Peter Milesson
2023-Aug-08 19:16 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
Hi folks, I have been spending the better part of the day, trying to get time synchronization to a Samba AD DC (Debian Bookworm 12.1) to work. Debian Bookworm has recently replaced ntp with ntpsec, and time synchronization stopped working. I have logged the behavior, and Windows 10 clients first send a Windows 2000! compatible request, and ntpsec chokes on it, and does not respond. The Windows 10 client times out, and quits. It's been a frustrating experience, and in the end I just gave up on ntpsec. I replaced it with chrony, which works. Just FYI. Best regards, Peter
Peter Milesson
2023-Aug-09 07:43 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
On 08.08.2023 21:16, Peter Milesson via samba wrote:> Hi folks, > > I have been spending the better part of the day, trying to get time > synchronization to a Samba AD DC (Debian Bookworm 12.1) to work. > Debian Bookworm has recently replaced ntp with ntpsec, and time > synchronization stopped working. > > I have logged the behavior, and Windows 10 clients first send a > Windows 2000! compatible request, and ntpsec chokes on it, and does > not respond. The Windows 10 client times out, and quits. > > It's been a frustrating experience, and in the end I just gave up on > ntpsec. I replaced it with chrony, which works. > > Just FYI. > > Best regards, > > Peter > >Hi folks, just out of curiosity, does somebody know how Windows clients in an AD environment elects which DC to use for time synchronization? Best regards, Peter Milesson
Michael Tokarev
2023-Aug-10 17:52 UTC
[Samba] Samba domain time sync woes (Debian Bookworm)
FWIW, I looked at the settings in our domain (all of which I did myself). I used to explicitly set up ntp time sources in our network for all windows workstations before, and I continued to provide these after conversion from nt4-style domain to samba AD-DC. The NTP records are provided by DHCP, and are configured in the GPO, both with regional differences (choosing the local NTP servers within each location). None of our AD-DC run NTP server by itself, but all syncronize to the same NTP servers. Here's a typical output on a windows workstation: # w32tm /query /status Leap Indicator: 0(no warning) Stratum: 3 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0030693s Root Dispersion: 0.2549162s ReferenceId: 0xC0A8B105 (source IP: 192.168.177.5) Last Successful Sync Time: 10.08.2023 20:42:45 Source: ntp.tls.msk.ru,0x9 Poll Interval: 15 (32768s) All this is run with ntpsec now (on debian bookworm). Local NTP servers at different locations also syncronize with each other. There's no (zero) problems with time syncronization (or AD, or DNS, or GPO or anything else) across whole network. FWIW. /mjt