Luis Peromarta
2024-Jun-17 15:29 UTC
[Samba] Time sync problem samba 4.20.0 chrony debian11
LP On Jun 17, 2024 at 15:40 +0100, Daniel M?ller via samba <samba at lists.samba.org>, wrote:> Dear all, > > we are running two samba 4.20 on debian 11(as dcs) with chrony/oldstable,now 4.0-8+deb11u2 amd64 as ntpserver. > Our clients are windows 11 and windows 10 machines. A few of them where in an old samba 4 domain without any time issues (ntp/centos7)!? > What we see, ist hat none of them syncs his time excactly from our dcs. There is a difference from 2 to 10 minutes. Can you point us to find the error? > > Our chrony.conf just the same of both dcs but bindcmaddress is different: > > keyfile /etc/chrony/chrony.keys > driftfile /var/lib/chrony/chrony.drift > log tracking measurements statistics > logdir /var/log/chrony > maxupdateskew 100.0 > hwclockfile /etc/adjtime > rtcsync > makestep 1 3 > # ipaddress of this DC > bindcmdaddress our.samba.dc.locI?d say this should be an IP.> # The source, where we are receiving the time from > server 0.pool.ntp.org iburst > server 1.pool.ntp.org iburst > server 2.pool.ntp.org iburst > # dns netmask > allow 192.168.135.0/24 > allow 192.168.134.0/24 > allow 192.168.50.0/24 > allow 192.168.131.0/24 > allow 192.168.139.0/24 > allow 192.168.140.0/24 > allow 0.0.0.0/0If you are allowing 0.0.0.0/0, why the other declarations ?> ntpsigndsocket /var/lib/samba/ntp_signd > confdir /etc/chrony/conf.d > > Verifying rights to use signed socket: > root at dommaster:~# ls -ld /var/lib/samba/ntp_signd > drwxr-x--- 2 root _chrony 4096 8. Mai 07:26 /var/lib/samba/ntp_signd > > Show chrony status, running: > > service chrony status > ? chrony.service - chrony, an NTP client/server > Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor preset: enabled) > Active: active (running) since Mon 2024-06-17 16:06:43 CEST; 5s ago > Docs: man:chronyd(8) > man:chronyc(1) > man:chrony.conf(5) > Process: 926202 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, status=0/SUCCESS) > Main PID: 926206 (chronyd) > Tasks: 2 (limit: 154241) > Memory: 1.2M > CPU: 35ms > CGroup: /system.slice/chrony.service > ??926206 /usr/sbin/chronyd -F 1 > ??926207 /usr/sbin/chronyd -F 1 > > Jun 17 16:06:43 dommaster systemd[1]: Starting chrony, an NTP client/server... > Jun 17 16:06:43 dommaster chronyd[926206]: chronyd version 4.0 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND > > Jun 17 16:06:43 dommaster chronyd[926206]: Frequency 26.454 +/- 0.158 ppm read from /var/lib/chrony/chrony.drift > Jun 17 16:06:43 dommaster chronyd[926206]: MS-SNTP authentication enabled > Jun 17 16:06:43 dommaster chronyd[926206]: Loaded seccomp filter > Jun 17 16:06:43 dommaster systemd[1]: Started chrony, an NTP client/server. > > tcpdump udp port 123 > tcpdump: verbose output suppressed, use -v[v]... for full protocol decode > listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot length 262144 bytes > 16:22:47.608803 IP pc2304.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120 > 16:22:53.692770 IP schulung6.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120I don?t see your windows machines talking to your server. Only to stratum servers in the internet. This is all I know about crony for samba: http://samba.bigbird.es/doku.php?id=samba:install-chrony> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Daniel Müller
2024-Jun-18 06:54 UTC
[Samba] Time sync problem samba 4.20.0 chrony debian11
Look at it: 08:50:40.853291 IP (tos 0x0, ttl 127, id 26100, offset 0, flags [none], proto UDP (17), length 148) _gateway.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120 Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 17 (131072s), precision -23 Root Delay: 0.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 3927246573.273649199 (2024-06-13T05:49:33Z) Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3927682239.819649899 (2024-06-18T06:50:39Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3927682239.819649899 (2024-06-18T06:50:39Z) (72 more bytes after the header) 08:50:48.106125 IP (tos 0x0, ttl 127, id 15936, offset 0, flags [none], proto UDP (17), length 148) _gateway.59 > dom2.tlk.loc.ntp: NTPv3, Client, length 120 Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 8 (256s), precision -23 Root Delay: 0.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 3927200014.357084399 (2024-06-12T16:53:34Z) Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3927682351.357086299 (2024-06-18T06:52:31Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3927682351.357086299 (2024-06-18T06:52:31Z) (72 more bytes after the header) 08:50:48.412027 IP (tos 0x0, ttl 127, id 56942, offset 0, flags [none], proto UDP (17), length 148) _gateway.60 > dom2.tlk.loc.ntp: NTPv3, Client, length 120 Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 17 (131072s), precision -23 Root Delay: 0.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 3927345965.328886999 (2024-06-14T09:26:05Z) Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3927682227.968888499 (2024-06-18T06:50:27Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3927682227.968888499 (2024-06-18T06:50:27Z) (72 more bytes after the header) 08:50:50.167551 IP (tos 0x0, ttl 127, id 30778, offset 0, flags [none], proto UDP (17), length 148) _gateway.61 > dom2.tlk.loc.ntp: NTPv3, Client, length 120 Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 7 (128s), precision -23 Root Delay: 0.