Re: [chrony-users] Problem with windows domain time syncing (Debian bookworm) |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Problem with windows domain time syncing (Debian bookworm)
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Wed, 19 Feb 2025 13:56:28 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739969794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NUpLh6UqUKwBLthximJZnGaM9YdmW81PYqAnnyCNzJ8=; b=F5JnhwjMEOBJXUTMWQvIjpNj/NSh1k1w+r/+T+VmBbjwGvyn3RM+dWVb2WHzqaErY4FY3x 9J2ATup/NlxOz7RNZjykh1F23OMf8cbWPj2V3E6kyCcyoggD3cnl3j908a7AClhCTxrUfG t6JCIZeSeHETwdoGtD6K8eL5voTH0TU=
On Wed, Feb 19, 2025 at 01:49:16PM +0200, Virgo Pärna wrote:
> Using Wireshark I could see, that when running
> w32tm /resync
> there were packets going to time server but not response. Requests had Key
> ID and 68 byte Message Authentication Code (with one byte set to 01,
> according to WireShark).
That would be the extended MS-SNTP authenticator field, which AFAIK is
not supported by the samba signd protocol yet.
> After changing in Windows registry under
> HKLM\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient
> value of SignatureAuthAllowed from 1 to 0 and restarting w32time service
> w32tm /resync would work and there would be responses and time would sync.
> And Wireshark shows, that requests are sent with same Key ID value, but
> Message Authentication Code is instead 16 bytes all zeros. And it does
> receive responses.
That's the classic MS-SNTP authenticator field.
> But why it stopped working without that registry change?
Maybe some related feature provided by the updated samba enables the
use of extended authenticators? You should ask samba developers.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.