On Wed, Feb 19, 2025 at 01:49:16PM +0200, Virgo Pärna wrote: > Using Wireshark I could see, that when running > w32tm /resync > there were packets going to time server but not response. Requests had Key > ID and 68 byte Message Authentication Code (with one byte set to 01, > according to WireShark).
That would be the extended MS-SNTP authenticator field, which AFAIK is not supported by the samba signd protocol yet. > After changing in Windows registry under > HKLM\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient > value of SignatureAuthAllowed from 1 to 0 and restarting w32time service > w32tm /resync would work and there would be responses and time would sync. > And Wireshark shows, that requests are sent with same Key ID value, but > Message Authentication Code is instead 16 bytes all zeros. And it does > receive responses. That's the classic MS-SNTP authenticator field. > But why it stopped working without that registry change? Maybe some related feature provided by the updated samba enables the use of extended authenticators? You should ask samba developers. -- Miroslav Lichvar -- To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-users-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
