Re: [Samba] Time server on AD DC in an LXD container.

On 11/5/18 12:22 PM, Jonathan Kreider via samba wrote:
After reading the instructions at
https://wiki.samba.org/index.php/Time_Synchronisation, I still have
questions about how samba interacts with nptd.

The issue is that LXD doesn't want containers setting the time and so won't
start ntpd at container startup even though it's enabled in systemd. The
host does sync it's time with a national time server, so we can assume that
the host's time is good enough for my purposes.

I can manually start ntpd, but samba still doesn't want to serve time. Or
at least my workstations won't admit to it.

What do I need to do to get samba to function as a windows time server in
this scenario?

I run Samba AD inside OCI containers (podman, docker), for that kind of problems, I run the ntp server on the host and expose the socket on a mounted volume (/srv/samba-ad (host) -> /var/lib/samba (container))

The host running ntp server can read the socket inside /srv/samba-ad/..., You should be careful with SELinux / AppArmor acls (whatever are you using) in order to allow the host ntpd to reach the container exposed socket ntp_signd

* Samba 4.7.6 in an Ubuntu 18.04 container on an Ubuntu 16.04 host.


