Peter Milesson
2024-Jan-05 08:03 UTC
[Samba] Joining Windows 10 Domain Member to Samba AD/DC
On 05.01.2024 1:28, Mark Foley via samba wrote:> I've added a Windows 10 domain member to my Domain. I'm now following the > procedure in https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member. > > I've created the Group Policy for the "Time Sources". This doesn't seem to be > working. This did work fine with my old 4.8.2 DC, so I know it works in > principle. > > I have additional notes and have tried (on the Windows member): > > net stop w32time > w32tm /unregister > w32tm /register > net start w32time > > I've rebooted both the DC and the Windows member. On the Windows member I still > get: > >> w32tm /query /source > Local CMOS Clock > > whereas I expect the return to be "dc1.hprs.locl" > > I have confirmed that the Group Policy exists and is configured correctly. > > What's going wrong here? > > Thanks --Mark >Hi Mark, If you're using ntpsec on the DC, that wont work. You must use chrony. I had the same problem some half year ago. Also, no need to use a GPO for this. The domain members get their time from a DC anyway. HTH, Peter
Luis Peromarta
2024-Jan-05 10:43 UTC
[Samba] Joining Windows 10 Domain Member to Samba AD/DC
This is correct. You should Use chrony. http://samba.bigbird.es/doku.php?id=samba:install-chrony On 5 Jan 2024 at 08:23 +0000, Peter Milesson via samba <samba at lists.samba.org>, wrote:> > > On 05.01.2024 1:28, Mark Foley via samba wrote: > > I've added a Windows 10 domain member to my Domain. I'm now following the > > procedure in https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member. > > > > I've created the Group Policy for the "Time Sources". This doesn't seem to be > > working. This did work fine with my old 4.8.2 DC, so I know it works in > > principle. > > > > I have additional notes and have tried (on the Windows member): > > > > net stop w32time > > w32tm /unregister > > w32tm /register > > net start w32time > > > > I've rebooted both the DC and the Windows member. On the Windows member I still > > get: > > > > > w32tm /query /source > > Local CMOS Clock > > > > whereas I expect the return to be "dc1.hprs.locl" > > > > I have confirmed that the Group Policy exists and is configured correctly. > > > > What's going wrong here? > > > > Thanks --Mark > > > Hi Mark, > > If you're using ntpsec on the DC, that wont work. You must use chrony. I > had the same problem some half year ago. > > Also, no need to use a GPO for this. The domain members get their time > from a DC anyway. > > HTH, > > Peter > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Fri Jan 5 03:23:48 2024 Peter Milesson via samba <samba at lists.samba.org> wrote:> > On 05.01.2024 1:28, Mark Foley via samba wrote: > > I've added a Windows 10 domain member to my Domain. I'm now following the > > procedure in https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member. > > > > I've created the Group Policy for the "Time Sources". This doesn't seem to be > > working. This did work fine with my old 4.8.2 DC, so I know it works in > > principle. > > > > I have additional notes and have tried (on the Windows member): > > > > net stop w32time > > w32tm /unregister > > w32tm /register > > net start w32time > > > > I've rebooted both the DC and the Windows member. On the Windows member I still > > get: > > > >> w32tm /query /source > > Local CMOS Clock > > > > whereas I expect the return to be "dc1.hprs.locl" > > > > I have confirmed that the Group Policy exists and is configured correctly. > > > > What's going wrong here? > > > > Thanks --Mark > > > Hi Mark, > > If you're using ntpsec on the DC, that wont work. You must use chrony. I > had the same problem some half year ago. > > Also, no need to use a GPO for this. The domain members get their time > from a DC anyway. > > HTH, > > PeterWell, I may end up trying chrony. I don't know what ntpsec is. I'm using ntp-4.2.8p17. Version 4.2.8p15 works fine on current DC. In the 3 responses to my post from you, Sonic and Lewis, you've all said I don't need a GPO for this. I use one in my current DC and why would there be a wiki on this (https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member) if a GPO is not needed? I would think the wikis would mention the GPO not being needed. How do you know you're syncing with the DC? What does your 'w32tm /query /source' give you? I'll experiment more. The chrony option would not affect what's happening on the Windows domain member and why the w32tm /config is not "taking". Is there any way to confirm whether my ntpd was build with --enable-ntp-signd?