[SOLVED] How does CentrifyDC set macOS prefs pane for NTP server?
4 weeks ago - last edited 4 weeks ago
I'm trying to figure out how Centrify software does this. Can't seem to find this in docs.
Our macOS laptops appear to have the System Prefs panel for Date & Time setting for NTP server set to our AD DC.
i.e. System Prefs -> Date & Time -> Set date and time automatically -> "dc01.example.com"
I don't know how this is set. We have no GPO setting for this -- I've checked. Also, the centrifydc.conf settings regarding ntp are all commented out.
Also, weirdly, one laptop has "dc01.example.com" and another has "dc02.example.com". i.e. Not all laptops are getting the same DC.
Just pointing me to the right page in some docs is good enough to answer this but if you have more info, that's great!
Solved! Go to Solution.
4 weeks ago
Check this out: https://community.centrify.com/t5/Centrify-Express/AD-Time-sync/td-p/29055
4 weeks ago
As described in the post, that's the default behavior. Once you disable the GPO/Parameter, you are responsible for making sure that all your systems are in sync (within 5 minutes) of your DCs.
This is not a Centrify requirement but a preventive control that Kerberos uses against replay attacks.
(time skew must be within 5 minutes of the KDC).