Web lists-archives.com

Re: [Samba] Samba Time Synchronisation wikipage

On Wed, 2018-06-13 at 07:48 +0100, Rowland Penny via samba wrote:
> On Wed, 13 Jun 2018 08:36:36 +0200
> "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > Hai, 
> > 
> > https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/how-the-windows-time-service-works
> > 
> > Look in the above link, search for "Time Synchronization in an AD DS
> > Hierarchy". There you find the PDC Emulator role.  In the
> > piramide. ;-) This one explains even better then the technet link. 
> > 
> > It also explains Alexei's question i believe. 
> > 
> Yes it shows that the PDC emulator DC is the one that gets the time
> from an external time server. The other DC's get their time from the
> PDC emulator DC, but it quite clearly says a workstation (and I quote)
> 'Can synchronize with any domain controller in its own domain'
> So, by my reading, workstations do not have to use the PDC emulator DC,
> they can use any DC.
> DC's MUST use the PDC emulator DC as their time server, but can be set
> up to take over the PDC emulator role.
> If we can agree, I will alter the wiki page again.

Thanks.  I agree that time selection text is problematic, each
workstation should (and does, as far as I understand it) talk to it's
local DC for time.  

I also agree that the DCs should be tied togeather for time, but a
strict hierarchy could also have problems in that if that DC goes down,
time could drift apart. 

One challenge is that because neither ntpd from ntp.org nor chrony
support any authenticated time protocol as a client, the major
advantage to DCs talking to DCs for time is lost.  It may be better to
instead have good diversity of time sources. 

I realise this doens't present a clear solution, but I provide it for
thought and refinement. 

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba