Web lists-archives.com

Re: [Samba] chrony configuration for secondary samba DC




On Mon, 04 Jun 2018 10:48:17 +0200
Andreas Schneider <asn@xxxxxxxxx> wrote:

> On Sunday, 3 June 2018 16:32:12 CEST Rowland Penny via samba wrote:
> > On Sun, 3 Jun 2018 17:11:47 +0300
> > 
> > Alexei Rozenvaser <alexei.roz@xxxxxxxxx> wrote:
> > > On Sun, Jun 3, 2018 at 4:51 PM Rowland Penny via samba
> > > 
> > > <samba@xxxxxxxxxxxxxxx> wrote:
> > > > On Sun, 3 Jun 2018 16:29:04 +0300
> > > > 
> > > > Alexei Rozenvaser via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > > > > Hi
> > > > > 
> > > > > I'm running samba 4.7.6 on ubuntu 18.04 as (backup /
> > > > > secondary) domain controller
> > > > 
> > > > No your not, you are just running Samba as another DC, all DCs
> > > > are equal except for the FSMO roles and they can be on any DC.
> > > > 
> > > >>>Yes, you are right. That exactly what i meant.
> > > >>>
> > > > >that joined to an Existing Active Directory (Windows
> > > > >
> > > > > 2012R2 server).
> > > > > The question is about Time Synchronization across the domain.
> > > > > How should I configure chrony v3.2 in order to provide time
> > > > 
> > > > > synchronization:
> > > > apt-get purge chrony
> > > > apt-get install ntp
> > > > 
> > > > then read this:
> > > > 
> > > > https://wiki.samba.org/index.php/Time_Synchronisation
> > > > 
> > > > Rowland
> > > > 
> > > >>>I read this article.
> > > >>>But unfortunately it applies to ntpd only.
> > > >>>Don't you think it better to study how to configure chrony,
> > > >>>since it become the default ubunt's NTP server?
> > 
> > It might be Ubuntu's default time server, but it will not work on a
> > Samba DC, you must use ntp.
> > Try running 'sudo samba -b | grep 'SIGND', what are the first three
> > letters in the output ?
> 
> Rowland, chrony should work fine with Samba as support for ntp_signed
> has been added with version 3.1. I've worked with the chrony
> developer implementing it.

Yes it does seem to work on a Samba AD DC, but (as seems to be normal)
the documentation is abysmal (i.e. it was written by a developer, who
knows how it works, rather than a user who is trying to find out how
it works).

In ntp.conf you set a line like this:

restrict default kod nomodify notrap nopeer mssntp

I cannot find anything that tells me what chrony replaces 'restrict'
with. Is it needed ? is there something that replaces it, or can you
safely ignore it?

Until all the questions are answered and all the kinks are ironed out,
Samba shouldn't support chrony in the way it does ntp

Rowland




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba