search for: ntp_signd

...to /usr/local/samba, so I also modified that part of ntp.conf * Ubuntu uses AppArmor instead of SELinux - I found that the apparmor profile for ntp already includes support for ntp-signd for Samba4: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/930266 Therefore, I created the /var/run/samba/ntp_signd directory and set permissions on it: # mkdir /var/run/samba/ntp_signd # chown root:ntp /var/run/samba/ntp_signd # chmod 0750 /var/run/samba/ntp_signd # ls -l /var/run/samba | grep ntp_signd drwxr-x--- 2 root ntp 40 Jul 8 13:59 ntp_signd The contents of my /etc/ntp.conf are: server 0....

...- SELinux Labeling and Policy" on https://wiki.samba.org/index.php/Time_Synchronisation_-_SELinux_Labeling_and_Policy don't seem to work on CentOS 8. Using chrony I tried to adapt them (with very limited SELinux knowledge) like this: chcon -u system_u -t chronyd_exec_t /var/lib/samba/ntp_signd semanage fcontext -a -t chronyd_exec_t "/var/lib/samba/ntp_signd(/.*)?" restorecon -R -v /var/lib/samba/ntp_signd This seems to work on one DC, on the other I'm seeing this in the logs: "platform-python[1654]: SELinux is preventing chronyd from search access on the directory n...

...emd) apt install ntp # First comment out the default NTP ACLs sed -i 's/^restrict -/#restrict -/g' /etc/ntp.conf # Then add some samba specific settings to /etc/ntp.conf cat << EOF >> /etc/ntp.conf # Use AD for authenticanting Windows NTP clients ntpsigndsocket /var/lib/samba/ntp_signd # Acess control # Default restriction: Allow clients to only query the time restrict -4 default kod notrap nomodify nopeer noquery mssntp restrict -6 default kod notrap nomodify nopeer noquery mssntp # We're running in a VM, so we need to protect ntpd from waking up # in a panic, in a situati...

...you need. *( you need to change eth0 to your interface name) > # Optional, define which interface ntp could/should use > interface listen lo > interface listen eth0 > #interface ignore wildcard > interface ignore ipv6 > # > EOF > systemctl restart ntp > > # create the ntp_signd folder if not exists. > if [ ! -d /var/lib/samba/ntp_signd/ ]; then > mkdir -p /var/lib/samba/ntp_signd/ > chmod 750 /var/lib/samba/ntp_signd > chown root:ntp /var/lib/samba/ntp_signd > Fi > # check name group > if [ "$(stat -c "%G" /var/lib/samba/...

...-0500 (CDT) > Mike Ray <mray at xes-inc.com> wrote: > >> >> idmap_ldb:use rfc2307 = yes >> >> ldap server require strong auth = no >> >> netbios name = dc5 >> >> ntp signd socket directory = /var/run/samba/ntp_signd >> > >> > Is the above different from the output of: >> > samba -b | grep 'NTP_SIGND_SOCKET_DIR' | awk '{print $NF}' >> > >> >> # samba -b | grep NTP_SIGND_SOCKET_DIR >> NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd &gt...

On Tue, 12 Sep 2017 14:41:42 -0300 Flávio Silveira via samba <samba at lists.samba.org> wrote: > > Ok, I understand now, one question though: if realm is > AD.TECNOPON.COM.BR, does domain need to be AD? No, you can use anything you like, provided it is one word, 15 characters or less, without punctuation. > If I understand > correctly, realm is "full domain with

...F >> /etc/ntp.conf # Enable the interaced you need. *( you need to change eth0 to your interface name) # Optional, define which interface ntp could/should use interface listen lo interface listen eth0 #interface ignore wildcard interface ignore ipv6 # EOF systemctl restart ntp # create the ntp_signd folder if not exists. if [ ! -d /var/lib/samba/ntp_signd/ ]; then mkdir -p /var/lib/samba/ntp_signd/ chmod 750 /var/lib/samba/ntp_signd chown root:ntp /var/lib/samba/ntp_signd Fi # check name group if [ "$(stat -c "%G" /var/lib/samba/ntp_signd/)" != "ntp"...

On Sun, 10 Jun 2018 10:29:43 +0300 Alexei Rozenvaser <alexei.roz at gmail.com> wrote: > Question according to ntpsigndsocket directive at chrony.config: > Is it mandatory from standpoint of Samba to use > /usr/local/samba/var/lib/ntp_signd/ path for ntpsigndsocket? > Or it possible to use the chrony's default > path /var/lib/samba/ntp_signd ? The wiki is written from the view point of a self compiled Samba without setting a prefix. This means that by default, everything ends up in /usr/local/samba. Your distro, amongst ot...

...warders are other internal servers. They provide connectivity to non-domain systems and the internet. >> idmap_ldb:use rfc2307 = yes >> ldap server require strong auth = no >> netbios name = dc5 >> ntp signd socket directory = /var/run/samba/ntp_signd > > Is the above different from the output of: > samba -b | grep 'NTP_SIGND_SOCKET_DIR' | awk '{print $NF}' > # samba -b | grep NTP_SIGND_SOCKET_DIR NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd > If it isn't, you can remove that line, if it is, why ? W...

