Domain Controller time clock out of sync

NethServer Version: NethServer release 7.3.1611 (Final)
Module: Domain Accounts / Account Provider
Late last week I started intermittently seeing that my account provider was refusing connection.
I started looking around and saw that my server time was showing a date in 1969, although I was using for time. I changed the ntp pool from to another server with and the time updated and the problem was corrected suggesting that was having issues?
Now my DC-account provider is refusing connection again. When looking deeper and searching I’ve found from samba wiki that when using samba as dc the time sync is found /etc/ntpd.conf or /etc/ntp.conf but there isn’t anything there. Could anyone point me in the right direction to set the correct time for the DC? Thanks to all in advance.

Are you running NethServer in a VM? What is the virtualization software?

Please attach any relevant log message from chronyd

journalctl -u chronyd
1 Like

Thank you for your quick response. I am running it as a VM. It’s running on Xenserver 7.0
Here is the output from the chronyd log:

[dale@ghost-dc ~]$ journalctl -u chronyd
-- Logs begin at Tue 2017-03-21 16:09:26 CDT, end at Tue 2017-03-21 19:36:31 CDT. --
Mar 21 16:09:35 ghost-dc -(removed Domain)- systemd[1]: Starting NTP client/server...
Mar 21 16:09:35 ghost-dc -(removed Domain)- chronyd[830]: chronyd version 2.1.1 starting (+CMDMON +NTP +REFCLOCK +RTC +P
Mar 21 16:09:35 ghost-dc -(removed Domain)- chronyd[830]: Frequency -19.776 +/- 0.171 ppm read from /var/lib/chrony/drif
Mar 21 16:09:36 ghost-dc -(removed Domain)- systemd[1]: Started NTP client/server.
Mar 21 16:10:08 ghost-dc -(removed Domain)- chronyd[830]: Selected source
Mar 21 16:10:08 ghost-dc -(removed Domain)- chronyd[830]: System clock wrong by 46.903327 seconds, adjustment started
Mar 21 16:10:55 ghost-dc -(removed Domain)- chronyd[830]: System clock was stepped by 46.903327 seconds
Mar 21 16:12:02 ghost-dc -(removed Domain)- chronyd[830]: Selected source
lines 1-9/9 (END)

Never had issues with From what you describe I’d say the VM clock drifts too quickly out of the chronyd tolerance. Is it “paused” then “started” by some way? I think the problem is in your hypervisor configuration.

1 Like

I apologize for the delay in response, I really wanted to try to get it without asking for additional help.
I checked the configuration of xenserver and when I had originally set it up I used the NS domain controller as the ntp server and configured the DC to use ntp pool since both xen servers running are attached to the domain of the virtualized NS-dc. (Although this may not be the best way to approach this my goal was to run a pair of xenservers with NS as a guest acting as firewall, Domain controller, etc since out of my Internet provider I the VM of NS locked in to facing the internet via MAC address)
– wanted to give information on original setup –
Prior to any changes on xen I checked the clock drift from NS to xen as you suggested and it was several minutes out. I then changed the ntp settings on xen to use ntp pool and restarted everything. Now for the past 24 hours the clockdrift between the two hasn’t changed at -47 seconds which I thought was within tolerances? However none of the changes have corrected the “Account Provider refused connection” error when trying to add a user, but when checking the domain accounts module it shows that LDAP and join is OK. Also, the clock on NS it good now as it’s pulling from ntp pool and not the host OS.
Thank you again for your help. I’m lost on where to proceed. Now that the clocks are correct on both the guest and host, is there anyway I can force change the clock on the account provider module?

It is not required: the Linux container shares its clock with the rest of the OS.

Would you be able to point me in the right direction as to where to continue troubleshooting? I’ve tried googling and reading the Documentation here but unless I overlooked something I haven’t found anything that helps with this issue.