Switch to chrony as timeserver
chrony is default since Leap 15. chrony in Leap is not compiled with sign support (needed for samba AD DC). Since 3.8.2018 chrony is compiled with signd support in Factory. If it comes with Leap 15.1, we should switch to chrony as soon as possible.
#1 Updated by flacco over 1 year ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
Now I did the first steps towards chrony.
First Point is, that we hve to build our own packages, because the packages inside leap 15.0, .1 and the upcoming 15.2are compiled whithout signed support. First builds in our repos build successfully.
A first chrony.conf example is to find inside the xsrc folder.
First tests will follow.
#2 Updated by flacco over 1 year ago
- % Done changed from 10 to 40
It seems to work with the following configuration extension in /etc/chrony.d/:
# invis-Server chrony extension # Serve time even if not synchronized to a time source. local stratum 10 # Allow NTP client access from local network. allow 192.168.220.0/24 127.0.0.1 # Signd Socket for AD time synchronisation ntpsigndsocket /var/lib/samba/ntp_signd # Interface on which chronyd will listen for monitoring command packets # set to DC-Address as explaned in samba-wki bindcmdaddress 192.168.220.10
#9 Updated by flacco about 1 year ago
Even after using "w32tm /config /syncfromflags:domhier /update" the timesynchronisation fails.
w32tm /monitor says:
invis.142-net.loc *** PDC ***[172.18.0.10:123]:
ICMP: 0ms Verzögerung
NTP: Fehler ERROR_TIMEOUT - Keine Rückmeldung vom Server seit 1000ms
net time works, but this seems to work without ntp.