On Mon, Jun 04, 2018 at 04:40:47PM +0300, Alexei Rozenvaser wrote: > Hello > > I wold like to ask for help in setting chrony time synchronization to > work with samba as windows domain controller. > Please refer to samba mail list discussion: > https://lists.samba.org/archive/samba/2018-June/216032.html
I don't know much about configuring Samba, but generally it should be the same as with ntpd. The chrony config just needs to allow client access from the local network and specify the ntp_signd socket in order to respond with authenticated MS-SNTP packets, e.g. server foo.example.net iburst allow 10.0.0.0/8 ntpsigndsocket /var/lib/samba/ntp_signd You may need to change the ownership of the ntp_signd directory to root:chrony or similar to allow chronyd to connect to the socket. There could be also issues with SELinux or AppArmor. Try running chronyd from command line with -d -d and see if there are any error messages related to ntp_signd when the clients are sending their requests. Also, please note that chrony and Samba don't support the newer extended MS-SNTP authenticator yet. IIRC they are used by newer Windows clients and I'm not sure if they can fall back (or be configured) to the older authenticator. -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
