action #40241
closedSwitch to chrony as timeserver
100%
Description
chrony is default since Leap 15. chrony in Leap is not compiled with sign support (needed for samba AD DC). Since 3.8.2018 chrony is compiled with signd support in Factory. If it comes with Leap 15.1, we should switch to chrony as soon as possible.
Updated by flacco over 4 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
Now I did the first steps towards chrony.
First Point is, that we hve to build our own packages, because the packages inside leap 15.0, .1 and the upcoming 15.2are compiled whithout signed support. First builds in our repos build successfully.
A first chrony.conf example is to find inside the xsrc folder.
First tests will follow.
Updated by flacco over 4 years ago
- % Done changed from 10 to 40
It seems to work with the following configuration extension in /etc/chrony.d/:
# invis-Server chrony extension
# Serve time even if not synchronized to a time source.
local stratum 10
# Allow NTP client access from local network.
allow 192.168.220.0/24 127.0.0.1
# Signd Socket for AD time synchronisation
ntpsigndsocket /var/lib/samba/ntp_signd
# Interface on which chronyd will listen for monitoring command packets
# set to DC-Address as explaned in samba-wki
bindcmdaddress 192.168.220.10
Updated by ingogoeppert over 4 years ago
It seams SUSE likes to keep the "old" version in 15.x leap. Any chance to push them to switch to the new version? It is used since more than a year in tumbleweed...
Updated by flacco almost 4 years ago
- Due date set to 2020-06-01
- Target version changed from Future to 14.2
Updated by ingogoeppert almost 4 years ago
Actual state: Leap 15.2 still comes with chrony 3.2 with signd disabled. We need to provide our own build.
Updated by ingogoeppert almost 4 years ago
We have to:
- Configure Samba to the same ntp_signd directory:
/var/lib/samba/ntp_signd - Change der group ownership of this directory to group chrony
Updated by flacco almost 4 years ago
- Category set to Feature
- % Done changed from 40 to 80
Done, but untested yet
Updated by flacco almost 4 years ago
Even after using "w32tm /config /syncfromflags:domhier /update" the timesynchronisation fails.
w32tm /monitor says:
invis.142-net.loc *** PDC ***[172.18.0.10:123]:
ICMP: 0ms Verzögerung
NTP: Fehler ERROR_TIMEOUT - Keine Rückmeldung vom Server seit 1000ms
net time works, but this seems to work without ntp.
Updated by flacco almost 4 years ago
Sorry, my fault... There is still an error at the chronyd setup. ;-(
Updated by flacco almost 4 years ago
- Status changed from In Progress to Closed
- % Done changed from 90 to 100
fixed