Synopsis: This article explains how to automate your CensorNet's time synchronisation against an Active Directory server. It also explains one of the reasons why a perfectly working NTLM authentication system may suddenly be failing.

If you read through the items in the Configuration Overview you will have read about how to set your BIOS clock and time zone. But that just sets the clock for the initial install.

Computer clocks tend to drift over time and you may find that eventually your CensorNet's clock is more than +/- five minutes out as compared with your Active Directory server, at which point authentication will fail. You may not notice immediately if you are using NTLM authentication as everyone will fail over to using the default policy.

Fortunately, the fix is simple. Simply set the CensorNet's clock from the Active Directory server's clock. Before we set out to automate it, however, we should find out if the command will work in its natural state, or whether you need to use an operand to coax it. Log into the command line as root and type :-

net time set

Your CensorNet's clock should be reset to the time that is current on your Active Directory server.

Sometimes, however, instead of resetting the time, the command will spit a lot of comments out as a response. This just means that the CensorNet was not able to immediately identify your AD server. In that case, try typing this command :-

net -I 1.2.3.4 time set

Obviously, you should use your AD server's IP address inplace of the 1.2.3.4 shown here. You should now see that the CN's time is set correctly.

Now that we have the command you need to type worked out, we are ready to automate the process. Type the following commands :-

cd /etc

nano crontab

You are now editing the crontab file. At the bottom of the file add a line similar to the following :-

0 0 * * * root net -I 1.2.3.4 time set

The line indicates that at zero minutes past zero hours (midnight), each and every day, the cron system should run the net time command with root user privileges.

What this means, in English, is that at Midnight every day, the CN will reset its time to that currently held by your AD server. So clock drift should become a thing of the past.

To save the file type Ctrl-O RETURN

Type Ctrl-X to exit the editor.

The job is now complete.

See also: Clock Drift Clock Drift within a VMWare instance