Conflicting information: (http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/use cdirw/06wsdsu.mspx)
To sum it up, SNTP and NTP are supposed to be interchangeable and compatible. Reality is, some verbs/commands aren't. When setting up a time server from a non-Microsoft client, you need to check to see what the error actually is. That'll help you to narrow down what the cause is and how to adjust your client/server to make it work. Time sync is highly critical in a Kerberos environment, and making it work with multiple vendors would infer that a 2003 DC should speak both NTP and SNTP. Event logs are helpful here. ;) I've had a heck of a time with the time service changes in the past. There're several options you can use if it doesn't work as a client although those are some rare occasions supposedly. As a server, you'll have to figure out what's going on first. Maybe a network trace would be helpful as well? Configuring Time Services Kerberos 5 authentication is dependent upon the synchronization of the internal clocks within the Kerberos domain. Before proceeding with building a security solution using Kerberos, it is necessary to set up a time service to ensure this required accuracy. Windows Server 2003 time services are based upon the Simple Network Time Protocol (SNTP); this is a simplified version of the UNIX Network Time Protocol (NTP). The packet formats of both protocols are identical, and the servers and clients for each can be used interchangeably. More information about the time service protocols can be found in the RFCs for each protocol. These are as follows: * RFC 2030: "Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6, and OSI" * RFC 1305: "Network Time Protocol (Version 3) Specification, Implementation, and Analysis" Version 4 of NTP is currently in development and has yet to be released as a RFC. More information on the specifics of implementing time services in the Active Directory environment can be found in The Windows Time Service (Brandolini and Green) at http://www.microsoft.com/windows2000/techinfo/howitworks/security/wintimeser v.asp. The following sections address the most common configuration scenarios for setting up time servers and clients in a heterogeneous environment. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Monday, January 10, 2005 2:07 PM To: Send - AD mailing list Subject: RE: [ActiveDir] time server Uncertain as to the OS in question here but Windows 2003 supports both NTP and SNTP - http://www.microsoft.com/technet/security/guidance/secmod118.mspx -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> http://msetechnology.com <http://msetechnology.com/> ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, January 10, 2005 1:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] time server Does your switch use/support SNTP (Simple NTP)? That is what Windows DCs support, not NTP. joe ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Monday, January 10, 2005 11:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] time server Our forest root server acts as the time server for AD domain member machines (I think that happens by default.) Do I have to take any additional steps to allow that same server to be the NTP server for a non-Windows device? The device is a phone switch on our network, and it doesn't seem to recognize that server as being a valid NTP server. Thanks! Mark Creamer This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. Thank you. Cintas Corporation. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
