[SOLVED] How does CentrifyDC set macOS prefs pane for NTP server?
02-23-2018 07:43 AM
I'm trying to figure out how Centrify software does this. Can't seem to find this in docs.
Our macOS laptops appear to have the System Prefs panel for Date & Time setting for NTP server set to our AD DC.
i.e. System Prefs -> Date & Time -> Set date and time automatically -> "dc01.example.com"
I don't know how this is set. We have no GPO setting for this -- I've checked. Also, the centrifydc.conf settings regarding ntp are all commented out.
Also, weirdly, one laptop has "dc01.example.com" and another has "dc02.example.com". i.e. Not all laptops are getting the same DC.
Just pointing me to the right page in some docs is good enough to answer this but if you have more info, that's great!
Solved! Go to Solution.
02-23-2018 08:22 AM
Check this out: https://community.centrify.com/t5/Centrify-Express/AD-Time-sync/td-p/29055
02-23-2018 02:36 PM
As described in the post, that's the default behavior. Once you disable the GPO/Parameter, you are responsible for making sure that all your systems are in sync (within 5 minutes) of your DCs.
This is not a Centrify requirement but a preventive control that Kerberos uses against replay attacks.
(time skew must be within 5 minutes of the KDC).