[ntp:hackers] MS-SNTP
Luke Howard
lukeh at padl.com
Tue Apr 1 03:33:27 UTC 2008
> You say Samba is to simulate an AD controller, which means it would
> be a
> MS-SNTP server for that domain. I wouldn't thnk the Samba AD would
> ordinarily be a MS-SNTP client of another MS-SNTP server in that
> domaing, but that might happen. On the other hand, the Samba 4 machine
It would happen in larger deployments, because the NTP synchronization
hierarchy by default mirrors the Windows domain hierarchy.
> For grins, I propose a configuration command to set the default server
> key ID scheme (ntp/mssntp/...) plus an association configuration
> option
> to set the default client key ID scheme. Exceptions can be handled by
> the restrict mechanism by using the restrict bits to override the
> default server scheme. I assume an AD will not have addresses
> scattered
> all over the place and relatively few address/mask pairs would be
> necessary. If on the other hand only a few NTP clients are used, the
> mask can apply to them.
That sounds like a good approach. The patch I initially submitted
supported multiple authentication providers for different parts of the
key ID space, perhaps this could be extended to support client address
ranges too.
-- Luke
More information about the hackers
mailing list