I have freshly setup a nethserver as pdc and also run into this problem from time to time. Is there a permanent solution for this? Can I change something somewhere in configuration, or do I have to resolve this by a gpo on my windows 10 clients? Or by a logon script?
Problem can be solved by starting command prompt as administrator and running net time \dc_hostname /set /yes and re-logon. Or could it be suricata? I am asking, because I activated all categories and edited all to block instead of alarm. That way, I created a problem with filebrowsing on my shares, even a rightclick on a file on a share made windows freeze and it took a minute to the context menu to display. I found out, that the suricata module Policy was the blocking one. I will observe if the timing problem is solved too with deactivated Policy module, and if not, report back.
Edit to add, that until now, I encountered no problems anymore. But reading the docs, I am afraid, I could have enabled too much, as apart from mentioned policy rule, all rules are activated and I read that I some could block updates. Having additionally setup Pi-Hole on a vm too, with a bunch of blocklists, I will observe if in the next some weeks, there are updates for nethserver but also for my windows 10 client, and disable if necessary some of the rules. I would appreciate if someone could point on rules that should not be activated apart from the poliy rule anyway.
On a new installation with sane default settings, it run ruther stable. But around midnight, there was a temporary problem accessing shared drives and profile folder from within windows vm. A reboot of the windows client did the trick. Is there any recomanation on how to improve time synchonisation between windows clients and active directory domain controler?
I will do so, but I think, it could have been because of IPS. Now I restarted with a fresh installation of nethserver and did not yet have this problem. But nonetheless, you are right, and I would like to configure the settings as you suggest. Do I understand you correctly? I should set:
Gateway IP -> green network nethserver ip
dns server -> ip configured for the ad container, when creating active directory domain
wins -> ip configured for the ad container, when creating active directory domain
ntp server -> green network nethserver ip
Do I need to activate ntp on nethserver, or is this automatically active?
I quoted what worked for another user but, on top of that, will do some small changes (AD networking is not a strong point of mine, so anyone correct me if you spot something wrong.)
On NethServer configured as AD (DC) and acting as DHCP and DNS server:
