Peter Milesson
2023-Aug-09 09:14 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
On 09.08.2023 11:05, Rowland Penny via samba wrote:> > > On 09/08/2023 09:46, Peter Milesson via samba wrote: >>> >> Thanks for the link Rowland. But there is an ambiguity. Below the >> diagram, there is stated that "all other workstations get their time >> from any DC".? In the next sentence there is "Windows clients get >> their time from the PDC emulator DC". In my case, the Windows 10 >> client does not get the time from the DC with the PDC emulator role, >> which also contradicts the second statement. >> >> Best regards, >> >> Peter >> >> > > Thanks for pointing that out, I have rewritten it. > Basically a client will ask any DC for the current time and it will > return what it thinks is the time. All DCs get their time from the DC > that holds the PDC_Emulator FSMO role, which gets its time from an > external source. > > Rowland >Hi Rowland, Thanks for the clarification. Now it makes sense. Having one single point of failure in the DC having the PDC emulator FSMO role, is of course not a good design. Like a Windows 10 client sending time requests using a Windows 2000 protocol. But that's what we have got to live with... Best regards, Peter
On 09/08/2023 10:14, Peter Milesson via samba wrote:> Hi Rowland, > > Thanks for the clarification. Now it makes sense. > > Having one single point of failure in the DC having the PDC emulator > FSMO role, is of course not a good design. Like a Windows 10 client > sending time requests using a Windows 2000 protocol. But that's what we > have got to live with... > > Best regards, > > Peter > >Yes, a single point of failure, but it is as designed by Microsoft, so we have to put up with it. As for ntpsec, they seem to be aware of the problem, though possibly not the w2k protocol, see here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033088 and here: https://gitlab.com/NTPsec/ntpsec/-/issues/785 Rowland