Help

Time Server

ImAMacGuy
Valued Contributor II

Posted on ‎02-10-2011 09:54 AM

Is it possible to have casper check the time depending on the network
segment it's on and if found to be "off" then set the correct time?

Apparently our company blocks the time server or port that it's using
and so when we deploy a new system out of the box it fails the domain
join because the time is off. If we can set casper to check the
system's clock and then set to a pre-determined time based on segment,
that would be EXTREMELY helpful.

Currently we have a script that runs that sets the time server / time as
a first boot script - but if the analysts decide to include the Creative
Suite as part of their image process, then it screws up the script,
which screws up the domjoin.

John Wojda

Lead System Engineer, DEI

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Mac Tip/Tricks/Self Service & Support <http://bit.ly/gMa7TB>

0 Kudos
Reply
9 REPLIES 9

CasperSally
Valued Contributor II

Posted on ‎02-10-2011 10:01 AM

There were some posts on this a little while back.

We run this as part of a post image script among a few other things at reboot. We took binding out of the imaging configurations as we were having this issue.

To bind machines, the last line of our post image script (after time is set and a few other things) is sudo jamf policy -trigger bindings where bindings is a custom policy trigger that binds to domain

<<We also used a simpler script in past years, but it wasn't working this year (10.6)

#set date, time asap

TIMEZONE="America/New_York"

TIMESERVER="timeserver"

SetDateAndTime () {

systemsetup -settimezone "$TIMEZONE"

systemsetup -setusingnetworktime off

#backing up old NTP config

mv /private/etc/ntp.conf /private/etc/ntp.conf.date +%Y-%m-%d_%H.%M.%S

echo "server $TIMESERVER" > /private/etc/ntp.conf

systemsetup -setusingnetworktime on

sleep 5 #let the clock change before running date

date > /Library/Logs/CurrentTimeBeforeBind.log

}

SetDateAndTime

0 Kudos
Reply

Not applicable

Posted on ‎02-10-2011 10:11 AM

In my opinion, if your company runs a domain server without a corresponding time server, that is a very big problem. I strongly recommend insisting that that server be made available, as you're looking at a lot of issues down the road otherwise.

0 Kudos
Reply

jarednichols
Honored Contributor

Posted on ‎02-10-2011 10:18 AM

+1 concur.

As anything kerberos-based (including AD) is very time sensitive your DCs
or FR should be running their own time service. Even if their time isn't
the real-world time (does a few minutes really matter?) the biggest thing
is that everything can agree on just what time it is. You can be 12 hours
off of the real-world time but as long as everything is 12 hours off of
that time and agrees, you're good.

j
-- Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos
Reply

bentoms
Release Candidate Programs Tester

Posted on ‎02-10-2011 10:42 AM

It also depends on the time server used by the preferred dc.

We don't change here, but have clients hoping between countries & all is fine.

Regards,

Ben Toms

0 Kudos
Reply

ImAMacGuy
Valued Contributor II

Posted on ‎02-10-2011 01:51 PM

We have a time server, but it's internal and not accessible from the
outside world. We also block apple's default TS for whatever reason.

John Wojda
Lead System Engineer, DEI
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead: Matt Beiriger

0 Kudos
Reply

Not applicable

Posted on ‎02-10-2011 02:13 PM

If the time server is not accessible to the outside world, the domain controller probably isn't either. At least I hope not. But anywhere you can bind, you should be able to sync.

0 Kudos
Reply

Not applicable

Posted on ‎02-10-2011 07:24 PM

Interesting...

I have an internal time server configured, and I had the same issue with
new out-of-box systems.

I just built my base OS image with our time server already set, and that
took care of my binding issue.

Russell Shehan MCTS, ACTC
Operations Administrator
Hartland-Lakeside School District
Office: 262-369-6736
Cell: 262-949-2439
http://www.hartlake.org

0 Kudos
Reply

sean
Valued Contributor

Posted on ‎02-16-2011 09:42 AM

As suggested, you need an internal time server(s) that all your machines can reference and then you can just use a command in a simple script to point your machines at the necessary clock server(s).

There are various ways you could grab your domain in a script, but you can just use 'hostname'. [machinename].[domain]

Then you can use the following to set the server
systemsetup -setnetworktimeserver [domain]

Sean

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎02-16-2011 09:51 AM

If your NTP server is not accessible off site/campus and your users
take their laptops off site all the time, a little script with launchd
could check if you were inside or outside the network then set the time
server accordingly.

0 Kudos
Reply