[ntp:hackers] Protocol specification modification for MS-SNTP

Martin Burnicki martin.burnicki at meinberg.de
Mon Jul 13 08:10:07 UTC 2009


Danny Mayer wrote:
> Martin Burnicki wrote:
> > Similarly, the end user can decide whether he wants to have the Samba
> > daemon running or not, and I don't believe he would be happy to recompile
> > the NTP daemon just because Sambe shall be running but the NTP
> > installation package comes with support for Samba authentication
> > disabled.
> Whether or not Samba is running locally or elsewhere is not relevant to
> NTP. That's something that the adminstrator of the system needs to
> decide for themselves. NTP cannot help here.

If you want to run Samba as a Domain Controller NTP needs to cooperate with 
Samba to fulfill the requirements for a domain controller and reply packet 
with MS-style signature. *Maybe* it would even be possible to run the DC 
Samba instance and the associated instance of ntpd on different machines, but 
I doubt this would make sense.

The *context* of my quoted text above is that if a user wants to set up a DC 
using Samba and installs precompiled packages the NTP package must have been 
built with support for MS-style (or mssntp ??) authentication, otherwise the 
guy who wants to set up the DC will have to re-build the NTP package.

> Incidently, this is not 
> Samba authentication, it's MS-NTP authentication and it can be used for
> Microsoft's Domain Controller.

This is what this whole discussion is about. Maybe I should have written "the 
type of authentication Samba needs to support in order to play the role of a 
Domain Controller in a Windows network", so even you would have understood 
what I mean.

> So why not try and contact the domain controller instead of involving
> Samba?

If you had followed the discussion you would know what it is about.

Martin Burnicki

Meinberg Funkuhren
Bad Pyrmont

More information about the hackers mailing list