Fix #144: /run/samba/ntp_signd/ directory: wrong permissions prevent …

…time synchronisation.

lib/constants.py

@@ -3,7 +3,7 @@
 # constants.py
 #
 # thomas@linuxmuster.net
-# 20211221
+# 20220910
 #
 
 # don't change this file
@@ -17,6 +17,7 @@
 SCHOOLCONF = DEFAULTSCHOOL + '/school.conf'
 SCHOOLSSHARE = '/srv/samba/schools'
 WIMPORTDATA = DEFAULTSCHOOL + '/devices.csv'
+NTPSOCKDIR = '/var/lib/samba/ntp_signd'
 SYSVOLDIR = '/var/lib/samba/sysvol'
 SYSVOLTLSDIR = SYSVOLDIR + '/@@domainname@@/tls'
 SSLDIR = SYSDIR + '/ssl'

lib/setup.d/d_templates.py

@@ -80,6 +80,7 @@
         filedata = filedata.replace('@@sambadomain@@', sambadomain)
         filedata = filedata.replace('@@servername@@', servername)
         filedata = filedata.replace('@@serverip@@', serverip)
+        filedata = filedata.replace('@@ntpsockdir@@', constants.NTPSOCKDIR)
         # get target path
         firstline = filedata.split('\n')[0]
         target = firstline.partition(' ')[2]
@@ -127,6 +128,9 @@
 # set server time
 msg = 'Adjusting server time '
 printScript(msg, '', False, False, True)
+subProc('mkdir -p /var/lib/samba/ntp_signd', logfile)
+subProc('chgrp ntp /var/lib/samba/ntp_signd', logfile)
+subProc('chmod 640 /var/lib/samba/ntp_signd', logfile)
 subProc('timedatectl set-ntp false', logfile)
 subProc('systemctl stop ntp', logfile)
 subProc('ntpdate pool.ntp.org', logfile)

share/templates/ntp.conf

@@ -19,4 +19,4 @@ restrict -6 default kod notrap nomodify nopeer noquery limited mssntp
 restrict 127.0.0.1
 restrict ::1
 restrict source notrap nomodify noquery
-ntpsigndsocket /var/lib/samba/ntp_signd/
+ntpsigndsocket @@ntpsockdir@@

share/templates/smb.conf

@@ -27,7 +27,7 @@ spoolss:architecture = Windows x64
 printing = cups
 printcap name = cups
 time server = yes
-ntp signd socket directory = /var/lib/samba/ntp_signd
+ntp signd socket directory = @@ntpsockdir@@
 ntlm auth = mschapv2-and-ntlmv2-only
 
 [netlogon]