samba - Feb 2024 - Joining Windows 10 Domain Member to Samba AD/DC

On Sat, Feb 10, 2024 at 2:20?PM Mark Foley via samba
<samba at lists.samba.org> wrote:
> Does chrony have to be built in some special way to enable ntp-signd?
Needs to be configured with "--enable-ntp-signd".

Also for comparison:
# ls -al /var/lib/samba/ntp_signd/
total 8
drwxr-x--- 2 root _chrony 4096 Jan 14 11:14 .
drwxr-xr-x 9 root root    4096 Jan 14 11:14 ..
srwxrwxrwx 1 root root       0 Jan 14 11:14 socket

(chrony runs as the _chrony user on Debian)

Chris

This is my output with chrony on Bookworm.

root at awing:~# tcpdump -v -l port 123
tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), snapshot length
262144 bytes



21:39:44.229569 IP (tos 0x0, ttl 128, id 45600, offset 0, flags [none], proto
UDP (17), length 96)
?192.168.3.52.ntp > awing.mad.mater.int.ntp: NTPv3, Client, length 68
?Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 17
(131072s), precision -23
?Root Delay: 0.033233, Root dispersion: 16.000000, Reference-ID: (unspec)
?Reference Timestamp: 3916586358.079687399 (2024-02-10T20:39:18Z)
?Originator Timestamp: 0.000000000
?Receive Timestamp: 0.000000000
?Transmit Timestamp: 3916586511.767688299 (2024-02-10T20:41:51Z)
?Originator - Receive Timestamp: 0.000000000
?Originator - Transmit Timestamp: 3916586511.767688299 (2024-02-10T20:41:51Z)
?Key id: 4010278912
?Authentication: 00000000000000000000000000000000
21:39:44.230626 IP (tos 0x0, ttl 64, id 10855, offset 0, flags [DF], proto UDP
(17), length 96)
?awing.mad.mater.int.ntp > 192.168.3.52.ntp: NTPv3, Server, length 68
?Leap indicator: (0), Stratum 3 (secondary reference), poll 17 (131072s),
precision -25
?Root Delay: 0.015686, Root dispersion: 0.004653, Reference-ID: 0x4114634a
?Reference Timestamp: 3916586062.114338141 (2024-02-10T20:34:22Z)
?Originator Timestamp: 3916586511.767688299 (2024-02-10T20:41:51Z)
?Receive Timestamp: 3916586384.229632153 (2024-02-10T20:39:44Z)
?Transmit Timestamp: 3916586384.229814978 (2024-02-10T20:39:44Z)
?Originator - Receive Timestamp: -127.538056146
?Originator - Transmit Timestamp: -127.537873321
?Key id: 4010278912
?Authentication: 815058c841bf3f0a90f73bb1f277a7af


And this are my notes :

http://samba.bigbird.es/doku.php?id=samba:install-chrony

Regards.
On 10 Feb 2024 at 21:32 +0100, Mark Foley <mfoley at novatec-inc.com>,
wrote:
>
> If you run 'tcpdump -v -l -i ethX port 123' on your DC, does it
show sending a
> response back to your Windows computers?

On Sat Feb 10 15:31:47 2024 Mark Foley <mfoley at novatec-inc.com>
wrote:
>
> On Sat, Feb 10, 2024 at 2:20?PM Mark Foley via samba
> <samba at lists.samba.org> wrote:
> > Does chrony have to be built in some special way to enable ntp-signd?
>
> Needs to be configured with "--enable-ntp-signd".
I may have to build from sources. I downloaded from the SlackBuilds repo and
have no idea how it was built. Is there an option to chronyd to list build
options? I didn't see one in the manpage.
> Also for comparison:
> # ls -al /var/lib/samba/ntp_signd/
> total 8
> drwxr-x--- 2 root _chrony 4096 Jan 14 11:14 .
> drwxr-xr-x 9 root root    4096 Jan 14 11:14 ..
> srwxrwxrwx 1 root root       0 Jan 14 11:14 socket
Got that:

# ls -la /var/lib/samba/ntp_signd
total 8
drwxr-x--- 2 root chrony 4096 2024-02-10 04:02 ./
drwxr-xr-x 7 root root   4096 2024-02-10 04:02 ../
srwxrwxrwx 1 root root      0 2024-02-10 04:02 socket
Everything everyone has asked me about looks to be correctly configured.  I
think I need to build chrony from sources as my next step. I can't see what
else
could be wrong.

--Mark