search for: ntpsec

...; > > On Fri, 5 Jan 2024 23:53:52 +0000 > > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > > > You think ntp works with samba but it doesn?t. > > > > Sorry, but 'ntp' does work, it is the rewrite for more security > > 'ntpsec' that doesn't seem to work. > > > > > > > > You *must* use chrony. It will take you exactly 5 minutes to get > > > it up and running. > > > > Chrony does seem to work, I just hope they do not follow ntpsec down > > the same path. > &gt...

...24 09:23, Rowland Penny via samba wrote: > On Thu, 19 Sep 2024 06:44:13 -0700 (PDT) > James Browning via samba <samba at lists.samba.org> wrote: > >> TLDW: I have a Samba install, and I can use help getting the signing >> socket to return a signature with either Chrony or NTPsec; I would >> appreciate some guidance on what I am doing incorrectly. I partially >> followed the instructions at [1]; after checking and revising, I saw >> that adding a line to start signd appeared to have broken everything >> else. I have attached a list of most of the st...

On Thu, 19 Sep 2024 06:44:13 -0700 (PDT) James Browning via samba <samba at lists.samba.org> wrote: > TLDW: I have a Samba install, and I can use help getting the signing > socket to return a signature with either Chrony or NTPsec; I would > appreciate some guidance on what I am doing incorrectly. I partially > followed the instructions at [1]; after checking and revising, I saw > that adding a line to start signd appeared to have broken everything > else. I have attached a list of most of the steps I have taken...

...updates in Debian Bookworm. Thus it seems to be a Samba >> problem. >> >> Best regards, >> >> Peter >> >> > I cannot get Chrony to work with MS-SNTP from a Windows client, now > this could be a Samba problem, but I cannot test the probably fixed > ntpsec, because the 'fix' is only available for the version of ntpsec > in Trixie and I do not have a 'Trixie' DC and I am not willing to add > one running a testing version of an OS. Anyone know the procedure to > ask for a package to be backported ? > > Rowland If you don...

...esponse from server in 1000ms > > > > From a Linux machine there is also no response: > > > > ntpdate -q athena > > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > > synchronization found > > > > > > Here is the DC /etc/ntpsec/ntp.conf: > > > > # Where to retrieve the time from > > server 0.pool.ntp.org???? iburst prefer > > server 1.pool.ntp.org???? iburst prefer > > server 2.pool.ntp.org???? iburst prefer > > > > driftfile?????? /var/lib/ntpsec/ntp.drift > > logfile????...

...athena[10.10.1.10:123] ? ICMP: 0ms delay ? NTP: error ERROR_TIMEOUT - no response from server in 1000ms From a Linux machine there is also no response: ntpdate -q athena 24 Oct 16:47:41 ntpdate[33581]: no server suitable for synchronization found Here is the DC /etc/ntpsec/ntp.conf: # Where to retrieve the time from server 0.pool.ntp.org???? iburst prefer server 1.pool.ntp.org???? iburst prefer server 2.pool.ntp.org???? iburst prefer driftfile?????? /var/lib/ntpsec/ntp.drift logfile???????? /var/log/ntp.log #logconfig =all ntpsigndsocket? /var/lib/samba/ntp_signd/...

...> ? NTP: error ERROR_TIMEOUT - no response from server in 1000ms > > From a Linux machine there is also no response: > > ntpdate -q athena > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > synchronization found > > > Here is the DC /etc/ntpsec/ntp.conf: > > # Where to retrieve the time from > server 0.pool.ntp.org???? iburst prefer > server 1.pool.ntp.org???? iburst prefer > server 2.pool.ntp.org???? iburst prefer > > driftfile?????? /var/lib/ntpsec/ntp.drift > logfile???????? /var/log/ntp.log > #logconfig =a...

I haven't seen anyone mention this on the list, but found on the Debian changelog for ntpsec: ntpsec (1.2.3+dfsg1-1) unstable; urgency=low [...] - We think we have fixed ms-sntp Thanks to Jakob Haufe for testing. (Closes: 1033088) [...] -- Richard Laager<rlaager at debian.org> Sun, 10 Mar 2024 22:01:29 -0500 This version is for Debian Trixie; currently, no mention o...

On Thu, 19 Sep 2024 17:29:49 -0500 samba via samba <samba at lists.samba.org> wrote: > > Unless ntpsec has fixed its NTP server (and I haven't heard if they > > have), it doesn't work with a Samba DC, so I would suggest only > > using Chrony. > As of 03/10/24, ntpsec (version 1.2.3+dfsg1-1) is fixed in Debian > Trixie; I can't speak for Fedora. > > https://metad...

