SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This post is not so much an issue as a suggestion to the Slackware distribution maintainers. In future slackpkg updates, could you please build ntpd with the --enable-ntp-signd option?
Without this option the Linux host cannot act as a ntp time server to Windows computers. And, since Windows computers are an inevitability in any LAN nowadays, --enable-ntp-signd should be a default option. It certainly won't hurt anything to have that enabled even if the end user has no need to time-sync with Windows computers.
I just spent a couple of weeks getting this sorted out. I knew about this and thought I had built my ntpd from source with that option, but apparently I didn't do something right in the build process.
Likewise, I would suggest the SlackBuilds maintainer of chrony do the same.
Slackware makes a great Windows Active Directory domain controller, one command to provision -- except for this ntpd defect. ntp-signd is required for a domain controller with Windows domain members. If that were part of the distro, there would be zero extra work and the domain controller would be set up in a few minutes.
Slackware 15.0 and -current have ntp built with that option.
I tried using ntpd on 15.0. It does not work. If it did, I wouldn't have spent two weeks trying to figure out why the Windows domain members couldn't time-sync with the Slackware DC. Here is a tcpdump -v port 123 example:
I tried with ntpd copied from another Slackware 15.0 system. Same result. I tried building ntpd from sources with --enable-ntp-signd. Same result.
If Slackware 15.0 ntpd is built with --enable-ntp-signd, it's not working. When I built the ntpd sources on 14.2 with --enable-ntp-signd it worked and ran properly for many years.
I finally downloaded the chrony sources and built that with --enable-ntp-signd and that's what gave the reply packet shown above.
I tried building ntpd from sources with --enable-ntp-signd. Same result.
Whether or not that option was there in the original SlackBuild script it obviously does not help.
Quote:
Originally Posted by mfoley
If Slackware 15.0 ntpd is built with --enable-ntp-signd, it's not working. When I built the ntpd sources on 14.2 with --enable-ntp-signd it worked and ran properly for many years.
What if you build the same version as used in Slackware 14.2 for Slackware 15.0? Maybe something has broken upstream in ntpd?
Quote:
Originally Posted by mfoley
I finally downloaded the chrony sources and built that with --enable-ntp-signd and that's what gave the reply packet shown above.
At least you have found a solution to your problem.
@mfoley - Just curious. You posted a solution for this using ntp that seems to gel with the Samba wiki page that you linked then and that was last updated 27 October 2023, at 15:58.
Slackware 15.0 has been out for a while now, so I am a little surprised that there have been no other reports of this not working.
If you have been trying NTPsec, then the links on the Samba wiki page show that this has been a known issue that may have been fixed in release 1.2.3
@mfoley - Just curious. You posted a solution for this using ntp that seems to gel with the Samba wiki page that you linked then and that was last updated 27 October 2023, at 15:58.
Your referenced post is from Nov 20, 2020 which is when our office upgraded to Windows 10. This was still Slackware 14.2. Windows 10 was probably the first version that needed signd. My old 14.2 DC shows that I downloaded and built ntp-4.2.8p15 with --enable-ntp-signd on Nov 21, 2020. The actual error in that post is me messing up the ntp.conf by adding the "socket" to the ntpsigndsocket setting instead of just the directory /var/lib/samba/ntp_signd. If you look at posting #4 in that thread, It gives my solution which step 1 says, "I had to build ntpd from sources with --enable-ntp-signd."
I see that thread ending Nov 21, 2020, not Oct, 2023.
Quote:
Slackware 15.0 has been out for a while now, so I am a little surprised that there have been no other reports of this not working.
If you have been trying NTPsec, then the links on the Samba wiki page show that this has been a known issue that may have been fixed in release 1.2.3
Nope, not using NTPsec. I started with the ntpd as installed from the 15.0 ISO image -- clean install, not an upgrade from 14.2. When that didn't work I then downloaded the ntpd-4.2.8p17 sources from http://www.ntp.org, just like I did years ago with 14.2. I built that (or so I thought) with --enable-ntp-signd. When that didn't work, I built it again. I'll allow that it is possible that I messed something up on the build, but I've done that before without problem. Failing all that, I copied an unmodified ntpd from another up-to-date 15.0 system. That didn't work either.
On the 14.2 system, I could check syslog and I would get one of two messages:
Code:
(If built with --enable-ntp-signd)
# grep ntpd /var/log/syslog
Nov 19 01:50:14 mail ntpd[17169]: MS-SNTP signd operations currently block ntpd degrading service to all clients.
(If not built with --enable-ntp-signd)
Nov 19 01:40:33 mail ntpd[10076]: mssntp restrict bit ignored,
this ntpd was configured without --enable-ntp-signd.
With 15.0 I got neither of those messages. I got no joy until I downloaded chrony sources and built with --enable-ntp-signd.
I can't explain why no one else has reported this unless a) no one else has tried setting up a Slackware 15.0 domain controller with Windows members. b) For those who have built such a DC, no one has acatually checked the Windows member with 'w32tm /query /source' to see if the Windows computer is actually time-syncing with the DC. c) My system is somehow different from everyone else who has created a DC with Windows members.
If you have such a domain configured, or if any reader of this thread does, please run 'w32tm /query /source' on one of your Windows domain members and post back the results (assuming you're running the as-shipped Samba 15.0 ntpd).
I was wanting to check that you had followed the steps that had previously worked for you.
Like I said, just curious. My days of getting Windows and Linux to play nice are thankfully over.
When I am in a masochistic frame of mind, I will boot a Windows 10 install and update it, attempting to guess what is happening and how long it will take.
Thanks for the detailed reply and sharing your solution. Good fortune to you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.