Re: [Samba] Samba Time Synchronisation wikipage
- Date: Wed, 13 Jun 2018 10:14:49 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba Time Synchronisation wikipage
On Wed, 13 Jun 2018 10:40:46 +0200
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> On Wed, 2018-06-13 at 07:48 +0100, Rowland Penny via samba wrote:
> > On Wed, 13 Jun 2018 08:36:36 +0200
> > "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> > > Hai,
> > >
> > > https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/how-the-windows-time-service-works
> > >
> > > Look in the above link, search for "Time Synchronization in an AD
> > > DS Hierarchy". There you find the PDC Emulator role. In the
> > > piramide. ;-) This one explains even better then the technet
> > > link.
> > >
> > > It also explains Alexei's question i believe.
> > >
> > Yes it shows that the PDC emulator DC is the one that gets the time
> > from an external time server. The other DC's get their time from the
> > PDC emulator DC, but it quite clearly says a workstation (and I
> > quote) 'Can synchronize with any domain controller in its own
> > domain'
> > So, by my reading, workstations do not have to use the PDC emulator
> > DC, they can use any DC.
> > DC's MUST use the PDC emulator DC as their time server, but can be
> > set up to take over the PDC emulator role.
> > If we can agree, I will alter the wiki page again.
> Thanks. I agree that time selection text is problematic, each
> workstation should (and does, as far as I understand it) talk to it's
> local DC for time.
> I also agree that the DCs should be tied togeather for time, but a
> strict hierarchy could also have problems in that if that DC goes
> down, time could drift apart.
> One challenge is that because neither ntpd from ntp.org nor chrony
> support any authenticated time protocol as a client, the major
> advantage to DCs talking to DCs for time is lost. It may be better to
> instead have good diversity of time sources.
> I realise this doens't present a clear solution, but I provide it for
> thought and refinement.
> Andrew Bartlett
I think the best thing to do, from a Samba point of view, is to set up
the DC's time servers to use the same external time servers and remove
all mention of the 'PDC emulator role'
To unsubscribe from this list go to the following URL and read the