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 3927246447.322441699 (2024-06-13T05:47:27Z) Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3927682205.681443299 (2024-06-18T06:50:05Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3927682205.681443299 (2024-06-18T06:50:05Z) (72 more bytes after the header) 08:50:52.733597 IP (tos 0x0, ttl 128, id 55087, offset 0, flags [none], proto UDP (17), length 148) Ambu4.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120 Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 8 (256s), precision -23 Root Delay: 0.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 3927331955.357604699 (2024-06-14T05:32:35Z) Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3927682297.653605299 (2024-06-18T06:51:37Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3927682297.653605299 (2024-06-18T06:51:37Z) (72 more bytes after the header) 08:53:17.277524 IP (tos 0x0, ttl 128, id 7851, offset 0, flags [none], proto UDP (17), length 148) terraaio01.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, Client, length 120 Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision -23 Root Delay: 0.030776, Root dispersion: 4.205795, Reference-ID: (unspec) Reference Timestamp: 3927003638.205545099 (2024-06-10T10:20:38Z) Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3927682403.361546399 (2024-06-18T06:53:23Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3927682403.361546399 (2024-06-18T06:53:23Z) (72 more bytes after the header) -----Urspr?ngliche Nachricht----- Von: Luis Peromarta via samba [mailto:samba at lists.samba.org] Gesendet: Montag, 17. Juni 2024 17:29 An: Samba List <samba at lists.samba.org> Betreff: Re: [Samba] Time sync problem samba 4.20.0 chrony debian11 LP On Jun 17, 2024 at 15:40 +0100, Daniel M?ller via samba <samba at lists.samba.org>, wrote:> Dear all, > > we are running two samba 4.20 on debian 11(as dcs) with chrony/oldstable,now 4.0-8+deb11u2 amd64 as ntpserver. > Our clients are windows 11 and windows 10 machines. A few of them where in an old samba 4 domain without any time issues (ntp/centos7)!? > What we see, ist hat none of them syncs his time excactly from our dcs. There is a difference from 2 to 10 minutes. Can you point us to find the error? > > Our chrony.conf just the same of both dcs but bindcmaddress is different: > > keyfile /etc/chrony/chrony.keys > driftfile /var/lib/chrony/chrony.drift log tracking measurements > statistics logdir /var/log/chrony maxupdateskew 100.0 hwclockfile > /etc/adjtime rtcsync makestep 1 3 # ipaddress of this DC > bindcmdaddress our.samba.dc.locI?d say this should be an IP.> # The source, where we are receiving the time from server > 0.pool.ntp.org iburst server 1.pool.ntp.org iburst server > 2.pool.ntp.org iburst # dns netmask allow 192.168.135.0/24 allow > 192.168.134.0/24 allow 192.168.50.0/24 allow 192.168.131.0/24 allow > 192.168.139.0/24 allow 192.168.140.0/24 allow 0.0.0.0/0If you are allowing 0.0.0.0/0, why the other declarations ?> ntpsigndsocket /var/lib/samba/ntp_signd confdir /etc/chrony/conf.d > > Verifying rights to use signed socket: > root at dommaster:~# ls -ld /var/lib/samba/ntp_signd > drwxr-x--- 2 root _chrony 4096 8. Mai 07:26 /var/lib/samba/ntp_signd > > Show chrony status, running: > > service chrony status > ? chrony.service - chrony, an NTP client/server > Loaded: loaded (/lib/systemd/system/chrony.service; enabled; vendor > preset: enabled) > Active: active (running) since Mon 2024-06-17 16:06:43 CEST; 5s ago > Docs: man:chronyd(8) > man:chronyc(1) > man:chrony.conf(5) > Process: 926202 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited, > status=0/SUCCESS) Main PID: 926206 (chronyd) > Tasks: 2 (limit: 154241) > Memory: 1.2M > CPU: 35ms > CGroup: /system.slice/chrony.service > ??926206 /usr/sbin/chronyd -F 1 > ??926207 /usr/sbin/chronyd -F 1 > > Jun 17 16:06:43 dommaster systemd[1]: Starting chrony, an NTP client/server... > Jun 17 16:06:43 dommaster chronyd[926206]: chronyd version 4.0 > starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND > Jun > 17 16:06:43 dommaster chronyd[926206]: Frequency 26.454 +/- 0.158 ppm > read from /var/lib/chrony/chrony.drift Jun 17 16:06:43 dommaster > chronyd[926206]: MS-SNTP authentication enabled Jun 17 16:06:43 dommaster chronyd[926206]: Loaded seccomp filter Jun 17 16:06:43 dommaster systemd[1]: Started chrony, an NTP client/server. > > tcpdump udp port 123 > tcpdump: verbose output suppressed, use -v[v]... for full protocol > decode listening on enp1s0f0, link-type EN10MB (Ethernet), snapshot > length 262144 bytes > 16:22:47.608803 IP pc2304.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, > Client, length 120 > 16:22:53.692770 IP schulung6.tlk.loc.ntp > dom2.tlk.loc.ntp: NTPv3, > Client, length 120I don?t see your windows machines talking to your server. Only to stratum servers in the internet. This is all I know about crony for samba: http://samba.bigbird.es/doku.php?id=samba:install-chrony> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba