[ntp:hackers] Protocol specification modification for MS-SNTP

Danny Mayer mayer at ntp.org
Mon Jul 13 12:02:33 UTC 2009


Andrew Bartlett wrote:
> On Sun, 2009-07-12 at 22:47 -0400, Danny Mayer wrote:
>> Harlan Stenn wrote:
>>> Danny wrote:
>>>
>>>> The code should not be using Unix domain sockets. It needs to use either
>>>> AF_INET or AF_INET6.
>>> Why?  What's the problem you are trying to solve?
>>>
>>> H
>> That's a point solution. The server can be anywhere.
> 
> We (the Samba Team) have no need for a broader solution.  We are very
> happy with the solution as proposed and implemented.  Our users are also
> very happy with the solution.  
> 
> 
> Please read MS-SNTP.  In particular, please pay careful attention to:
> 
>> 1.5.1    Time Source Discovery and Selection
>>   The client must have a way of locating a time source that is a
>> domain controller and that can establish a secure connection with the
>> client.
>>   As specified in [MS-NRPC] section 3.5.4.2, Windows clients use the
>> DsrGetDcName method in the Netlogon domain controller locator service
>> to find their time sources. Each Windows domain controller configured
>> to be a time source must set its domain control information flags with
>> the appropriate time service flags, as specified in [MS-NRPC] section
>> 3.5.4.2.
> 
> As such, the NTP server and the domain controller are strictly required
> to be the same host.  There is no flexibility in real world operation to
> be be gained in any generalisation here.  

Except if I want to run NTP on a Microsoft Domain Controller which is
what I do at home. The point is that this is implemented strictly for
Samba and nothing else but we should not ignore either Microsoft's ADS
or Kerberos's servers which this code does not implement. We can extend
this but Samba is not the only possibility.

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the hackers mailing list