On Mon, Jan 20, 2025 at 5:53?AM Rowland Penny via samba < samba at lists.samba.org> wrote:> I cannot get Chrony to work with MS-SNTP from a Windows client, now > this could be a Samba problem.... >The reason I think it's a Samba issue is that it worked perfectly with 4.19.3 but no longer works with 4.21.1 (or 4.21.3). I guess it is possible that all of the Windows' systems were updated to some unworkable state but it would take setting up a test case with 4.19.3 to verify. I did try starting up an old copy at one site but the systems wouldn't let me logon, most likely the secrets changed and I didn't want to mess anything up further.
On Mon, 20 Jan 2025 09:14:07 -0500 Sonic via samba <samba at lists.samba.org> wrote:> On Mon, Jan 20, 2025 at 5:53?AM Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > I cannot get Chrony to work with MS-SNTP from a Windows client, now > > this could be a Samba problem.... > > > > The reason I think it's a Samba issue is that it worked perfectly with > 4.19.3 but no longer works with 4.21.1 (or 4.21.3). > I guess it is possible that all of the Windows' systems were updated > to some unworkable state but it would take setting up a test case > with 4.19.3 to verify. I did try starting up an old copy at one site > but the systems wouldn't let me logon, most likely the secrets > changed and I didn't want to mess anything up further.I cannot even get to the point that I can say that using a GPO to set time on a Windows doesn't work, I cannot create the GPO. I am following this wiki page: https://wiki.samba.org/index.php/Group_Policy I have installed the .admx files (after getting hit again by the fact that unless you use '-H', they get installed on another DC, why do they not get installed on the DC you run the command on ?). I have checked and the .admx files are in: /var/lib/samba/sysvol/samdom.example.com/Policies/PolicyDefinitions When you do install the .admx files with samba-tool, it finishes by printing: Installing ADMX templates to the Central Store prevents Windows from displaying its own templates in the Group Policy Management Console. You will need to install these templates from https://www.microsoft.com/en-us/download/102157 to continue using Windows Administrative Templates. Which is a bit stupid for two reasons: 1) you have just installed the templates it is telling you to install 2) the '102157' templates are earlier versions. If you now go to gpmc on a Windows machine, you should be able to find in the left hand pane 'Computer Configuration', but it just isn't there for me, I must be missing something, but what ? Rowland
> The reason I think it's a Samba issue is that it worked perfectly with > 4.19.3 but no longer works with 4.21.1 (or 4.21.3).I am using Samba 4.19.9 and it doesn't work either. I am now using simple NTP instead of NT5DS and the Windows clients are synchronizing alright.
On 20.01.2025 15:14, Sonic via samba wrote:> On Mon, Jan 20, 2025 at 5:53?AM Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> I cannot get Chrony to work with MS-SNTP from a Windows client, now >> this could be a Samba problem.... >> > The reason I think it's a Samba issue is that it worked perfectly with > 4.19.3 but no longer works with 4.21.1 (or 4.21.3). > I guess it is possible that all of the Windows' systems were updated to > some unworkable state but it would take setting up a test case with 4.19.3 > to verify. I did try starting up an old copy at one site but the systems > wouldn't let me logon, most likely the secrets changed and I didn't want to > mess anything up further.Hi Sonic, I have tested with Windows 7 Pro (SP1), Windows 10 Pro (22H2), and Windows 11 Pro (24H2). All those clients report CMOS clock as time source. I also suspect that something broke in Samba since I posted about this problem on 9 August 2023. Then I was using Samba 4.17.9, which worked when I switched from ntpsec to chrony. Maybe I will try to set up a test domain and install a DC from Bookworm, without backports. That will be Samba 4.17.12. The Windows 7 client should probably work with that one. The latest Windows 10 and 11, will probably not work, due to several changes since then. But that will probably have to wait until the weekend. Best regards, Peter