search for: ntpsec

...; > > On Fri, 5 Jan 2024 23:53:52 +0000 > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > > > You think ntp works with samba but it doesn?t. > > > > Sorry, but 'ntp' does work, it is the rewrite for more security > > 'ntpsec' that doesn't seem to work. > > > > > > > > You *must* use chrony. It will take you exactly 5 minutes to get > > > it up and running. > > > > Chrony does seem to work, I just hope they do not follow ntpsec down > > the same path. > &gt...

...esponse from server in 1000ms > > > > From a Linux machine there is also no response: > > > > ntpdate -q athena > > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > > synchronization found > > > > > > Here is the DC /etc/ntpsec/ntp.conf: > > > > # Where to retrieve the time from > > server 0.pool.ntp.org???? iburst prefer > > server 1.pool.ntp.org???? iburst prefer > > server 2.pool.ntp.org???? iburst prefer > > > > driftfile?????? /var/lib/ntpsec/ntp.drift > > logfile????...

...athena[10.10.1.10:123] ? ICMP: 0ms delay ? NTP: error ERROR_TIMEOUT - no response from server in 1000ms From a Linux machine there is also no response: ntpdate -q athena 24 Oct 16:47:41 ntpdate[33581]: no server suitable for synchronization found Here is the DC /etc/ntpsec/ntp.conf: # Where to retrieve the time from server 0.pool.ntp.org???? iburst prefer server 1.pool.ntp.org???? iburst prefer server 2.pool.ntp.org???? iburst prefer driftfile?????? /var/lib/ntpsec/ntp.drift logfile???????? /var/log/ntp.log #logconfig =all ntpsigndsocket? /var/lib/samba/ntp_signd/...

...> ? NTP: error ERROR_TIMEOUT - no response from server in 1000ms > > From a Linux machine there is also no response: > > ntpdate -q athena > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > synchronization found > > > Here is the DC /etc/ntpsec/ntp.conf: > > # Where to retrieve the time from > server 0.pool.ntp.org???? iburst prefer > server 1.pool.ntp.org???? iburst prefer > server 2.pool.ntp.org???? iburst prefer > > driftfile?????? /var/lib/ntpsec/ntp.drift > logfile???????? /var/log/ntp.log > #logconfig =a...

...> ? NTP: error ERROR_TIMEOUT - no response from server in 1000ms > > From a Linux machine there is also no response: > > ntpdate -q athena > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > synchronization found > > > Here is the DC /etc/ntpsec/ntp.conf: > > # Where to retrieve the time from > server 0.pool.ntp.org???? iburst prefer > server 1.pool.ntp.org???? iburst prefer > server 2.pool.ntp.org???? iburst prefer > > driftfile?????? /var/lib/ntpsec/ntp.drift > logfile???????? /var/log/ntp.log > #logconfig =a...

...> > > From a Linux machine there is also no response: > > > > > > ntpdate -q athena > > > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > > > synchronization found > > > > > > > > > Here is the DC /etc/ntpsec/ntp.conf: > > > > > > # Where to retrieve the time from > > > server 0.pool.ntp.org???? iburst prefer > > > server 1.pool.ntp.org???? iburst prefer > > > server 2.pool.ntp.org???? iburst prefer > > > > > > driftfile?????? /var/lib/ntp...

...a at lists.samba.org> wrote: > > On Fri, 5 Jan 2024 23:53:52 +0000 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > You think ntp works with samba but it doesn?t. > > Sorry, but 'ntp' does work, it is the rewrite for more security > 'ntpsec' that doesn't seem to work. > > > > > You *must* use chrony. It will take you exactly 5 minutes to get it > > up and running. > > Chrony does seem to work, I just hope they do not follow ntpsec down > the same path. > > The other thing that you have to...

...esponse from server in 1000ms > > > > From a Linux machine there is also no response: > > > > ntpdate -q athena > > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > > synchronization found > > > > > > Here is the DC /etc/ntpsec/ntp.conf: > > > > # Where to retrieve the time from > > server 0.pool.ntp.org???? iburst prefer > > server 1.pool.ntp.org???? iburst prefer > > server 2.pool.ntp.org???? iburst prefer > > > > driftfile?????? /var/lib/ntpsec/ntp.drift > > logfile????...

...econdary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0030693s Root Dispersion: 0.2549162s ReferenceId: 0xC0A8B105 (source IP: 192.168.177.5) Last Successful Sync Time: 10.08.2023 20:42:45 Source: ntp.tls.msk.ru,0x9 Poll Interval: 15 (32768s) All this is run with ntpsec now (on debian bookworm). Local NTP servers at different locations also syncronize with each other. There's no (zero) problems with time syncronization (or AD, or DNS, or GPO or anything else) across whole network. FWIW. /mjt

Hi there, In my experience NTP has been trouble lately with the NTPsec implementation. A few months back I decided to remove NTPsec and go with Chrony. These are my notes: http://samba.bigbird.es/doku.php?id=samba:install-chrony Hope it helps. On Oct 25, 2023 at 19:04 +0200, Ham <ham at kc0dxf.net>, wrote: > > Any ideas on what the problem is?

