You can set the AD servers to get their time from NTP as well. The systems you need to get NTP time will then be in sync with the AD servers and those that get their time from AD will be within the 5 minutes needed by Kerberos.
James On Tue, Feb 17, 2015 at 9:42 AM, <[email protected]> wrote: > Hi, > > Currently, my employer has a single AD domain where devices joined to it get > their time via the domain server. However, we are looking at starting to > configure some of these devices to get their time via NTP. My concern here > is if there is a sufficiently significant time differential between the > devices getting their time via NTP and services that get their time via AD > that those services might just break. I'm talking about services such as > NetBIOs (WINS, SMB), LDAP and SSL. I'm familiar with Kerberos' default > permitted time differential of 5 minutes. > > Comments? > > Thanks, > Ed > > _______________________________________________ > questions mailing list > [email protected] > http://lists.ntp.org/listinfo/questions _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
