[ntp:hackers] MS-SNTP

Luke Howard lukeh at padl.com
Tue Apr 1 03:33:27 UTC 2008


> You say Samba is to simulate an AD controller, which means it would  
> be a
> MS-SNTP server for that domain. I wouldn't thnk the Samba AD would
> ordinarily be a MS-SNTP client of another MS-SNTP server in that
> domaing, but that might happen. On the other hand, the Samba 4 machine

It would happen in larger deployments, because the NTP synchronization  
hierarchy by default mirrors the Windows domain hierarchy.

> For grins, I propose a configuration command to set the default server
> key ID scheme (ntp/mssntp/...) plus an association configuration  
> option
> to set the default client key ID scheme. Exceptions can be handled by
> the restrict mechanism by using the restrict bits to override the
> default server scheme. I assume an AD will not have addresses  
> scattered
> all over the place and relatively few address/mask pairs would be
> necessary. If on the other hand only a few NTP clients are used, the
> mask can apply to them.

That sounds like a good approach. The patch I initially submitted  
supported multiple authentication providers for different parts of the  
key ID space, perhaps this could be extended to support client address  
ranges too.

-- Luke



More information about the hackers mailing list