I have chronyd running on Debian 12/Samba AD DC as NTP server for LAN
clients (mainly Windows 10/Windows 11). Chronyd itself is synced from
other ntpsec daemons on Linux machines in LAN without problems, timesync
on Linux clients with chrony as NTP client is also without problems.
What doesn't work is the time synchronization of Windows clients.
Monitoring port 123 with tcpdump at this AD DC machine shows incoming
NTP request, but there is no response to it.
Chronyd Logging/debugging possibilities seems be very limited, in log
are not any info about interaction with clients.
Can anyone help advise what could be causing the problem and how to
solve it?
Some technical details (timectl, chronyc, tcpdump are running on this
AD DC machine with problematic chronyd):
0) # chronyd --version
chronyd (chrony) version 4.3 (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER
+SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
1) chronyd run with '-4 -L 0 -F 0' options:
# systemctl status chronyd.service :
● chrony.service - chrony, an NTP client/server
Loaded: loaded (/lib/systemd/system/chrony.service; enabled; preset:
enabled)
Active: active (running) since Sun 2026-02-08 01:01:31 CET; 7h ago
Docs: man:chronyd(8)
man:chronyc(1)
man:chrony.conf(5)
Process: 1567322 ExecStart=/usr/sbin/chronyd $DAEMON_OPTS (code=exited,
status=0/SUCCESS)
Main PID: 1567324 (chronyd)
Tasks: 1 (limit: 7087)
Memory: 1.1M
CPU: 480ms
CGroup: /system.slice/chrony.service
└─1567324 /usr/sbin/chronyd -4 -L 0 -F 0
2) chronyd configuration:
# chronyd -p
keyfile /etc/chrony/chrony.keys
ntpsigndsocket /var/lib/samba/ntp_signd
driftfile /var/lib/chrony/drift
makestep 1.0 3
maxupdateskew 50.0
dumpdir /var/lib/chrony
maxdistance 199
log rawmeasurements statistics selection
logdir /var/log/chrony
allow 10.240.0.0/16
allow 172.16.0.0/12
allow 192.168.0.0/18
sourcedir /etc/chrony/sources.d
keyfile /etc/chrony/chrony.keys
driftfile /var/lib/chrony/chrony.drift
ntsdumpdir /var/lib/chrony
logdir /var/log/chrony
maxupdateskew 100.0
rtcsync
makestep 1 3
leapsectz right/UTC
3) # timedatectl status
Local time: Sun 2026-02-08 08:14:33 CET
Universal time: Sun 2026-02-08 07:14:33 UTC
RTC time: Sun 2026-02-08 07:14:33
Time zone: Europe/Prague (CET, +0100)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
4) # chronyc tracking
Reference ID : AC1FFEFD (172.31.254.253)
Stratum : 5
Ref time (UTC) : Sun Feb 08 07:14:56 2026
System time : 0.000010495 seconds fast of NTP time
Last offset : +0.000011411 seconds
RMS offset : 0.000055488 seconds
Frequency : 25.989 ppm slow
Residual freq : -0.002 ppm
Skew : 0.662 ppm
Root delay : 0.018552521 seconds
Root dispersion : 0.158342272 seconds
Update interval : 128.5 seconds
Leap status : Normal
5) # chronyc clients
Hostname NTP Drop Int IntL Last Cmd Drop Int Last
===============================================================================
192.168.5.12 55 0 10 - 510 0 0 - -
192.168.14.19 51 0 9 - 585 0 0 - -
192.168.5.8 399 0 6 - 53 0 0 - -
192.168.14.25 20 0 10 - 233m 0 0 - -
192.168.15.32 7 0 12 - 41m 0 0 - -
192.168.14.47 1 0 - - 212m 0 0 - -
192.168.5.6 1 0 - - 123m 0 0 - -
192.168.14.49 1 0 - - 25m 0 0 - -
...
6) sumarized output from tcpdump traffic on port 123 with time cutted
off and substituted all ports 30000+ with letter 'x' (chronyd machine
IP is 192.168.5.4):
tcpdump -i enp1s0 -nn port 123|sed -r -e 's/^[0-9:.]+ IP //' -e
's/\.[3456][0-9]{4}([ :])/.x\1/'|sort|uniq -c
1154 172.31.254.253.123 > 192.168.5.4.x: NTPv4, Server, length 48
131 192.168.14.19.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
181 192.168.14.22.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
15 192.168.14.25.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
25 192.168.14.27.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
17 192.168.14.40.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
15 192.168.14.47.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
8 192.168.14.49.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
26 192.168.15.32.x > 192.168.5.4.123: NTPv4, Client, length 48
189 192.168.5.12.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
26 192.168.5.4.123 > 192.168.15.32.x: NTPv4, Server, length 48
9 192.168.5.4.123 > 192.168.5.8.x: NTPv4, Server, length 48
1154 192.168.5.4.x > 172.31.254.253.123: NTPv4, Client, length 48
114 192.168.5.4.x > 192.168.5.15.123: NTPv4, Client, length 48
8 192.168.5.6.123 > 192.168.5.4.123: NTPv3, symmetric active, length 120
9 192.168.5.8.x > 192.168.5.4.123: NTPv4, Client, length 48
where important ones are:
172.31.254.253 and 192.168.5.15 - Linuxes with ntpsec ntpd as NTP source
(listed in /etc/chrony/sources.d/*.sources file)
192.168.5.8 - Linux with chronyd as NTP client (chronyd respond to it)
192.168.15.32 - some network printer (chronyd respond to it)
other 192.168.n.n are Windows desktops (chronyd does not respond to any)
7) Note: here Win NTP cliens requests are in "symmetric active" mode
according to our default Windows Group Policy. But there is no difference,
when it is changed to pure client - also no response to this request.
One example of how 'tcpdump -v' displays them:
192.168.14.47.123 > 192.168.5.4.123: NTPv3, Client, length 120
Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified),
poll 13 (8192s), precision -23
Root Delay: 0.023101, Root dispersion: 1.936279, Reference-ID: (unspec)
Reference Timestamp: 3979465431.196325299 (2026-02-07T15:03:51Z)
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3979524915.758329699 (2026-02-08T07:35:15Z)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3979524915.758329699
(2026-02-08T07:35:15Z)
(72 more bytes after the header)
Any idea where problem can be?
--
Thanks in advance, Franta Hanzlik
--
To unsubscribe email [email protected]
with "unsubscribe" in the subject.
For help email [email protected]
with "help" in the subject.
Trouble? Email [email protected].
