortunately it applies to ntpd only. > > >>>Don't you think it better to study how to configure chrony, since > > >>>it become the default ubunt's NTP server? > > >>> > > > > > It might be Ubuntu's default time server, but it will not work on a > Samba DC, you must use ntp. > Try running 'sudo samba -b | grep 'SIGND', what are the first three > letters in the output ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Alexei Rozenvaser
Andreas Schneider
2018-Jun-04  08:48 UTC
[Samba] chrony configuration for secondary samba DC
On Sunday, 3 June 2018 16:32:12 CEST Rowland Penny via samba wrote:> On Sun, 3 Jun 2018 17:11:47 +0300 > > Alexei Rozenvaser <alexei.roz at gmail.com> wrote: > > On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba > > > > <samba at lists.samba.org> wrote: > > > On Sun, 3 Jun 2018 16:29:04 +0300 > > > > > > Alexei Rozenvaser via samba <samba at lists.samba.org> wrote: > > > > Hi > > > > > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup / secondary) > > > > domain controller > > > > > > No your not, you are just running Samba as another DC, all DCs are > > > equal except for the FSMO roles and they can be on any DC. > > > > > >>>Yes, you are right. That exactly what i meant. > > >>> > > > >that joined to an Existing Active Directory (Windows > > > > > > > > 2012R2 server). > > > > The question is about Time Synchronization across the domain. > > > > How should I configure chrony v3.2 in order to provide time > > > > > > > synchronization: > > > apt-get purge chrony > > > apt-get install ntp > > > > > > then read this: > > > > > > https://wiki.samba.org/index.php/Time_Synchronisation > > > > > > Rowland > > > > > >>>I read this article. > > >>>But unfortunately it applies to ntpd only. > > >>>Don't you think it better to study how to configure chrony, since > > >>>it become the default ubunt's NTP server? > > It might be Ubuntu's default time server, but it will not work on a > Samba DC, you must use ntp. > Try running 'sudo samba -b | grep 'SIGND', what are the first three > letters in the output ?Rowland, chrony should work fine with Samba as support for ntp_signed has been added with version 3.1. I've worked with the chrony developer implementing it. It would be great if someone could update the Time_Synchronisation tutorial with details for chrony as it seems it will replace ntpd. chrony with Samba support has also been added to RHEL 7.4. Andreas