samba - Aug 2020 - Time synchronization issues in Samba 4

Hi,

I configured my NTP server in samba 4 according to the article "
https://wiki.samba.org/index.php/Time_Synchronisation" however I verified
that the NTP server does not respond to requests from Windows NTPv3
clients, it only responds to NTPv4.

Following my ntp.conf:

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# Local clock. Note that is not the "localhost" address!
server 127.127.1.0 version 3
fudge  127.127.1.0 stratum 10
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server a.st1.ntp.br     iburst prefer
server b.st1.ntp.br     iburst prefer
driftfile       /var/lib/ntp/ntp.drift
logfile         /var/log/ntp
ntpsigndsocket  /var/lib/samba/ntp_signd/
# Access control
# Default restriction: Allow clients only to query the time
restrict default kod nomodify notrap nopeer mssntp
# No restrictions for "localhost"
restrict 127.0.0.1
# Enable the time sources to only provide time to this host
restrict a.st1.ntp.br  mask 255.255.255.255    nomodify notrap nopeer
noquery
restrict b.st1.ntp.br   mask 255.255.255.255    nomodify notrap nopeer
noquery

can anybody help me?


Regards,

M?rcio Bacci

I use systemd-timesyncd to sync time with the rest of the internet.

Then, I use ntpd to allow my samba4 dc to share it's time with joined
domain members.

Most likely my ntpd.conf is horribly insecure and broken, but it's what I
was able to figure out.

/etc/ntpd.conf:

# This bizarre rule makes ntp fall back to reading from the
# bios clock if no network connection is available.
server 127.127.1.0
fudge 127.127.1.0 stratum 10

# Access control
# Default restriction: Allow clients only to query the time
restrict default nomodify notrap nopeer mssntp

# No restrictions for "localhost"
restrict 127.0.0.1

# Storage
driftfile /var/lib/ntp/ntp.drift
logfile/var/log/ntp
ntpsigndsocket /var/lib/samba/ntp_signd

On Tue, Aug 4, 2020 at 12:18 PM Marcio Demetrio Bacci via samba <
samba at lists.samba.org> wrote:
> Hi,
>
> I configured my NTP server in samba 4 according to the article "
> https://wiki.samba.org/index.php/Time_Synchronisation" however I
verified
> that the NTP server does not respond to requests from Windows NTPv3
> clients, it only responds to NTPv4.
>
> Following my ntp.conf:
>
> # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
> driftfile /var/lib/ntp/ntp.drift
> # Enable this if you want statistics to be logged.
> #statsdir /var/log/ntpstats/
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
> # Local clock. Note that is not the "localhost" address!
> server 127.127.1.0 version 3
> fudge  127.127.1.0 stratum 10
> # You do need to talk to an NTP server or two (or three).
> #server ntp.your-provider.example
> # pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server
> will
> # pick a different set every time it starts up.  Please consider joining
> the
> # pool: <http://www.pool.ntp.org/join.html>
> server a.st1.ntp.br     iburst prefer
> server b.st1.ntp.br     iburst prefer
> driftfile       /var/lib/ntp/ntp.drift
> logfile         /var/log/ntp
> ntpsigndsocket  /var/lib/samba/ntp_signd/
> # Access control
> # Default restriction: Allow clients only to query the time
> restrict default kod nomodify notrap nopeer mssntp
> # No restrictions for "localhost"
> restrict 127.0.0.1
> # Enable the time sources to only provide time to this host
> restrict a.st1.ntp.br  mask 255.255.255.255    nomodify notrap nopeer
> noquery
> restrict b.st1.ntp.br   mask 255.255.255.255    nomodify notrap nopeer
> noquery
>
> can anybody help me?
>
>
> Regards,
>
> M?rcio Bacci
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 04/08/2020 18:17, Marcio Demetrio Bacci via samba
wrote:
> Hi,
>
> I configured my NTP server in samba 4 according to the article "
> https://wiki.samba.org/index.php/Time_Synchronisation" however I
verified
> that the NTP server does not respond to requests from Windows NTPv3
> clients, it only responds to NTPv4.
Would these NTPv3 clients be XP ?

Rowland

On 04/08/2020 18:59, Michael Jones via samba wrote:
> I use systemd-timesyncd to sync time with the rest of the internet.
This is not supported by Samba
>
> Then, I use ntpd to allow my samba4 dc to share it's time with joined
> domain members.
>
> Most likely my ntpd.conf is horribly insecure and broken, but it's what
I
> was able to figure out.
>
> /etc/ntpd.conf:
>
> # This bizarre rule makes ntp fall back to reading from the
> # bios clock if no network connection is available.
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
>
> # Access control
> # Default restriction: Allow clients only to query the time
> restrict default nomodify notrap nopeer mssntp
>
> # No restrictions for "localhost"
> restrict 127.0.0.1
>
> # Storage
> driftfile /var/lib/ntp/ntp.drift
> logfile/var/log/ntp
> ntpsigndsocket /var/lib/samba/ntp_signd
>
You do not seem to have set any external ntp servers.

Rowland