The ls -l command you ran shows the ntp_signd directory is empty, so it looks like samba is not creating the socket (at least in that location). Do you have the "ntp signd socket directory" option in your smb.conf? If not, try manually it to smb.conf: ntp signd socket directory = /var/run/samba/ntp_signd
Apart from that, my suggestion would be to stop apparmor and iptables for testing and run ntp and samba with verbose logging on and see what it says. Also, what does "w32tm /query /source" and "w32tm /monitor" show on the client? On Sat, Jul 27, 2013 at 11:39 AM, Andrew Martin <amar...@xes-inc.com> wrote: > ----- Original Message ----- > > From: "Thomas Simmons" <twsn...@gmail.com> > > To: "Andrew Martin" <amar...@xes-inc.com> > > Cc: samba@lists.samba.org > > Sent: Saturday, July 27, 2013 10:33:49 AM > > Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? > > > > > > > > > > > > On Sat, Jul 27, 2013 at 2:26 AM, Andrew Martin < amar...@xes-inc.com > > > wrote: > > > > > > Hello, > > > > I recently compiled Samba 4.0.6 (as an AD DC) and am running it on > > Ubuntu 12.04. > > I followed the instructions on the Samba wiki ( > > https://wiki.samba.org/index.php/Configure_NTP ) > > for how to configure ntp, however the domain clients are rejecting > > the DCs as > > being acceptable time sources. Below is my ntp.conf: > > > > server 127.127.1.0 > > fudge 127.127.1.0 stratum 10 > > server 0.pool.ntp.org iburst prefer > > server 1.pool.ntp.org iburst prefer > > driftfile /var/lib/ntp/ntp.drift > > logfile /var/log/ntp > > ntpsigndsocket /var/run/samba/ntp_signd > > restrict default kod nomodify notrap nopeer mssntp > > restrict 127.0.0.1 > > restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer > > noquery > > restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer > > noquery > > > > Using Ubuntu, I am not using SELinux. I do not believe there to be > > any problems > > with apparmor, as it contains these lines in > > /etc/apparmor.d/usr.sbin.ntpd: > > # samba4 ntp signing socket > > /{,var/}run/samba/ntp_signd/socket rw, > > > > What is the correct procedure for configuring NTP for a Samba4 AD DC? > > > > Thanks, > > > > Andrew > > > > > > When you compiled Samba, did you not use the standard install path > > (/usr/local/samba) or did you add an entry in smb.conf to use > > /var/run/samba/ntp_signd for the socket? > > > Thomas, > > When compiling Samba, I specified custom paths to be in line with Debian's > conventions for file locations: > conf_args = \ > --prefix=/usr \ > --enable-fhs \ > --sysconfdir=/etc \ > --localstatedir=/var \ > --with-privatedir=/var/lib/samba/private \ > --with-smbpasswd-file=/etc/samba/smbpasswd \ > --with-piddir=/var/run/samba \ > --with-pammodulesdir=/lib/$(DEB_HOST_MULTIARCH)/security \ > --with-pam \ > --with-syslog \ > --with-utmp \ > --with-pam_smbpass \ > --with-winbind \ > > --with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2 > \ > --with-automount \ > --with-ldap \ > --with-ads \ > --with-dnsupdate \ > --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ > --with-modulesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/samba \ > --datadir=/usr/share \ > --with-lockdir=/var/run/samba \ > --with-statedir=/var/lib/samba \ > --with-cachedir=/var/cache/samba \ > --disable-avahi \ > --with-ctdb=/usr \ > --disable-rpath \ > --disable-ntdb \ > --disable-rpath-install \ > --bundled-libraries=NONE,pytevent,iniparser \ > --builtin-libraries=replace,ccan \ > --minimum-library-version="$(shell ./debian/autodeps.py > --minimum-library-version)" \ > --without-getpass-replacement \ > --enable-debug > > > Thanks, > > Andrew > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba