.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Installing and configuring NTP Chrony for Samba-AD on Redhat8 and derivatives :keywords: Redhat8, Samba-AD, NTP, Network Time Protocol, documentation, chrony .. _server_install_ntp_redhat: ############################################################################# Installing and configuring NTP Chrony for Samba-AD on Redhat and derivatives ############################################################################# .. hint:: Active Directory is based on the Kerberos protocol which requires near perfect clock synchronization between the domain member workstations and the Samba-AD domain controller. NTP is used to ensure synchronization between the clocks of the different devices on the network. * Install the Chrony :program:`NTP` packages and choose a time server on the Internet (on a standard Redhat installation, Chrony is already installed, it replaces the historical ntpd daemon): .. code-block:: bash yum install ntpdate chrony ntpdate -bu pool.ntp.org * Add the following lines to :file:`/etc/chrony.conf` to manage the signed NTP used by Windows workstations to automatically synchronize their clocks with the AD server: .. code-block:: bash ntpsigndsocket /var/lib/samba/ntp_signd * Change the owner of the directory containing the samba socket used to authenticate the NTP service: .. code-block:: bash chown root:chrony /var/lib/samba/ntp_signd/ chmod 750 /var/lib/samba/ntp_signd/ * Restart Chrony: .. code-block:: bash systemctl restart chronyd .. include:: ../samba_debug_ntp.rst.inc Now we can :ref:`install Samba in Active Directory mode `. We're progressing, that's good!