[Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)
Hi all, I am using Samba 4.0.4 as AD DC on my test environment and realized that all my W2k clients (default installation, no special setups made on the clients) cannot receive the correct time of my samba 4.0.4 AD domain controller. Windows XP and 7 work fine though. The problem occurs at three W2k test clients I tried with. The default behavior of Windows clients is to use the update type Nt5DS which means, that the client tries to get the time of its domain controller. Unfortunately this fails for my W2k clients in conjunction with Samba 4.0.4 and also an error in event log appears, that says that the time couldnt be retrieved of my samba4 server mysmb4srv.ad.mycompany.com. As soon as I execute on win2000 clients cmd prompt net time /setsntp:mysmb4srv.ad.mycompany.com it works. This command causes the registry entries under HKLM\System\Current Control Set\Services\W32Time\Parameters to change the default behavior from type=Nt5DS to type=NTP and adds a line NTP server=mysmb4srv.ad.mycompany.com. With this setting the time sync works fine as soon as I restart the Windows Time Service. I have logged the received ntp packets at samba4's side: Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server which is installed and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the Nt5DS discovery mode on win2000 clients doesnt interact fine with samba4 ??? Here are the tcpdump -vv udp port 123 logs Win2000 Client, set to default behavior (type=Nt5DS) 1st run: 08:46:21.067456 IP (tos 0x0, ttl 128, id 4794, offset 0, flags [none], proto UDP (17), length 76) smb4testw2k.dhcp.mycompany.com.1856 r4dv3ld002.mycompany.com.ntp: [udp sum ok] NTPv2, length 48 Client, Leap indicator: (0), Stratum 0 (unspecified), poll 11s, precision 0 Root Delay: 0.00, Root dispersion: 0.00, Reference-ID: (unspec) Reference Timestamp: 0.0 Originator Timestamp: 0.0 Receive Timestamp:0.0 Transmit Timestamp: 3574467978.43589 (2013/04/09 05:46:18) Originator - Receive Timestamp: 0.0 Originator - Transmit Timestamp: 3574467978.43589 (2013/04/09 05:46:18) 08:46:21.067659 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 76) r4dv3ld002.mycompany.com.ntp smb4testw2k.dhcp.mycompany.com.1856: [bad udp cksum 9981!] NTPv2, length 48 Server, Leap indicator: (0), Stratum 11 (secondary reference), poll 11s , precision -18 Root Delay: 0.00, Root dispersion: 0.011169, Reference-ID: 127.127.1 .0 Reference Timestamp: 3574478764.256589680 (2013/04/09 08:46:04) Originator Timestamp: 3574467978.43589 (2013/04/09 05:46:18) Receive Timestamp:3574478781.067456305 (2013/04/09 08:46:21) Transmit Timestamp: 3574478781.067631855 (2013/04/09 08:46:21) Originator - Receive Timestamp: +10802.631456315 Originator - Transmit Timestamp: +10802.631631851 Win2000 Client, set to default behavior (type=Nt5DS) 2nd run (to have one more log): 08:56:24.490199 IP (tos 0x0, ttl 128, id 4847, offset 0, flags [none], proto UDP (17), length 76) smb4testw2k.dhcp.mycompany.com.msnp r4dv3ld002.mycompany.com.ntp: [udp sum ok] NTPv2, length 48 Client, Leap indicator: (0), Stratum 0 (unspecified), poll 11s, precisi on 0 Root Delay: 0.00, Root dispersion: 0.00, Reference-ID: (unspec) Reference Timestamp: 0.0 Originator Timestamp: 0.0 Receive Timestamp:0.0 Transmit Timestamp: 3574468581.23295 (2013/04/09 05:56:21) Originator - Receive Timestamp: 0.0 Originator - Transmit Timestamp: 3574468581.23295 (2013/04/09 05 :56:21) 08:56:24.490414 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17) , length 76) r4dv3ld002.mycompany.com.ntp smb4testw2k.dhcp.mycompany.com.msnp: [bad udp cksum bd60!] NTPv2, length 48 Server, Leap indicator: (0), Stratum 11 (secondary reference), poll 11s , precision -18 Root Delay: 0.00, Root dispersion: 0.011581, Reference-ID: 127.127.1 .0 Reference Timestamp: 3574479340.256625980 (2013/04/09 08:55:40) Originator Timestamp: 3574468581.23295 (2013/04/09 05:56:21) Receive Timestamp:3574479384.490199267 (2013/04/09 08:56:24) Transmit Timestamp: 3574479384.490376532 (2013/04/09 08:56:24) Originator - Receive Timestamp: +10803.257199257 Originator - Transmit Timestamp: +10803.257376521 Win2000 Client, executed on cmd prompt net time /setsntp:mysmb4srv.ad.mycompany.com which puts the NTP client of the w2k machine into type=NTP instead of Nt5DS: --- 08:48:32.330828 IP (tos 0x0, ttl 128, id 4811, offset 0, flags [none], proto UDP (17), length 96) smb4testw2k.dhcp.mycompany.com.1861 r4dv3ld002.mycompany.com.ntp: [udp sum ok] NTPv2, length 68 Client, Leap indicator:
Re: [Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)
