action #40241

Switch to chrony as timeserver

Added by ingogoeppert over 1 year ago. Updated 4 months ago.

Status:In ProgressStart date:26/08/2018
Priority:NormalDue date:
Assignee:ingogoeppert% Done:

40%

Category:-
Target version:Future
Duration:

Description

chrony is default since Leap 15. chrony in Leap is not compiled with sign support (needed for samba AD DC). Since 3.8.2018 chrony is compiled with signd support in Factory. If it comes with Leap 15.1, we should switch to chrony as soon as possible.

History

#1 Updated by flacco 4 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

Now I did the first steps towards chrony.

First Point is, that we hve to build our own packages, because the packages inside leap 15.0, .1 and the upcoming 15.2are compiled whithout signed support. First builds in our repos build successfully.

A first chrony.conf example is to find inside the xsrc folder.

First tests will follow.

#2 Updated by flacco 4 months ago

  • % Done changed from 10 to 40

It seems to work with the following configuration extension in /etc/chrony.d/:

# invis-Server chrony extension
# Serve time even if not synchronized to a time source.
local stratum 10
# Allow NTP client access from local network.
allow 192.168.220.0/24 127.0.0.1
# Signd Socket for AD time synchronisation
ntpsigndsocket /var/lib/samba/ntp_signd
# Interface on which chronyd will listen for monitoring command packets
# set to DC-Address as explaned in samba-wki
bindcmdaddress 192.168.220.10

#3 Updated by ingogoeppert 4 months ago

It seams SUSE likes to keep the "old" version in 15.x leap. Any chance to push them to switch to the new version? It is used since more than a year in tumbleweed...

Also available in: Atom PDF