Project

General

Profile

action #40241

Switch to chrony as timeserver

Added by ingogoeppert almost 3 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Feature
Target version:
Start date:
2018-08-26
Due date:
2020-06-01
% Done:

100%

Estimated time:

Description

chrony is default since Leap 15. chrony in Leap is not compiled with sign support (needed for samba AD DC). Since 3.8.2018 chrony is compiled with signd support in Factory. If it comes with Leap 15.1, we should switch to chrony as soon as possible.

History

#1 Updated by flacco over 1 year ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

Now I did the first steps towards chrony.

First Point is, that we hve to build our own packages, because the packages inside leap 15.0, .1 and the upcoming 15.2are compiled whithout signed support. First builds in our repos build successfully.

A first chrony.conf example is to find inside the xsrc folder.

First tests will follow.

#2 Updated by flacco over 1 year ago

  • % Done changed from 10 to 40

It seems to work with the following configuration extension in /etc/chrony.d/:

# invis-Server chrony extension
# Serve time even if not synchronized to a time source.
local stratum 10
# Allow NTP client access from local network.
allow 192.168.220.0/24 127.0.0.1
# Signd Socket for AD time synchronisation
ntpsigndsocket /var/lib/samba/ntp_signd
# Interface on which chronyd will listen for monitoring command packets
# set to DC-Address as explaned in samba-wki
bindcmdaddress 192.168.220.10

#3 Updated by ingogoeppert over 1 year ago

It seams SUSE likes to keep the "old" version in 15.x leap. Any chance to push them to switch to the new version? It is used since more than a year in tumbleweed...

#4 Updated by flacco about 1 year ago

  • Due date set to 2020-06-01
  • Target version changed from Future to 14.2

#5 Updated by ingogoeppert about 1 year ago

Actual state: Leap 15.2 still comes with chrony 3.2 with signd disabled. We need to provide our own build.

#6 Updated by ingogoeppert about 1 year ago

We have to:

  1. Configure Samba to the same ntp_signd directory: /var/lib/samba/ntp_signd
  2. Change der group ownership of this directory to group chrony

#7 Updated by flacco about 1 year ago

  • Category set to Feature
  • % Done changed from 40 to 80

Done, but untested yet

#8 Updated by flacco about 1 year ago

  • % Done changed from 80 to 90

Setup works

#9 Updated by flacco about 1 year ago

Even after using "w32tm /config /syncfromflags:domhier /update" the timesynchronisation fails.

w32tm /monitor says:

invis.142-net.loc *** PDC ***[172.18.0.10:123]:
ICMP: 0ms Verzögerung
NTP: Fehler ERROR_TIMEOUT - Keine Rückmeldung vom Server seit 1000ms

net time works, but this seems to work without ntp.

#10 Updated by flacco about 1 year ago

Sorry, my fault... There is still an error at the chronyd setup. ;-(

#11 Updated by flacco about 1 year ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

fixed

Also available in: Atom PDF