:source-highlighter: highlight.js = A significant annoyance getting signd fed correctly == Issue statement Actual Results (chrony):: No response, and no useful logs I could find. Actual Results NTPsec:: No reponse, but the log indicated that signd returned the signing failure operation code with no payload. Expected Results:: They should both work. === Steps to reproduce on Asahi (Fedora 40) [source,console] ---- # dnf install samba samba-dc samba-client krb5-workstation # hostnamectl hostname bourbon2.jamesb192.com # firewall-cmd --permanent --add-service samba-dc # firewall-cmd --reload # rm -iv /etc/samba/smb.conf # mkdir -pv /etc/systemd/resolved.conf.d $ ip addr # nano /etc/systemd/resolved.conf.d/custom.conf # systemctl restart systemd-resolved # samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=JAMESB192.COM --domain=JAMESB192 # nano /etc/samba/smb.conf # cp /var/lib/samba/private/krb5.conf /etc/krb5.conf.d/samba-dc # systemctl enable samba --now # groupadd machines # useradd -g machines -d /var/lib/nobody -s /bin/false -c "local machine" bourbon2$ # useradd -g machines -d /var/lib/nobody -s /bin/false -c "Dell 2018" dell-2018$ # smbpasswd -a -m bourbon2 # smbpasswd -a -m dell-2018 # smbpasswd -a -m `whoami` $ grep 1001 /etc/passwd /etc/group /etc/passwd:bourbon2$:x:1001:1001:local machine:/var/lib/nobody:/bin/false /etc/passwd:dell-2018$:x:1002:1001:Dell 2018:/var/lib/nobody:/bin/false /etc/group:machines:x:1001: # head -n 99 /etc/samba/smb.conf /etc/systemd/resolved.conf.d/custom.conf /etc/krb5.conf.d/samba-dc ==> /etc/samba/smb.conf <== # Global parameters [global] dns forwarder = 192.168.42.1 netbios name = BOURBON2 realm = JAMESB192.COM server role = active directory domain controller server services = ntp_signd workgroup = JAMESB192 idmap_ldb:use rfc2307 = yes [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/jamesb192.com/scripts read only = No ==> /etc/systemd/resolved.conf.d/custom.conf <== [Resolve] DNSStubListener=no Domains=jamesb192.com DNS=192.168.42.78 ==> /etc/krb5.conf.d/samba-dc <== [libdefaults] default_realm = JAMESB192.COM dns_lookup_realm = false dns_lookup_kdc = true [realms] JAMESB192.COM = { default_domain = jamesb192.com } [domain_realm] bourbon2 = JAMESB192.COM ==> /etc/chrony.conf <== pool 2.fedora.pool.ntp.org iburst sourcedir /run/chrony-dhcp driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 192.168.42.0/24 allow 127.0.0.1/8 allow ::1 ntsdumpdir /var/lib/chrony leapsectz right/UTC logdir /var/log/chrony ntpsigndsocket /var/lib/samba/ntp_signd $ path/to/ntpq -D2 localhost 192.168.42.78 Module/Binary version mismatch Binary: ntpsec-1.2.3+58-gf873f69c4 Module: ntpsec-1.2.3+57-g5af01fe36-dirty ntpdig: querying ::1 (localhost) ntpdig: Sent to ::1: e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ea 95 a8 47 54 b1 18 00 ...........GT... 00 00 03 e9 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... ntpdig: querying 127.0.0.1 (localhost) ntpdig: Sent to 127.0.0.1: e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ea 95 a8 4c 56 04 70 00 ...........LV.p. 00 00 03 e9 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... ntpdig: querying 192.168.42.78 (192.168.42.78) ntpdig: Sent to 192.168.42.78: e3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ea 95 a8 51 57 79 80 00 ...........QWy.. 00 00 03 e9 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... ntpdig: no eligible servers ---- //end