SUSE Support

Here When You Need Us

Samba in AD Domain timing issue (SAMBA KERBEROS NTP)

This document (7003219) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 10 Service Pack 1
SUSE Linux Enterprise Server 10 Service Pack 2

Situation

In an AD Domain the time synchronsation is critical because of Kerberos. By default most Domains allow a time difference of maximum 300 seconds between members of the domain. A bigger time difference results normally in a failure to connect without proper warning in the logfiles. This situation is difficult to asset but can be easily avoided.

Resolution

Every Windows Server acts as a time server as well. So the perfect solution for this is to make the KDC of a domain the time server of the linux machine. For this the file /etc/ntp.conf is edited and a line

   server IP_OF_KDC

is added. Then ntp is stopped

   rcntp stop

the drift file should be deleted. Location of the drift file can be found in /etc/ntp.conf.

to get the initial time from the KDC

   ntpdate IP_OF_KDC

and then store it on the system

   hwclock -uw

then the service is started again

   rcntp start

and made sure it is always started on boot

   insserv ntp



Additional Information

There can be more than one server added to the ntp.conf file. As a matter of fact it should be more than one anyway.
The reason to use the IP instead of the FQDN of the Server in the ntp.conf is to avoid a problem during boot if DNS is not working properly. But this can of course lead to other problems if the IP of the server ever changes.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7003219
  • Creation Date: 06-May-2009
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.