12 | | The switch `--enable-ntp-signd` must be added. |
| 12 | The switch `--with-sntp` as well as `--enable-ntp-signd` must be added. |
| 13 | {{{ |
| 14 | ./configure --prefix=/usr --sysconfdir=/etc \ |
| 15 | --with-binsubdir=sbin \ |
| 16 | --with-sntp --enable-ntp-signd |
| 17 | }}} |
| 18 | |
| 19 | In the configuration file two options needs to be added. That is a argument to `restrict`, enabling signed ntp and one option to specify a socket name the AD controller and the NTP daemon will communicate. Your `/etc/ntp.conf` may than look like: |
| 20 | |
| 21 | {{{ |
| 22 | # Begin /etc/ntp.conf |
| 23 | |
| 24 | server 0.de.pool.ntp.org |
| 25 | server 1.de.pool.ntp.org |
| 26 | server 2.de.pool.ntp.org |
| 27 | server 3.de.pool.ntp.org |
| 28 | |
| 29 | # Only allow localhost and our LAN to access |
| 30 | restrict default nopeer mssntp |
| 31 | restrict 127.0.0.1 |
| 32 | restrict 192.168.1.0 mask 255.255.255.0 |
| 33 | |
| 34 | # Location of drift and log files |
| 35 | driftfile /var/lib/ntp/ntp.drift |
| 36 | logfile /var/log/ntp.log |
| 37 | logconfig +clockall +peerall +sysall +syncall |
| 38 | |
| 39 | # Signed ntp |
| 40 | ntpsigndsocket /var/lib/samba/ntp_signd/ |
| 41 | |
| 42 | # End /etc/ntp.conf |
| 43 | }}} |
| 44 | |
| 45 | Note that NTP will add "socket" automatically to the path given at "ntpsignsocket". That means in turn, the argument to ntpsignsocket must be a directory and not the full name. Samba4 will place a socket im /var/lib/samba/ntp_signd/ so we add this name to the ntp.conf. |