I was able to switch to Chony and verify that it is working. Clients are now getting time from the DC. Luis has good notes! On 10/25/23 12:06, Luis Peromarta via samba wrote: > Hi there, > > In my experience NTP has been trouble lately with the NTPsec implementation. > > A few months back I decided to remove NTPsec and go with Chrony. > > These are my notes: > > http://samba.bigbird.es/doku.php?id=samba:install-chrony > > Hope it helps. > On Oct 25, 2023 at 19:04 +0200, Ham <ham at kc0dxf.net>, wrote: >> An...

On Fri, 5 Jan 2024 23:53:52 +0000 Luis Peromarta via samba <samba at lists.samba.org> wrote: > You think ntp works with samba but it doesn?t. Sorry, but 'ntp' does work, it is the rewrite for more security 'ntpsec' that doesn't seem to work. > > You *must* use chrony. It will take you exactly 5 minutes to get it > up and running. Chrony does seem to work, I just hope they do not follow ntpsec down the same path. The other thing that you have to know, Mark Foley is using Slackware, Rowl...

...gt; w32tm /query /source > Local CMOS Clock > > whereas I expect the return to be "dc1.hprs.locl" > > I have confirmed that the Group Policy exists and is configured correctly. > > What's going wrong here? > > Thanks --Mark > Hi Mark, If you're using ntpsec on the DC, that wont work. You must use chrony. I had the same problem some half year ago. Also, no need to use a GPO for this. The domain members get their time from a DC anyway. HTH, Peter

Hi folks, I have been spending the better part of the day, trying to get time synchronization to a Samba AD DC (Debian Bookworm 12.1) to work. Debian Bookworm has recently replaced ntp with ntpsec, and time synchronization stopped working. I have logged the behavior, and Windows 10 clients first send a Windows 2000! compatible request, and ntpsec chokes on it, and does not respond. The Windows 10 client times out, and quits. It's been a frustrating experience, and in the end I just...

> On 10/25/2023 11:26 AM PDT Rowland Penny via samba <samba at lists.samba.org> wrote: > Samba needs something between the clients and DCs to set the time, at > the moment ntpsec doesn't do this. Unless someone actually helps, it probably won't for a while if ever. No one does seem to be willing and able to help. I suspect that w32tm has a hook that ask the SMB DC to set up a key, which would be where the keyid between the header and signature comes from. It woul...

...u for your input, I'll read the docs regarding those options :) >> Time Syncronization is pulled via NTP from the AD-DC Servers. >> Name resolution is set to the three AD-DC servers and Name resolution >> tests are OK. > > When you move to Bookworm, use Chrony instead, ntpsec has replaced ntp > and ntpsec isn't working with Samba at the present. With "pulled via NTP" I referred to NTP as a network protocol, not the daemon with that name. Actually I'm using chrony on the DCs right now and systemd-timesyncd on the new File server (Member server) wh...

You think ntp works with samba but it doesn?t. You *must* use chrony. It will take you exactly 5 minutes to get it up and running. On 5 Jan 2024 at 20:21 +0000, Mark Foley <mfoley at novatec-inc.com>, wrote: > > > > How do you know you're syncing with the DC? What does your 'w32tm /query /source' > give you? It?s all here :

...trange problem with windows clients randomly (2 or 3 a day on a network of about 200 pc's) ?not allowing logins until reboot. Nailing down some best practises in an attempt to fix. My best guess is that it's a Kerberos issue --sensitive to time sync and DNS. -- Installed chrony instead of ntpsec (seems to perform as advertised) -- (Today) moved to BIND9_DLZ instead of SAMBA_INTERNAL for dns services. (long ago I switched to SAMBA _INTERNAL from BIND9_DLZ because the Debian version of named did not include dlopen and had to be recompiled every time)? So now the windows eventlog complains...

...t; > whereas I expect the return to be "dc1.hprs.locl" > > > > I have confirmed that the Group Policy exists and is configured correctly. > > > > What's going wrong here? > > > > Thanks --Mark > > > Hi Mark, > > If you're using ntpsec on the DC, that wont work. You must use chrony. I > had the same problem some half year ago. > > Also, no need to use a GPO for this. The domain members get their time > from a DC anyway. > > HTH, > > Peter Well, I may end up trying chrony. I don't know what ntpsec is...

...it started. Samba upgrade to 4.19.2 Samba schema upgrade to 2012_R2 functional level? Samba upgrade to 2008 functional level List of measures taken (hoping that if best practises are not being observed, implementing them will fix things!!) Moved DNS from SAMBA_INTERNAL to BIND_DLZ Moved ntp from ntpsec to chrony Diagnostic steps Packet dumps (decoded with keytab) and loglevel 255 show no glaring issues or errors. Going to try restarting all of the DC's next time it happens to determine if the miscommunication originates with windows or samba. Windows Eventviewer lists failure as? Event ID...