.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Installing and configuring NTP Chrony for Samba-AD on Debian :keywords: Debian, Samba-AD, NTP, Network Time Protocol, documentation, chrony, chronyd .. _server_install_ntp_debian: ############################################################################# Installing and configuring NTP Chrony for Samba-AD Debian ############################################################################# .. hint:: Active Directory is based on the Kerberos protocol which requires near perfect clock synchronization between the domain member workstations and the Samba-AD domain controller. NTP is used to ensure synchronization between the clocks of the different devices on the network. * Install the Chrony :program:`NTP` packages and choose a time server on the Internet (since bookworm, ntp is an alias of ntpsec. Chronyd is the new standard for Samba-AD installation): .. code-block:: bash apt install chrony ntpdate -y ntpdate -bu pool.ntp.org * Add the following lines to :file:`/etc/chrony/chrony.conf` to manage the signed NTP used by Windows workstations to automatically synchronize their clocks with the AD server: .. code-block:: bash allow 0.0.0.0/0 ntpsigndsocket /var/lib/samba/ntp_signd * Change the owner of the directory containing the samba socket used to authenticate the NTP service: .. code-block:: bash chown root:_chrony /var/lib/samba/ntp_signd/ chmod 750 /var/lib/samba/ntp_signd/ * Restart Chrony: .. code-block:: bash systemctl restart chrony * Enable Chrony: .. code-block:: bash systemctl enable chrony .. include:: ../samba_debug_ntp.rst.inc Now we can :ref:`install Samba in Active Directory mode `. We're progressing, that's good!