Luis Peromarta
2023-Aug-09 15:15 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
From https://wiki.samba.org/index.php/Time_Synchronisation "As a workaround for this, set the same external time servers on all DC's, then if the PDC emulator goes offline and cannot easily be restarted, transfer or seize the PDC emulator role to another DC." I have all DCs configured with chrony to get time from external time servers, all with identical chrony config. Is this the right way to do it then ? On 9 Aug 2023 at 11:05 +0200, samba at lists.samba.org, wrote:> > All DCs get their time from the DC > that holds the PDC_Emulator FSMO role, which gets its time from an > external source.
Philippe LeCavalier
2023-Aug-10 16:13 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
On Wed, Aug 9, 2023 at 11:16?AM Luis Peromarta via samba < samba at lists.samba.org> wrote:> From > > https://wiki.samba.org/index.php/Time_Synchronisation > > "As a workaround for this, set the same external time servers on all DC's, > then if the PDC emulator goes offline and cannot easily be restarted, > transfer or seize the PDC emulator role to another DC." > > I have all DCs configured with chrony to get time from external time > servers, all with identical chrony config. > > Is this the right way to do it then ? > On 9 Aug 2023 at 11:05 +0200, samba at lists.samba.org, wrote: > > > > All DCs get their time from the DC > > that holds the PDC_Emulator FSMO role, which gets its time from an > > external source. > -- >I think there may be some confusion here... The DCs time and how the DC gets time is independent from Samba offering time on the client side. In other words, it doesn't matter how your DC gets the time whether it is ntp or ntpsec so just configure ntpsec (or crony or whatever else you want) so that the server has the right time and then Samba will offer up that time. As indicated, Samba doesn't actually give the time but more so the Windows client sync's to an available DC based on Microsoft's implementation of ntp. Now to my knowledge (and maybe I've been mistaken all this time) Samba has it's own ntp service builtin which would not be affected by Bookworm moving to ntpsec.