11.1 Time Synchronization

   

In a network of computers, the systems on the network must agree on the current time and also on what time files have been modified. One example of the importance of synchronization is the roaming profiles we covered in Chapter 4. It is vital for all clients accessing a roaming profile to agree on what time it is and which client last modified the user 's profile.

Time synchronization can also be very important to programmers. A useful group of settings consists of the following options:

 [global]     time server = yes     dos filetimes = yes     fake directory create times = yes     dos filetime resolution = yes     delete readonly = yes 

If you set these options, Samba shares will provide compatibility of file-modification times that Visual C++, nmake , and other Microsoft programming tools require. Otherwise, PC make programs might think that all the files in a directory need to be recompiled every time. Obviously, this is not the behavior you want.

In Chapter 4, we showed you how to create a logon script that used the net time command to synchronize clients' clocks automatically when they log on to the domain. If your network is configured as a workgroup rather than a domain, you can still make use of net time by placing the command:

 net time \   sambaserver   /set /yes 

in a startup script on each client that is run when the system boots. Samba always provides time service ”regardless of whether it is running as a primary domain controller ”or the time service configuration file parameter is set.

Assuming that domain users log on to the domain at least once per day and workgroup clients reboot frequently, the net time command can keep client systems' clocks fairly well synchronized. However, sometimes domain users stay logged on for longer periods, and workgroup clients can run for days between reboots. In the meantime, the systems' hardware clocks can wander enough to become a problem. It might be possible to work around this, depending on the version of Windows the client system is running. On Windows 98/Me, you can use the Task Scheduler to run the net time command at regular intervals. Likewise, on Windows 2000/XP you can use the MS-DOS at command. However, a better way to deal with this issue is to use Network Time Protocol, which we will discuss shortly.

Proper time synchronization is also important when operating in an Active Directory domain because Active Directory uses Kerberos authentication. When a Kerberos domain controller creates an authentication ticket for a client, the time is encoded into the challenge-and-response exchanges between the client and domain controller. If the client's clock disagrees with the server's clock, authentication can fail.

To provide proper time synchronization in Active Directory domains, Microsoft has adopted Network Time Protocol (NTP), using the name Windows Time Service for its implementation. For further information, the Microsoft white paper entitled The Windows Time Service can be downloaded from http://www.microsoft.com.

The nice thing about this is that NTP is the standard method for synchronizing Unix hosts on a network, so you can synchronize all your Unix systems (including the Samba server) and Windows systems with the following method:

  1. Run NTP on the Unix systems in your network. For more information on using NTP, refer to http://www.ntp.org.

  2. Use one of the Unix systems (such as the Samba host system) as an NTP server to serve Windows 2000/XP clients.

  3. For other Windows clients, you might have to download an update from Microsoft to add Windows Time Service client support or use a third-party application such as the free analogX Atomic TimeSync (http://www.analogx.com). Or you can use the net time command to update the client's clock periodically, as discussed previously.

11.1.1 Time-Synchronization Options

To support roaming profiles, programmers accessing your Samba server, and other time-sensitive functions on your network, you'll want to be aware of the options listed in Table 11-1.

Table 11-1. Time-synchronization options

Option

Parameters

Function

Default

Scope

time server

Boolean

If yes , announces nmbd as an SMB time service to Windows clients

no

Global

time offset

numeric

Adds a specified number of minutes to the reported time

Global

dos filetimes

Boolean

Allows non- owners of a file to change its time if they can write to it

no

Share

dos filetime

resolution

Boolean

Causes file times to be rounded to the next even second

no

Share

fake directory create times

Boolean

Sets directory times to avoid an MS nmake bug

no

Share

11.1.1.1 time server

Samba always operates as an SMB time server, matching the behavior of Windows systems. However, Samba's default is not to advertise itself as a time server to the network. When this option is set to yes , Samba advertises itself as an SMB time server:

 [global]     time service = yes 
11.1.1.2 time offset

To deal with clients that don't properly process daylight savings time, Samba provides the time offset option. If set, it adds the specified number of minutes to the current time. This is handy if you're in Newfoundland and Windows doesn't know about the 30-minute time difference there:

 [global]     time offset = 30 
11.1.1.3 dos filetimes

Traditionally, only the root user and the owner of a file can change its last-modified date on a Unix system. The share-level dos filetimes option allows the Samba server to mimic the characteristics of a DOS or Windows system: any user can change the last-modified date on a file in that share if she has write permission to it. To do this, Samba uses its root privileges to modify the timestamp on the file.

By default, this option is disabled. Setting this option to yes is often necessary to allow PC make programs to work properly. Without it, they cannot change the last-modified date themselves . This often results in the program thinking all files need recompiling when they really don't.

11.1.1.4 dos filetime resolution

The dos filetime resolution parameter is a share-level option. If set to yes , Samba rounds file times to the closest 2-second boundary. This option exists primarily to satisfy a quirk in Windows that prevents Visual C++ from correctly recognizing that a file has not changed. You can enable it as follows :

 [data]     dos filetime resolution = yes 

We recommend using this option only if you are using Microsoft Visual C++ on a Samba share that supports opportunistic locking.

11.1.1.5 fake directory create times

The fake directory create times option exists to keep PC make programs sane. VFAT and NTFS filesystems record the creation date of a specific directory, while Unix does not. Without this option, Samba takes the earliest recorded date it has for the directory (often the last-modified date of a file) and returns it to the client. If this is not sufficient, set the following option under a share definition:

 [data]     fake directory create times = yes 

If set, Samba will adjust the directory create time it reports to the hardcoded value January 1, 1980. This is primarily used to convince the Visual C++ nmake program that any object files in its build directories are indeed younger than the creation date of the directory itself and need to be recompiled.

   


Using Samba
Using Samba: A File and Print Server for Linux, Unix & Mac OS X, 3rd Edition
ISBN: 0596007698
EAN: 2147483647
Year: 2003
Pages: 475

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net