I noticed a problem with time synchronization on all Windows endpoints. I am using Samba 4.21.3 and Chrony 4.3-2. When I run the following command in Windows: w32tm /monitor dc1.xxxx.pl *** PDC ***[192.168.45.10:123]: ICMP: 1ms delay NTP: +0.0000000s offset from dc1.xxxx.pl RefID: time.cloudflare.com [162.159.200.123] Stratum: 4 dc2.xxxx.pl[192.168.45.9:123]: ICMP: 1ms delay NTP: -0.0001207s offset from dc1.xxxx.pl RefID: ntp1.orange.pl [80.50.102.114] Stratum: 2 Warning: Reverse name resolution is best effort. It may not be correct since RefID field in time packets differs across NTP implementations and may not be using IP addresses. But when I run: w32tm /resync Sending resync command to local computer The computer did not resync because no time data was available. When I check on the DC servers with the |tcpdump| program, there is an incoming packet, but no outgoing packet. I am sure this worked previously. It likely stopped working after upgrading to Samba version 4.21.1. I configured Chrony based on the example: https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html <https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html>
This works. Hopefully it?ll help you. http://samba.bigbird.es/doku.php?id=samba:install-chrony On 18 Jan 2025 at 08:49 +0000, Programnet via samba <samba at lists.samba.org>, wrote:> I noticed a problem with time synchronization on all Windows endpoints. > I am using Samba 4.21.3 and Chrony 4.3-2. > > When I run the following command in Windows: > > w32tm /monitor > dc1.xxxx.pl *** PDC ***[192.168.45.10:123]: > ICMP: 1ms delay > NTP: +0.0000000s offset from dc1.xxxx.pl > RefID: time.cloudflare.com [162.159.200.123] > Stratum: 4 > dc2.xxxx.pl[192.168.45.9:123]: > ICMP: 1ms delay > NTP: -0.0001207s offset from dc1.xxxx.pl > RefID: ntp1.orange.pl [80.50.102.114] > Stratum: 2 > > Warning: > Reverse name resolution is best effort. It may not be > correct since RefID field in time packets differs across > NTP implementations and may not be using IP addresses. > > But when I run: > > w32tm /resync > Sending resync command to local computer > The computer did not resync because no time data was available. > > When I check on the DC servers with the |tcpdump| program, there is an > incoming packet, but no outgoing packet. > > I am sure this worked previously. It likely stopped working after > upgrading to Samba version 4.21.1. > > I configured Chrony based on the example: > https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html > <https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
I solved the problem. In my case, it turned out that after updating to SAMBA 4.21.x from Debian Backport, the time server stopped responding to signed NTP queries. I changed the GPO from NT5DS to NTP. Now it's without signing, but at least it works. I checked my other Samba deployments and observed the exact same effect everywhere. https://wiki.samba.org/index.php/Time_Synchronisation#Setting_User_Defined_Time_Sources_and_Options Thank you all for guiding me towards the solution. W dniu 18.01.2025 o?09:48, Programnet via samba pisze:> I noticed a problem with time synchronization on all Windows > endpoints. I am using Samba 4.21.3 and Chrony 4.3-2. > > When I run the following command in Windows: > > w32tm /monitor > dc1.xxxx.pl *** PDC ***[192.168.45.10:123]: > ICMP: 1ms delay > NTP: +0.0000000s offset from dc1.xxxx.pl > RefID: time.cloudflare.com [162.159.200.123] > Stratum: 4 > dc2.xxxx.pl[192.168.45.9:123]: > ICMP: 1ms delay > NTP: -0.0001207s offset from dc1.xxxx.pl > RefID: ntp1.orange.pl [80.50.102.114] > Stratum: 2 > > Warning: > Reverse name resolution is best effort. It may not be > correct since RefID field in time packets differs across > NTP implementations and may not be using IP addresses. > > But when I run: > > w32tm /resync > Sending resync command to local computer > The computer did not resync because no time data was available. > > When I check on the DC servers with the |tcpdump| program, there is an > incoming packet, but no outgoing packet. > > I am sure this worked previously. It likely stopped working after > upgrading to Samba version 4.21.1. > > I configured Chrony based on the example: > https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html > <https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html> >
On Sat, Jan 18, 2025 at 3:49?AM Programnet via samba <samba at lists.samba.org> wrote:> > I noticed a problem with time synchronization on all Windows endpoints. > I am using Samba 4.21.3 and Chrony 4.3-2. > > When I run the following command in Windows: > > w32tm /monitor > dc1.xxxx.pl *** PDC ***[192.168.45.10:123]: > ICMP: 1ms delay > NTP: +0.0000000s offset from dc1.xxxx.pl > RefID: time.cloudflare.com [162.159.200.123] > Stratum: 4 > dc2.xxxx.pl[192.168.45.9:123]: > ICMP: 1ms delay > NTP: -0.0001207s offset from dc1.xxxx.pl > RefID: ntp1.orange.pl [80.50.102.114] > Stratum: 2 > > Warning: > Reverse name resolution is best effort. It may not be > correct since RefID field in time packets differs across > NTP implementations and may not be using IP addresses. > > But when I run: > > w32tm /resync > Sending resync command to local computer > The computer did not resync because no time data was available. > > When I check on the DC servers with the |tcpdump| program, there is an > incoming packet, but no outgoing packet. > > I am sure this worked previously. It likely stopped working after > upgrading to Samba version 4.21.1. > > I configured Chrony based on the example: > https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html > <https://samba.tranquil.it/doc/en/samba_config_server/debian/server_install_ntp_debian.html>Based on my [old, dated] experience as a Windows System Administrator... Windows clients have chronic problems keeping time in an AD domain environment. I gave up trying to get Windows clients to use domain controllers for time. Instead, I installed a 3rd party NTP client on each Windows workstation, and had the 3rd party NTP client handle time synchronization. The NTP client ran as a system service and updated time every 4 hours so drift was trivial. The NTP clients I used would sync with NIST time servers, and not domain controllers. I do not know if there are 3rd party NTP clients that can use Samba domain controllers as a time source modulo the security requirements. If there are, you might try one. If there are not, then you might try a plain NTP client synching with NIST time servers. (Of course, use whatever time service you like besides NIST). Things may have changed since I was doing Windows SysAdmin work. But based on this thread, it sounds like not much has changed. Jeff