[ntp:hackers] MS-SNTP

Andrew Bartlett abartlet at samba.org
Tue Apr 1 02:52:18 UTC 2008


On Tue, 2008-04-01 at 02:33 +0000, David L. Mills wrote:
> Andrew,
> 
> I hear you and don't want to leave Microsoft out in any case. As it 
> stands, the MS-SNTP key ID scheme is incompatible with ordinary NTP 
> users and the national laboratories. But, you have given me an idea.
> 
> You say Samba is to simulate an AD controller, which means it would be a 
> MS-SNTP server for that domain. 

Yes. 

> I wouldn't thnk the Samba AD would 
> ordinarily be a MS-SNTP client of another MS-SNTP server in that 
> domaing, but that might happen. 

It could certainly happen.  

> On the other hand, the Samba 4 machine 
> would very likely be a client of other NTP server(s). 

Yes.

> This is the case I 
> am worried about. An even more perplexing case is when the Samba machine 
> is a server for both NTP and MS-SNTP clients.
> 
> For grins, I propose a configuration command to set the default server 
> key ID scheme (ntp/mssntp/...) plus an association configuration option 
> to set the default client key ID scheme. Exceptions can be handled by 
> the restrict mechanism by using the restrict bits to override the 
> default server scheme. I assume an AD will not have addresses scattered 
> all over the place and relatively few address/mask pairs would be 
> necessary. If on the other hand only a few NTP clients are used, the 
> mask can apply to them.
> 
> Does this work?

I think it would.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ntp.org/pipermail/hackers/attachments/20080401/245e24e2/attachment.bin 


More information about the hackers mailing list