[ntp:hackers] Protocol specification modification for MS-SNTP

Andrew Bartlett abartlet at samba.org
Mon Jul 13 03:02:30 UTC 2009

On Sun, 2009-07-12 at 22:47 -0400, Danny Mayer wrote:
> Harlan Stenn wrote:
> > Danny wrote:
> > 
> >> The code should not be using Unix domain sockets. It needs to use either
> >> AF_INET or AF_INET6.
> > 
> > Why?  What's the problem you are trying to solve?
> > 
> > H
> That's a point solution. The server can be anywhere.

We (the Samba Team) have no need for a broader solution.  We are very
happy with the solution as proposed and implemented.  Our users are also
very happy with the solution.  

Please read MS-SNTP.  In particular, please pay careful attention to:

> 1.5.1    Time Source Discovery and Selection
>   The client must have a way of locating a time source that is a
> domain controller and that can establish a secure connection with the
> client.
>   As specified in [MS-NRPC] section, Windows clients use the
> DsrGetDcName method in the Netlogon domain controller locator service
> to find their time sources. Each Windows domain controller configured
> to be a time source must set its domain control information flags with
> the appropriate time service flags, as specified in [MS-NRPC] section

As such, the NTP server and the domain controller are strictly required
to be the same host.  There is no flexibility in real world operation to
be be gained in any generalisation here.  

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ntp.org/pipermail/hackers/attachments/20090713/d45aa2a1/attachment.bin 

More information about the hackers mailing list