I want to exchange information on how to get my MS-SNTP client working. Additionally, I am seeking guidance on how to program retrieving a valid 'Key Identifier'; that should be enough to get my MS-SNTP client working. Once accomplished, I can adequately test the ntp_signd code in NTPsec. Microsoft may have deprecated the implementation previously supported by Samba and third-party time servers. This change would be frustrating because it would require developers, including myself, to integrate support for the new 76-byte authenticator. I thank Peter Milesson for locating the r...

...> ? NTP: error ERROR_TIMEOUT - no response from server in 1000ms > > From a Linux machine there is also no response: > > ntpdate -q athena > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > synchronization found > > > Here is the DC /etc/ntpsec/ntp.conf: > > # Where to retrieve the time from > server 0.pool.ntp.org???? iburst prefer > server 1.pool.ntp.org???? iburst prefer > server 2.pool.ntp.org???? iburst prefer > > driftfile?????? /var/lib/ntpsec/ntp.drift > logfile???????? /var/log/ntp.log > #logconfig =a...

...> > > From a Linux machine there is also no response: > > > > > > ntpdate -q athena > > > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > > > synchronization found > > > > > > > > > Here is the DC /etc/ntpsec/ntp.conf: > > > > > > # Where to retrieve the time from > > > server 0.pool.ntp.org???? iburst prefer > > > server 1.pool.ntp.org???? iburst prefer > > > server 2.pool.ntp.org???? iburst prefer > > > > > > driftfile?????? /var/lib/ntp...

...a at lists.samba.org> wrote: > > On Fri, 5 Jan 2024 23:53:52 +0000 > Luis Peromarta via samba <samba at lists.samba.org> wrote: > > > You think ntp works with samba but it doesn?t. > > Sorry, but 'ntp' does work, it is the rewrite for more security > 'ntpsec' that doesn't seem to work. > > > > > You *must* use chrony. It will take you exactly 5 minutes to get it > > up and running. > > Chrony does seem to work, I just hope they do not follow ntpsec down > the same path. > > The other thing that you have to...

TLDW: I have a Samba install, and I can use help getting the signing socket to return a signature with either Chrony or NTPsec; I would appreciate some guidance on what I am doing incorrectly. I partially followed the instructions at [1]; after checking and revising, I saw that adding a line to start signd appeared to have broken everything else. I have attached a list of most of the steps I have taken. After I get my...

...esponse from server in 1000ms > > > > From a Linux machine there is also no response: > > > > ntpdate -q athena > > 24 Oct 16:47:41 ntpdate[33581]: no server suitable for > > synchronization found > > > > > > Here is the DC /etc/ntpsec/ntp.conf: > > > > # Where to retrieve the time from > > server 0.pool.ntp.org???? iburst prefer > > server 1.pool.ntp.org???? iburst prefer > > server 2.pool.ntp.org???? iburst prefer > > > > driftfile?????? /var/lib/ntpsec/ntp.drift > > logfile????...

...econdary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0030693s Root Dispersion: 0.2549162s ReferenceId: 0xC0A8B105 (source IP: 192.168.177.5) Last Successful Sync Time: 10.08.2023 20:42:45 Source: ntp.tls.msk.ru,0x9 Poll Interval: 15 (32768s) All this is run with ntpsec now (on debian bookworm). Local NTP servers at different locations also syncronize with each other. There's no (zero) problems with time syncronization (or AD, or DNS, or GPO or anything else) across whole network. FWIW. /mjt

...then, there have been no > chrony updates in Debian Bookworm. Thus it seems to be a Samba > problem. > > Best regards, > > Peter > > I cannot get Chrony to work with MS-SNTP from a Windows client, now this could be a Samba problem, but I cannot test the probably fixed ntpsec, because the 'fix' is only available for the version of ntpsec in Trixie and I do not have a 'Trixie' DC and I am not willing to add one running a testing version of an OS. Anyone know the procedure to ask for a package to be backported ? Rowland

On 22/01/25 02:59, James Browning via samba wrote: > > Attached is a packet capture from: > `tcpdump -i lo "udp port 123" -w mssntp.pcap` > It seems not to be attached. Douglas

On Wed, 22 Jan 2025 12:48:36 +1300 Douglas Bagnall via samba <samba at lists.samba.org> wrote: > On 22/01/25 02:59, James Browning via samba wrote: > > > > > Attached is a packet capture from: > > `tcpdump -i lo "udp port 123" -w mssntp.pcap` > > > > It seems not to be attached. > > Douglas > > That is because this list

Hi there, In my experience NTP has been trouble lately with the NTPsec implementation. A few months back I decided to remove NTPsec and go with Chrony. These are my notes: http://samba.bigbird.es/doku.php?id=samba:install-chrony Hope it helps. On Oct 25, 2023 at 19:04 +0200, Ham <ham at kc0dxf.net>, wrote: > > Any ideas on what the problem is?