----- Original Message ----- > From: "Thomas Simmons" <twsn...@gmail.com> > To: "Andrew Martin" <amar...@xes-inc.com> > Cc: samba@lists.samba.org > Sent: Saturday, July 27, 2013 11:03:49 AM > Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? > > > The ls -l command you ran shows the ntp_signd directory is empty, so > it looks like samba is not creating the socket (at least in that > location). Do you have the "ntp signd socket directory" option in > your smb.conf? If not, try manually it to smb.conf: > > ntp signd socket directory = /var/run/samba/ntp_signd > > > Apart from that, my suggestion would be to stop apparmor and iptables > for testing and run ntp and samba with verbose logging on and see > what it says. Also, what does "w32tm /query /source" and "w32tm > /monitor" show on the client? > > > > On Sat, Jul 27, 2013 at 11:39 AM, Andrew Martin < amar...@xes-inc.com > > wrote: > > > > ----- Original Message ----- > > From: "Thomas Simmons" < twsn...@gmail.com > > > To: "Andrew Martin" < amar...@xes-inc.com > > > Cc: samba@lists.samba.org > > Sent: Saturday, July 27, 2013 10:33:49 AM > > Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? > > > > > > > > > > > > > > On Sat, Jul 27, 2013 at 2:26 AM, Andrew Martin < > > amar...@xes-inc.com > > > wrote: > > > > > > Hello, > > > > I recently compiled Samba 4.0.6 (as an AD DC) and am running it on > > Ubuntu 12.04. > > I followed the instructions on the Samba wiki ( > > https://wiki.samba.org/index.php/Configure_NTP ) > > for how to configure ntp, however the domain clients are rejecting > > the DCs as > > being acceptable time sources. Below is my ntp.conf: > > > > server 127.127.1.0 > > fudge 127.127.1.0 stratum 10 > > server 0.pool.ntp.org iburst prefer > > server 1.pool.ntp.org iburst prefer > > driftfile /var/lib/ntp/ntp.drift > > logfile /var/log/ntp > > ntpsigndsocket /var/run/samba/ntp_signd > > restrict default kod nomodify notrap nopeer mssntp > > restrict 127.0.0.1 > > restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer > > noquery > > restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer > > noquery > > > > Using Ubuntu, I am not using SELinux. I do not believe there to be > > any problems > > with apparmor, as it contains these lines in > > /etc/apparmor.d/usr.sbin.ntpd: > > # samba4 ntp signing socket > > /{,var/}run/samba/ntp_signd/socket rw, > > > > What is the correct procedure for configuring NTP for a Samba4 AD > > DC? > > > > Thanks, > > > > Andrew > > > > > > When you compiled Samba, did you not use the standard install path > > (/usr/local/samba) or did you add an entry in smb.conf to use > > /var/run/samba/ntp_signd for the socket? > > > Thomas, > > When compiling Samba, I specified custom paths to be in line with > Debian's > conventions for file locations: > conf_args = \ > --prefix=/usr \ > --enable-fhs \ > --sysconfdir=/etc \ > --localstatedir=/var \ > --with-privatedir=/var/lib/samba/private \ > --with-smbpasswd-file=/etc/samba/smbpasswd \ > --with-piddir=/var/run/samba \ > --with-pammodulesdir=/lib/$(DEB_HOST_MULTIARCH)/security \ > --with-pam \ > --with-syslog \ > --with-utmp \ > --with-pam_smbpass \ > --with-winbind \ > --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2 > \ > --with-automount \ > --with-ldap \ > --with-ads \ > --with-dnsupdate \ > --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ > --with-modulesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/samba \ > --datadir=/usr/share \ > --with-lockdir=/var/run/samba \ > --with-statedir=/var/lib/samba \ > --with-cachedir=/var/cache/samba \ > --disable-avahi \ > --with-ctdb=/usr \ > --disable-rpath \ > --disable-ntdb \ > --disable-rpath-install \ > --bundled-libraries=NONE,pytevent,iniparser \ > --builtin-libraries=replace,ccan \ > --minimum-library-version="$(shell ./debian/autodeps.py > --minimum-library-version)" \ > --without-getpass-replacement \ > --enable-debug > > > Thanks, > > Andrew > > Thomas,
Adding that parameter to the smb.conf file, as well as removing the ntp_signd directory so that samba itself could create it appears to have worked: root@dc0:/# ls -l /var/run/samba/ntp_signd/ total 0 srwxrwxrwx 1 root root 0 Jul 27 11:41 socket I also needed a few extra lines in ntp.conf, otherwise the Windows client would fail with the error "The computer did not resync beacuse no time data was available": server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org server 3.us.pool.ntp.org server 127.127.1.0 fudge 127.127.1.0 stratum 10 server 0.pool.ntp.org iburst prefer server 1.pool.ntp.org iburst prefer driftfile /var/lib/ntp/ntp.drift logfile /var/log/ntp ntpsigndsocket /var/run/samba/ntp_signd restrict default kod nomodify notrap nopeer mssntp restrict 127.0.0.1 restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer noquery Do the Windows clients prefer ntp information from the DHCP lease, or from the DC that they are connected to? My DHCP configuration currently is using an old NTP server until I get Samba4's NTP up and running. Thus, when I run w32tm /query /source on the client, it still shows the old server. I ran the following command to manually set it to one of the DCs: w32tm /config /update /manualpeerlist:dc0 /syncfromflags:MANUAL Then, running w32tm /resync succeeds and w32tm /query /source lists dc0 as the NTP source. Are there any other tests I should run to verify that NTP is working correctly? Thanks, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba