We should set a default timeserver during the UCS installation. Without a configured external timeserver the w32tm service under windows was not able to accept the S4 PDC emulator as a trust-able time server.
See also Bug #27728 and Bug #23266
univention-base-files now installs a script univention-default-ntp-pool which outputs the name of a ntp pool most suitable for the current timezone. This script is employed in the postinst to initialize the three timeserver variables in case any of them is not set. The changelog provides advice to set the variables e.g. to an empty string to avoid these defaults.
Reverted changes of Comment 2, as *.pool.ntp.org must not be shipped as default by software vendors. Went back to analyze the original problem of windows clients not synchronizing time with Samba4 DCs, and it seems that the w32tm implementation does not fully support responses of ntp server that have a local stratum > 9. This is visible e.g. in the following output of "w32tm /query /peers /verbose": ================================================ Anzahl Peers: 1 Peer: master10.arucs31i0.qa Status: Aktiv Verbleibende Zeit: 618.4000000s Modus: 3 (Client) Stratum: 0 (nicht angegeben) ## should output 11, not "unspecified" PeerAbrufintervall: 0 (nicht angegeben) HostAbrufintervall: 10 (1024s) Letzte erfolgr. Synchronisierungszeit: (null) Letzter Synchronisierungsfehler: 0x800705B4 (Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. ) Letzte Synchronisierungsfehlermeldungs-ID: 0x00000000 (Erfolgreich) Auth-Typnachricht-ID: 0x0000005B (NtDigest ) Auflösungsversuche: 0 Gültiger Datenzähler: 1 Erreichbarkeit: 2 ================================================ We now reduce the local stratum in the ntp.conf of a master to 5 and on other UCS roles we set it to 9, maintaining the approximate offset to the master. Output: Peer: master10.arucs31i0.qa Status: Aktiv Verbleibende Zeit: 861.6196000s Modus: 3 (Client) Stratum: 6 (Sekundärreferenz - synchr. über (S)NTP) PeerAbrufintervall: 10 (1024s) And, after stopping the ntp server on the master and after about four calls to "w32tm /resync /rediscover" and "w32tm /query /peers /verbose" in turn, the Windows 7 Client hooked on to the slave: Peer: slave12.arucs31i0.qa Status: Aktiv Verbleibende Zeit: 1003.6256895s Modus: 3 (Client) Stratum: 10 (Sekundärreferenz - synchr. über (S)NTP) PeerAbrufintervall: 17 (außerhalb des zulässigen Bereichs) It seems to be irrelevant if the ntp server is still in "freq_sync" state or already in "clock_sync" state. The "PeerPoll Interval: 17" warning message above seemed to vanish after another call to "w32tm /resync". Updated changelog-3.1-1.
UCS slave update to 3.1-1, then univention-samba4 was installed. NTP service is not usable from windows because /var/lib/samba/ntp_signd has wrong permissions. ls -la /var/lib/samba/ntp_signd insgesamt 8 drwxr-x--- 2 root root 4096 18. Mär 15:41 . drwxr-xr-x 9 root root 4096 18. Mär 15:12 .. srwxrwxrwx 1 root root 0 18. Mär 15:41 socket
univention-samba4.postinst now checks group access rights for the nt_socket directory during installations as well as updates.
OK Changelog entry exists.
UCS 3.1-1 has been released: http://download.univention.de/doc/release-notes-3.1-1_en.pdf http://download.univention.de/doc/release-notes-3.1-1.pdf If this error occurs again, please use "Clone This Bug".