samba - Jan 2024 - Joining Windows 10 Domain Member to Samba AD/DC

On Fri Jan  5 03:23:48 2024 Peter Milesson via samba <samba at
lists.samba.org> wrote:
>
> On 05.01.2024 1:28, Mark Foley via samba wrote:
> > I've added a Windows 10 domain member to my Domain. I'm now
following the
> > procedure in
https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member.
> >
> > I've created the Group Policy for the "Time Sources".
This doesn't seem to be
> > working. This did work fine with my old 4.8.2 DC, so I know it works
in
> > principle.
> >
> > I have additional notes and have tried (on the Windows member):
> >
> > net stop w32time
> > w32tm /unregister
> > w32tm /register
> > net start w32time
> >
> > I've rebooted both the DC and the Windows member. On the Windows
member I still
> > get:
> >
> >> w32tm /query /source
> > Local CMOS Clock
> >
> > whereas I expect the return to be "dc1.hprs.locl"
> >
> > I have confirmed that the Group Policy exists and is configured
correctly.
> >
> > What's going wrong here?
> >
> > Thanks --Mark
> >
> Hi Mark,
>
> If you're using ntpsec on the DC, that wont work. You must use chrony.
I
> had the same problem some half year ago.
>
> Also, no need to use a GPO for this. The domain members get their time 
> from a DC anyway.
>
> HTH,
>
> Peter
Well, I may end up trying chrony. I don't know what ntpsec is. I'm using
ntp-4.2.8p17. Version 4.2.8p15 works fine on current DC. 

In the 3 responses to my post from you, Sonic and Lewis, you've all said I
don't
need a GPO for this. I use one in my current DC and why would there be a wiki on
this
(https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member)
if a GPO is not needed? I would think the wikis would mention the GPO not being
needed.

How do you know you're syncing with the DC? What does your 'w32tm /query
/source'
give you?

I'll experiment more. The chrony option would not affect what's
happening on the
Windows domain member and why the w32tm /config is not "taking".

Is there any way to confirm whether my ntpd was build with --enable-ntp-signd?

On Fri, Jan 5, 2024 at 2:32?PM Mark Foley via samba
<samba at lists.samba.org> wrote:
> <snip> I would think the wikis would mention the GPO not being
> needed.
Did you see the section titles "Default Time Source" in the page you
link to that I quoted previously? The wiki clearly spells it out that
using a GPO is usually unnecessary.
> How do you know you're syncing with the DC?
'w32tm /query /status' will show you.
> What does your 'w32tm /query /source' give you?
My Windows domain members point to the DC.

Chris