Web lists-archives.com

Re: [Samba] AD DC in a container: NTP

> I guess that confirms it: Using the AD DC as a time source does indeed
> require NTP. For the sake of argument, is it possible to use a machine that
> is not a DC, and potentially not even part of the AD, to serve time to
> other domain members?

That's what Roland said, yes. All AD (in particular the Kerberos part)
really cares about is *consistent* time. Distributing it via DCs is the
easiest, but not the only way.

> And how would you go about automatically pointing
> domain hosts to said machine? Group policy for clients, scripts for
> servers, or is there a simpler way?

DHCP can set NTP servers, YMMV if that's easier with your particular
network setup.

> It seems to me the cleanest way, and closest to best practice, is to keep
> the DC(s) serving time. The obvious exception would be in situations where
> all domain hosts are containerized, then ntp is not needed in any of the
> containers.

You still need to make sure all container hosts have their time
synchronised, obviously.

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas@xxxxxx | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at

Attachment: signature.asc
Description: OpenPGP digital signature

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba