[ntp:hackers] Protocol specification modification for MS-SNTP
martin.burnicki at meinberg.de
Mon Jul 13 08:10:07 UTC 2009
Danny Mayer wrote:
> Martin Burnicki wrote:
> > Similarly, the end user can decide whether he wants to have the Samba
> > daemon running or not, and I don't believe he would be happy to recompile
> > the NTP daemon just because Sambe shall be running but the NTP
> > installation package comes with support for Samba authentication
> > disabled.
> Whether or not Samba is running locally or elsewhere is not relevant to
> NTP. That's something that the adminstrator of the system needs to
> decide for themselves. NTP cannot help here.
If you want to run Samba as a Domain Controller NTP needs to cooperate with
Samba to fulfill the requirements for a domain controller and reply packet
with MS-style signature. *Maybe* it would even be possible to run the DC
Samba instance and the associated instance of ntpd on different machines, but
I doubt this would make sense.
The *context* of my quoted text above is that if a user wants to set up a DC
using Samba and installs precompiled packages the NTP package must have been
built with support for MS-style (or mssntp ??) authentication, otherwise the
guy who wants to set up the DC will have to re-build the NTP package.
> Incidently, this is not
> Samba authentication, it's MS-NTP authentication and it can be used for
> Microsoft's Domain Controller.
This is what this whole discussion is about. Maybe I should have written "the
type of authentication Samba needs to support in order to play the role of a
Domain Controller in a Windows network", so even you would have understood
what I mean.
> So why not try and contact the domain controller instead of involving
If you had followed the discussion you would know what it is about.
More information about the hackers