...to begin with they were most mysterious. In any case, we have resolved most of these issues. In dealing with this I ran across https://wiki.samba.org/index.php/Time_Synchronisation which contains this instruction: Set up the ntpd.conf File on a DC . . . ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ Now, on the FreeBSD host I see this instead: # sockstat | grep ntp root ntpd 6229 3 dgram -> /var/run/logpriv root ntpd 6229 20 udp6 *:123 *:* root ntpd 6229 21 udp4 *:123 *:* root ntpd 6229 22 udp4 192.168.8....

...omain clients are rejecting the DCs as being acceptable time sources. Below is my ntp.conf: server 127.127.1.0 fudge 127.127.1.0 stratum 10 server 0.pool.ntp.org iburst prefer server 1.pool.ntp.org iburst prefer driftfile /var/lib/ntp/ntp.drift logfile /var/log/ntp ntpsigndsocket /var/run/samba/ntp_signd restrict default kod nomodify notrap nopeer mssntp restrict 127.0.0.1 restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery Using Ubuntu, I am not using SELinux. I do not believe there to be any probl...

Hello, I have multiple samba DC for different domains running on a single box. I read a little bit up on time synchronisation and now configured it. It seems to work. My question is, what happens when multiple DCs go to the same ntp_signd/socket, will it work? Or should I configure one socket per DC instance? Cheers, Thomas

After our office upgraded to Windows 10, time sync stopped working with the Windows workstations. This used to work fine with Windows 7 and still works with linux domain members (although that's not surprising). The Windows 10 workstations ended up operating off the CMOS clock. We didn't notice this for a long time since the CMOS clock drift is slow, but after several months users started

...with --enable-ntp-signd. > >> > >> While trying to figure that out I came across the potentially very useful webpage > >> https://blog.svedr.in/posts/configuring-ntpd-for-a-samba-4-domain. It gave the following > >> instruction to see where Samba wants to put the ntp_signd socket: > >> > >> # netstat -xpln | grep signd > >> unix 2 [ ACC ] STREAM LISTENING 2071520535 19381/samba /var/lib/samba/ntp_signd/socket > >> > >> This location is different from what the Samba wiki specified (/usr/local/samba/var/lib/ntp_sign...

...2:19 +0200, Thomas Glanzmann via samba wrote: > Hello, > I have multiple samba DC for different domains running on a single box. > I read a little bit up on time synchronisation and now configured it. It > seems to work. My question is, what happens when multiple DCs go to the > same ntp_signd/socket, will it work? Or should I configure one socket > per DC instance? I would use distinct containers or VMs for this, as otherwise you also can't use nss_winbindd for each domain. However if you must, then you would have to set up multiple ntpd instances bound to each IP and pointing...

...ipv6 ## (default is ok, if you interface name is eth0 and you dont use ipv6. ) NTPD_RESTRICT_INTERFACE="lo eth0" NTPD_RESTRICT_INTERFACE_IGNORE="wildcard ipv6" ## default for sernet samba and debian samba ( should normaly not be changed ) SAMBA_NTP_SIGNPATH="/var/lib/samba/ntp_signd" ## debian default, leave it as is. NTPD_GROUP="ntp" ########### NTP apt-get -y --no-install-recommends install ntp cp /etc/ntp.conf /etc/ntp.conf.backup echo " " >> /etc/ntp.conf for x in 0 1 2 3 ; do sed -i "s]server ${x}.debian]#server ${x}.debian]g&quot...

Thank you. May it be better to add to wiki page instruction to use in ntpsigndsocket directive of ntpd / chrony config file the path that received from NTP_SIGND_SOCKET_DIR line of the output of samba -b command ? On Sun, Jun 10, 2018 at 11:35 AM Rowland Penny via samba <samba at lists.samba.org> wrote: > > On Sun, 10 Jun 2018 10:29:43 +0300 > Alexei Rozenvaser <alexei.roz at gmail.com> wrote: > > > Question according to ntpsig...

Hm, the bind setup looks ok ,to me, its a debian Jessie as far i can see. Its a default setup, almost the same im using and bind is configured to 9.9 So i think one of these 4 problems. Incorrect rights on /var/lib/samba/ntp_signd chown root:ntp /var/lib/samba/ntp_signd chmod 750 /var/lib/samba/ntp_signd OR The time on the pc is more than 5 min off. OR The pc has just joined the domain and has not rebooted yet. OR Pc is resolving to the internet first. Which make it fail also. So, check the event logs for the la...

RDP working configuration: restrict anonymous = 0 auth methods = sam winbind server services = winbindd, s3fs, rpc, nbt, wrepl, cldap, ldap, kdc, drepl, ntp_signd, kcc, dnsupdate dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, remote, winreg, srvsvc RDP working configuration but not the new client and join restrict anonymous = 2...

...nt out the default NTP ACLs > sed -i 's/^restrict -/#restrict -/g' /etc/ntp.conf > > # Then add some samba specific settings to /etc/ntp.conf > cat << EOF >> /etc/ntp.conf > > # Use AD for authenticanting Windows NTP clients > ntpsigndsocket /var/lib/samba/ntp_signd > > # Acess control > # Default restriction: Allow clients to only query the time > restrict -4 default kod notrap nomodify nopeer noquery mssntp > restrict -6 default kod notrap nomodify nopeer noquery mssntp > > # We're running in a VM, so we need to protect ntpd from w...