× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

AD Time sync

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 5
Registered: ‎08-10-2017
#1 of 4 1,096
Accepted Solution

AD Time sync

Hello, I am new to Centrify so please excuse if this is a repeated question.  I have installed Centrify Express on our Ubuntu 14.04 and 16.04 systems.  I am able to successfully login using our AD accounts.  Does installing centrify & joining these systems make them automatically sync time with the AD Domain Controller ?  Before installing centrify , i had hardcoded settings in the local ntp.conf file of each linux machine to point to a time server.  What times to this ntp.conf time server setting then ? Does AD time take precedence over it ?  

 

Thanks.

Participant II
Posts: 5
Registered: ‎08-10-2017
#2 of 4 1,094

Re: AD Time sync

Typo* - What happens* to this ntp.conf time server setting then ?
Centrify Guru I
Posts: 1,899
Registered: ‎07-26-2012
#3 of 4 1,087

Re: AD Time sync

@neeraj79,

 

Welcome to the Centrify forums.

 

See your answers in blue.

 

  1. Does installing centrify & joining these systems make them automatically sync time with the AD Domain Controllers?
    Yes.  This is the behavior by default.
  2. What happens to the ntp.conf time server setting then ?
    It's not used.  Smiley Happy
  3. Does AD time take precedence over it ?  
    Yeap!

More information

In an enterprise, ideally all systems (switches, routers, servers, etc) sync to a consistent time source; however there may be situations where you want to use the NTP settings from your system.

 

Why do we do this?

As part of making Kerberos work "out of the box" we will by default attempt to synchronize time with Active Directory.  Although this is the default behavior, this is completely optional.

 

To control this behavior, use the adclient.sntp.enabled directive in the /etc/centrifydc/centrifydc.conf file:

 

# SNTP settings
#
# If true, adclient will keep the system clock in sync with 
# the domain controller. # # This parameter is controlled by the Group Policy # # "Computer Configuration" # -> "Administrative Templates" # -> "System" # -> "Windows Time Service" # -> "Time Providers" # -> "Enable Windows NTP Client" # # adclient.sntp.enabled: true

Commercial customers have the option to use group policy to control this parameter centrally.

 

If you change this parameter manually, you have to run the sudo adreload command.

 

I hope this clarifies things.

 

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 5
Registered: ‎08-10-2017
#4 of 4 1,080

Re: AD Time sync

Thank you for the detailed explanation.