"[...]Active Directory clients [such as Windows 7] require an MS-SNTP server that cryptographically signs the response." This feature has been build into the latest ntp versions and it is used by samba4 (alpha) releases. It just requires one simple use_enable switch (--enable-ntp-signd) and two configuration lines. I created a patch for the current 4.2.6_p3 ebuild and tried it on my network, seems to work flawless. Reproducible: Always If your ntpuses caps, you'll need chmod and chown the directory containing the samba socket. For further information, look at these howtos: http://wiki.samba.org/index.php/Samba4/HOWTO http://en.gentoo-wiki.com/wiki/Samba4_as_Active_Directory_Server#NTP_.28recommended.29 The two config lines: ntpsigndsocket /var/run/samba/ntp_signd/ restrict default mssntp
Created attachment 280045 [details, diff] mssntp patch against ntp-4.2.6_p3.ebuild
used existing USE=samba instead http://sources.gentoo.org/net-misc/ntp/ntp-4.2.6_p3-r1.ebuild?r1=1.1&r2=1.2 http://sources.gentoo.org/net-misc/ntp/metadata.xml?r1=1.4&r2=1.5
This resolution is incorrect. The appropriate option is --enable-ntp-signd
(In reply to comment #3) > This resolution is incorrect. The appropriate option is --enable-ntp-signd Sorry? But that is what is used here (and described above) and it also works, verified by the logs and my win7 clients being able to sync time. You might have been confused by the syntax of the patch, but that is just the gentoo way of doing it.
i think his point is: -use_with +use_enable not sure why the configure script doesn't warn about the unknown flag considering it's been generated with the latest autoconf ...
should be all set now in the tree; thanks for the report! Commit message: Fix typo in ntp-signd flag http://sources.gentoo.org/net-misc/ntp/ntp-4.2.6_p3-r1.ebuild?r1=1.2&r2=1.3 http://sources.gentoo.org/net-misc/ntp/ntp-4.2.6_p4.ebuild?r1=1.1&r2=1.2