iM I am using Samba 4.0.4 as AD DC on my test environment and iM realized that all my W2k clients (default installation, no special iM setups made on the clients) cannot receive the correct time of my iM samba 4.0.4 AD domain controller. Windows XP and 7 work fine iM though. The problem occurs at three W2k test clients I tried with. iM The default behavior of Windows clients is to use the update type iM Nt5DS which means, that the client tries to get the time of its iM domain controller. Unfortunately this fails for my W2k clients in iM conjunction with Samba 4.0.4 and also an error in event log iM appears, that says that the time couldnt be retrieved of my samba4 iM server mysmb4srv.ad.mycompany.com. iM As soon as I execute on win2000 clients cmd prompt net time iM /setsntp:mysmb4srv.ad.mycompany.com it works. This command causes iM the registry entries under HKLM\System\Current Control iM Set\Services\W32Time\Parameters to change the default behavior iM from type=Nt5DS to type=NTP and adds a line NTP iM server=mysmb4srv.ad.mycompany.com. With this setting the time iM sync works fine as soon as I restart the Windows Time Service. I iM have logged the received ntp packets at samba4's side: iM Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server which is installed iM and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the Nt5DS discovery mode iM on win2000 clients doesnt interact fine with samba4 ??? Here are iM the tcpdump -vv udp port 123 logs I'm sure someone will give you more data, but W2000 was completely out of maintenance mode, what, two+ years ago? Making changes to the registry so it will use NTP for time updates is fairly easy - which will make it compatible with the AD server. It would seem, to me at least, a bad use of resources to trouble-shoot/fix a Win2000 problem when there are work-around's and when Win2000 is not supported any more, and has multiple unpatched vulnerabilities. Just my opinion of course. -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)
On Tue, 2013-04-09 at 19:01 +0400, ?icro MEGAS wrote: Hi all, I am using Samba 4.0.4 as AD DC on my test environment and realized that all my W2k clients (default installation, no special setups made on the clients) cannot receive the correct time of my samba 4.0.4 AD domain controller. Windows XP and 7 work fine though. The problem occurs at three W2k test clients I tried with. The default behavior of Windows clients is to use the update type Nt5DS which means, that the client tries to get the time of its domain controller. Unfortunately this fails for my W2k clients in conjunction with Samba 4.0.4 and also an error in event log appears, that says that the time couldnt be retrieved of my samba4 server mysmb4srv.ad.mycompany.com. As soon as I execute on win2000 clients cmd prompt net time /setsntp:mysmb4srv.ad.mycompany.com it works. This command causes the registry entries under HKLM\System\Current Control Set\Services\W32Time\Parameters to change the default behavior from type=Nt5DS to type=NTP and adds a line NTP server=mysmb4srv.ad.mycompany.com. With this setting the time sync works fine as soon as I restart the Windows Time Service. I have logged the received ntp packets at samba4's side: Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server which is installed and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the Nt5DS discovery mode on win2000 clients doesnt interact fine with samba4 ??? Here are the tcpdump -vv udp port 123 logs To even have a chance of offering an opionin on this, you need to get us the pcap file, not the text output (this applies at any time anybody is asking for a packet capture - the text output is next to useless). Any help appreciated. Lucas (lo...@irc.freenode.net) -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NTP doesnt work for Win2000 clients + Samba 4.0.4 (see tcpdump)
On Tue, 2013-04-09 at 08:14 -0700, Gregory Sloop wrote: iM I am using Samba 4.0.4 as AD DC on my test environment and iM realized that all my W2k clients (default installation, no special iM setups made on the clients) cannot receive the correct time of my iM samba 4.0.4 AD domain controller. Windows XP and 7 work fine iM though. The problem occurs at three W2k test clients I tried with. iM The default behavior of Windows clients is to use the update type iM Nt5DS which means, that the client tries to get the time of its iM domain controller. Unfortunately this fails for my W2k clients in iM conjunction with Samba 4.0.4 and also an error in event log iM appears, that says that the time couldnt be retrieved of my samba4 iM server mysmb4srv.ad.mycompany.com. iM As soon as I execute on win2000 clients cmd prompt net time iM /setsntp:mysmb4srv.ad.mycompany.com it works. This command causes iM the registry entries under HKLM\System\Current Control iM Set\Services\W32Time\Parameters to change the default behavior iM from type=Nt5DS to type=NTP and adds a line NTP iM server=mysmb4srv.ad.mycompany.com. With this setting the time iM sync works fine as soon as I restart the Windows Time Service. I iM have logged the received ntp packets at samba4's side: iM Issue: Win2000 clients cannot update time through NTP of my samba 4.0.4 server which is installed iM and configured like shown on the Samba4 HowTo (+NTP HowTo). Seems that the Nt5DS discovery mode iM on win2000 clients doesnt interact fine with samba4 ??? Here are iM the tcpdump -vv udp port 123 logs I'm sure someone will give you more data, but W2000 was completely out of maintenance mode, what, two+ years ago? Making changes to the registry so it will use NTP for time updates is fairly easy - which will make it compatible with the AD server. It would seem, to me at least, a bad use of resources to trouble-shoot/fix a Win2000 problem when there are work-around's and when Win2000 is not supported any more, and has multiple unpatched vulnerabilities. Just my opinion of course. I tend to agree. The exception is that we do work to allow migration from Windows 2000 servers (most folks go via temp 2003 installs, but it has been known to work directly). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba