[ntp:hackers] MS-SNTP
Andrew Bartlett
abartlet at samba.org
Tue Apr 1 02:52:18 UTC 2008
On Tue, 2008-04-01 at 02:33 +0000, David L. Mills wrote:
> Andrew,
>
> I hear you and don't want to leave Microsoft out in any case. As it
> stands, the MS-SNTP key ID scheme is incompatible with ordinary NTP
> users and the national laboratories. But, you have given me an idea.
>
> You say Samba is to simulate an AD controller, which means it would be a
> MS-SNTP server for that domain.
Yes.
> I wouldn't thnk the Samba AD would
> ordinarily be a MS-SNTP client of another MS-SNTP server in that
> domaing, but that might happen.
It could certainly happen.
> On the other hand, the Samba 4 machine
> would very likely be a client of other NTP server(s).
Yes.
> This is the case I
> am worried about. An even more perplexing case is when the Samba machine
> is a server for both NTP and MS-SNTP clients.
>
> For grins, I propose a configuration command to set the default server
> key ID scheme (ntp/mssntp/...) plus an association configuration option
> to set the default client key ID scheme. Exceptions can be handled by
> the restrict mechanism by using the restrict bits to override the
> default server scheme. I assume an AD will not have addresses scattered
> all over the place and relatively few address/mask pairs would be
> necessary. If on the other hand only a few NTP clients are used, the
> mask can apply to them.
>
> Does this work?
I think it would.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ntp.org/pipermail/hackers/attachments/20080401/245e24e2/attachment.bin
More information about the hackers
mailing list