samba - Jun 2018 - chrony configuration for secondary samba DC

On Thu, 7 Jun 2018 10:12:23 +0100
Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Thu, 7 Jun 2018 11:56:16 +0300
> Alexei Rozenvaser <alexei.roz at gmail.com> wrote:
> 
> > DC that doesn't holding PDC emulator FSMO role should sync
it's time
> > with DC that holdings such role. Right?
> > But I can understand how it works in case of samba DC without PDC
> > emulator FSMO role and with NTP server configured according to
> >
https://wiki.samba.org/index.php/Time_Synchronisation#Set_up_the_ntpd.conf_File_on_a_DC
> > . Doesn't it create conflict between samba potential to sync time
> > with other PDC emulator DC and NTP sever that syncs with some
> > external NTP pool?
> 
> To be honest, I have never given this much thought, I normally just
> set the DCs up identically and then get DHCP to send both DCs as time
> servers to Unix machines.
> 
> I have a draft chrony wikipage, but I need to understand more about
> windows and time servers (I use Unix more than I use windows) before
> adding it.
> 
> Rowland
> 
OK, after a bit of research, it seems it is quite simple, I like
simple ;-)

     internet time server
               ^
               |
               |
       PDC Emulator DC
        ^         ^
        |         |
        |         | 
   Other DC <----Workstation    

To put the above into words, the DC with the PDC Emulator role uses an
external NTP server as its source. All other DCs use the PDC Emulator
DC as their time server. All other workstations, servers etc, can use
any DC as their time server.

Rowland

Mandi! Rowland Penny via samba
  In chel di` si favelave...
> To put the above into words, the DC with the PDC Emulator role uses an
> external NTP server as its source. All other DCs use the PDC Emulator
> DC as their time server. All other workstations, servers etc, can use
> any DC as their time server.
Do you mean 'windows server', i suppose, right?

Because, AFAIK, the sync topology of a samba AD server is totally on
the sysadmin hand, providing configuration for ntpd/chrony.

And, i suppose, most if not all configuration are lecit and good,
providing that there's correct time sources...


Right?

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

Correct. But it doesn't answer my original question. How should one to
setup NTP server at his Samba DC that doesn't hold PDC emulator FSMO
role...
Moreover, what package is responsible, in this case, of machine time
sync: NTP server / client or SAMBA as AD client?
Dose samba menage time synchronization by itself or it delegates this
task to the local NTP server?

On Thu, Jun 7, 2018 at 1:16 PM Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
> On Thu, 7 Jun 2018 10:12:23 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
> > On Thu, 7 Jun 2018 11:56:16 +0300
> > Alexei Rozenvaser <alexei.roz at gmail.com> wrote:
> >
> > > DC that doesn't holding PDC emulator FSMO role should sync
it's time
> > > with DC that holdings such role. Right?
> > > But I can understand how it works in case of samba DC without PDC
> > > emulator FSMO role and with NTP server configured according to
> > >
https://wiki.samba.org/index.php/Time_Synchronisation#Set_up_the_ntpd.conf_File_on_a_DC
> > > . Doesn't it create conflict between samba potential to sync
time
> > > with other PDC emulator DC and NTP sever that syncs with some
> > > external NTP pool?
> >
> > To be honest, I have never given this much thought, I normally just
> > set the DCs up identically and then get DHCP to send both DCs as time
> > servers to Unix machines.
> >
> > I have a draft chrony wikipage, but I need to understand more about
> > windows and time servers (I use Unix more than I use windows) before
> > adding it.
> >
> > Rowland
> >
>
> OK, after a bit of research, it seems it is quite simple, I like
> simple ;-)
>
>      internet time server
>                ^
>                |
>                |
>        PDC Emulator DC
>         ^         ^
>         |         |
>         |         |
>    Other DC <----Workstation
>
> To put the above into words, the DC with the PDC Emulator role uses an
> external NTP server as its source. All other DCs use the PDC Emulator
> DC as their time server. All other workstations, servers etc, can use
> any DC as their time server.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


-- 
Alexei Rozenvaser

On Thu, 7 Jun 2018 15:33:04 +0300
Alexei Rozenvaser <alexei.roz at gmail.com> wrote:
> Correct. But it doesn't answer my original question. How should one to
> setup NTP server at his Samba DC that doesn't hold PDC emulator FSMO
> role...
Exactly as you would set up as the PDC emulator DC, except the first
time server would be the PDC emulator DC.
> Moreover, what package is responsible, in this case, of machine time
> sync: NTP server / client or SAMBA as AD client?
> Dose samba menage time synchronization by itself or it delegates this
> task to the local NTP server?
It is a bit of both, the time server does the, well, time serving and
Samba does the signing.

Rowland