.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. |date| date::

.. meta::
  :description: Installing and configuring NTP Chrony for Samba-AD on Redhat8 and derivatives
  :keywords: Redhat8, Samba-AD, NTP, Network Time Protocol, documentation, chrony

.. _server_install_ntp_redhat:

#############################################################################
Installing and configuring NTP Chrony for Samba-AD on Redhat and derivatives
#############################################################################

.. hint::

  Active Directory is based on the Kerberos protocol which requires near perfect clock synchronization between the domain member workstations and the Samba-AD domain controller.
  NTP is used to ensure synchronization between the clocks of the different devices on the network.

* Install the Chrony :program:`NTP` packages and choose a time server on the Internet (on a standard Redhat installation, Chrony is already installed, it replaces the historical ntpd daemon):

  .. code-block:: bash

    yum install chrony
    systemctl enable chrony
    systemctl stop chronyd
    chronyd -q 'server pool.ntp.org iburst'
    systemctl start chronyd


  .. warning::
    The ntpdate and sntp utilities, which are included in the ntp distribution, can be replaced with chronyd using the -q option or the -t option.


* Add the following lines to :file:`/etc/chrony.conf` to manage the signed NTP used by Windows workstations to automatically synchronize their clocks with the AD server:

  .. code-block:: bash

    allow 0.0.0.0/0 
    ntpsigndsocket  /var/lib/samba/ntp_signd

* Change the owner of the directory containing the samba socket used to authenticate the NTP service (directory exists if Samba service has been started once):

  .. code-block:: bash

    chown root:chrony /var/lib/samba/ntp_signd/
    chmod 750 /var/lib/samba/ntp_signd/

* Restart Chrony:

  .. code-block:: bash

    systemctl restart chronyd

.. include:: ../samba_debug_ntp.rst.inc

Now we can :ref:`install Samba in Active Directory mode <server_install_samba_redhat>`. We're progressing, that's good!