On 04/08/2020 18:59, Michael Jones via samba wrote:> I use systemd-timesyncd to sync time with the rest of the internet.This is not supported by Samba> > Then, I use ntpd to allow my samba4 dc to share it's time with joined > domain members. > > Most likely my ntpd.conf is horribly insecure and broken, but it's what I > was able to figure out. > > /etc/ntpd.conf: > > # This bizarre rule makes ntp fall back to reading from the > # bios clock if no network connection is available. > server 127.127.1.0 > fudge 127.127.1.0 stratum 10 > > # Access control > # Default restriction: Allow clients only to query the time > restrict default nomodify notrap nopeer mssntp > > # No restrictions for "localhost" > restrict 127.0.0.1 > > # Storage > driftfile /var/lib/ntp/ntp.drift > logfile/var/log/ntp > ntpsigndsocket /var/lib/samba/ntp_signd >You do not seem to have set any external ntp servers. Rowland
On Tue, Aug 4, 2020 at 1:05 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 04/08/2020 18:59, Michael Jones via samba wrote: > > I use systemd-timesyncd to sync time with the rest of the internet. > This is not supported by Samba >Doesn't matter. It syncs the time on my host. Samba can just use the time I tell it. You do not seem to have set any external ntp servers.> >That's because it's "syncing" against my machine's local time.
On Tue, 2020-08-04 at 13:08 -0500, Michael Jones via samba wrote:> On Tue, Aug 4, 2020 at 1:05 PM Rowland penny via samba < > samba at lists.samba.org> wrote: > > > On 04/08/2020 18:59, Michael Jones via samba wrote: > > > I use systemd-timesyncd to sync time with the rest of the > > > internet. > > > > This is not supported by Samba > > > > Doesn't matter. It syncs the time on my host. Samba can just use the > time I > tell it. > > > You do not seem to have set any external ntp servers.That is, will ntpd report having good sync (and so serve to clients) with the only time source being a stratum 10 fudge? (S)NTP is more than just a 'tell me the time' protocol, and both clients and servers try hard not provide or accept 'bad' time estimates. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba