Web lists-archives.com

Re: [Samba] Samba Time Synchronisation wikipage




On Wed, 13 Jun 2018 10:40:46 +0200
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> On Wed, 2018-06-13 at 07:48 +0100, Rowland Penny via samba wrote:
> > On Wed, 13 Jun 2018 08:36:36 +0200
> > "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> > > Hai, 
> > > 
> > > https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/how-the-windows-time-service-works
> > > 
> > > Look in the above link, search for "Time Synchronization in an AD
> > > DS Hierarchy". There you find the PDC Emulator role.  In the
> > > piramide. ;-) This one explains even better then the technet
> > > link. 
> > > 
> > > It also explains Alexei's question i believe. 
> > > 
> > 
> > Yes it shows that the PDC emulator DC is the one that gets the time
> > from an external time server. The other DC's get their time from the
> > PDC emulator DC, but it quite clearly says a workstation (and I
> > quote) 'Can synchronize with any domain controller in its own
> > domain'
> > 
> > So, by my reading, workstations do not have to use the PDC emulator
> > DC, they can use any DC.
> > DC's MUST use the PDC emulator DC as their time server, but can be
> > set up to take over the PDC emulator role.
> > 
> > If we can agree, I will alter the wiki page again.
> 
> Thanks.  I agree that time selection text is problematic, each
> workstation should (and does, as far as I understand it) talk to it's
> local DC for time.  
> 
> I also agree that the DCs should be tied togeather for time, but a
> strict hierarchy could also have problems in that if that DC goes
> down, time could drift apart. 
> 
> One challenge is that because neither ntpd from ntp.org nor chrony
> support any authenticated time protocol as a client, the major
> advantage to DCs talking to DCs for time is lost.  It may be better to
> instead have good diversity of time sources. 
> 
> I realise this doens't present a clear solution, but I provide it for
> thought and refinement. 
> 
> Andrew Bartlett
> 

I think the best thing to do, from a Samba point of view, is to set up
the DC's time servers to use the same external time servers and remove
all mention of the 'PDC emulator role'

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba