Seeking "net time" Response without Active Directory - NTP

This is a discussion on Seeking "net time" Response without Active Directory - NTP ; We use a pc punchclock that relies on the "net time" command. We are a netware/linux shop and use an ntp time source, however, we do not use Active Directory. So far have been unable to make the punchclock work. ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: Seeking "net time" Response without Active Directory

  1. Seeking "net time" Response without Active Directory

    We use a pc punchclock that relies on the "net time" command. We are
    a netware/linux shop and use an ntp time source, however, we do not
    use Active Directory. So far have been unable to make the punchclock
    work. Is there any way we can respond with the time when the
    punchclock requests "net time?" Any assistance would be appreciated.
    Glenn in NJ

  2. Re: Seeking "net time" Response without Active Directory

    Glenn,

    gcatlin@ix.netcom.com wrote:
    > We use a pc punchclock that relies on the "net time" command. We are
    > a netware/linux shop and use an ntp time source, however, we do not
    > use Active Directory. So far have been unable to make the punchclock
    > work. Is there any way we can respond with the time when the
    > punchclock requests "net time?" Any assistance would be appreciated.


    "net time" uses a NETBIOS call to query the time from another machine. If
    you are running a Linux machine then you can enable samba to reply to those
    requests.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  3. Re: Seeking "net time" Response withoutActive Directory

    Martin Burnicki wrote:
    > Glenn,
    >
    > gcatlin@ix.netcom.com wrote:
    >> We use a pc punchclock that relies on the "net time" command. We are
    >> a netware/linux shop and use an ntp time source, however, we do not
    >> use Active Directory. So far have been unable to make the punchclock
    >> work. Is there any way we can respond with the time when the
    >> punchclock requests "net time?" Any assistance would be appreciated.

    >
    > "net time" uses a NETBIOS call to query the time from another machine. If
    > you are running a Linux machine then you can enable samba to reply to those
    > requests.
    >
    > Martin


    I cannot understand why anyone would want to use a NETBIOS call on Linux
    to get time from another machine when it would be far easier and more
    supportable to just install NTP and create a configuration file to point
    to a number of NTP servers.

    Danny

  4. Re: Seeking "net time" Response without Active Directory

    Danny,

    Danny Mayer wrote:
    > Martin Burnicki wrote:
    >> Glenn,
    >>
    >> gcatlin@ix.netcom.com wrote:
    >>> We use a pc punchclock that relies on the "net time" command. We are
    >>> a netware/linux shop and use an ntp time source, however, we do not
    >>> use Active Directory. So far have been unable to make the punchclock
    >>> work. Is there any way we can respond with the time when the
    >>> punchclock requests "net time?" Any assistance would be appreciated.

    >>
    >> "net time" uses a NETBIOS call to query the time from another machine. If
    >> you are running a Linux machine then you can enable samba to reply to
    >> those requests.
    >>
    >> Martin

    >
    > I cannot understand why anyone would want to use a NETBIOS call on Linux
    > to get time from another machine when it would be far easier and more
    > supportable to just install NTP and create a configuration file to point
    > to a number of NTP servers.


    If I've understood the OP correctly then he wants to synchronize some
    exiting devices which only support "net time" to _get_ the time.

    So he needs another device which can reply to those "net time" queries, and
    this could be a *ix machine running samba.

    Of course NTP would be preferable if it could be run on those clients, and
    of course NTP should be used to synchronize the *ix machine.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  5. Re: Seeking "net time" Response without Active Directory

    On Jan 2, 10:02*pm, gcat...@ix.netcom.com wrote:
    > We use a pc punchclock that relies on the "net time" command. *We are
    > a netware/linux shop and use an ntp time source, however, we do not
    > use Active Directory. *So far have been unable to make the punchclock
    > work. *Is there any way we can respond with the time when the
    > punchclock requests "net time?" *Any assistance would be appreciated.
    > Glenn in NJ


    Actually, any Windows NT4, 200, XP, or 2003 machine, should respond to
    a NET TIME query by default. Provided, of course, that NETBIOS is open
    on that machine's firewall, which it will be if there are shared
    folders or printers. There is no requirement for Active Directory; in
    fact, Active Directory domains use the NTP protocol to synchronize
    time, not NET TIME.

    So, if you have a windows file server, use that. Or pick a workstation
    if you don't have a Windows Seerver, and choose that as the NET TIME
    query destination. You can use the built in WIndows Time Service on
    Windows 2000 or later, or use the full ntpd for Windows to keep the
    machine's clock correct.

  6. Re: Seeking "net time" Response without Active Directory

    Martin, Danny, and Ryan, thank you for the suggestions. The
    punchclock software we use is pcEntry by Paychex. Below are some
    points that my original post overlooked.

    1. We do have Windows servers; but our workstations, a combo of (a)
    Win2000 with no firewall, (b) WinXP with the Windows Firewall and an
    exception for 'File and Print Sharing,' and (c) a couple Vista boxes,
    are not receiving a reply to "net time". It had been my understanding
    that to receive a reply to "net time" required on a domain controller,
    and we don't have any of them.

    2. Our servers get the time from ntp sources, but it's my
    understanding that being ntp-aware isn't enough to cause a Windows
    workstation to receive a reply when they issue a "net time" query.

    3. I did not know that if we enable samba on our Linux server we could
    have our 'net time' requests replied to. I'll try to figure out how
    to do that.

    4. The reason we need to continually synchronize our devices during
    the day to a reliable time source is because we have devices with
    internal clocks that drift +/- quite a bit during a workday. The
    people with the fast clocks wave 'goodbye' to those with the slow
    clocks as they head out the door; the people with the slow clocks
    grunt and blame the network administrator. A hundred or so
    workstations are involved; so various registry tweeks to increase the
    frequency of the "Internet Time' in Control Panel 'Date and Time'
    would be too much of a headache.

    5. If we get "net time" to work, then all local stations (punchclocks)
    should the same time, effectively locking down the time used for
    punches. That would be good because someone was fired here a few years
    ago for advancing their clock by an hour or so, punching out and
    leaving. We do not want to offer that temptation.

    Glenn in NJ

  7. Re: Seeking "net time" Response withoutActive Directory

    gcatlin@ix.netcom.com wrote:
    > Martin, Danny, and Ryan, thank you for the suggestions. The
    > punchclock software we use is pcEntry by Paychex. Below are some
    > points that my original post overlooked.
    >
    > 1. We do have Windows servers; but our workstations, a combo of (a)
    > Win2000 with no firewall, (b) WinXP with the Windows Firewall and an
    > exception for 'File and Print Sharing,' and (c) a couple Vista boxes,
    > are not receiving a reply to "net time". It had been my understanding
    > that to receive a reply to "net time" required on a domain controller,
    > and we don't have any of them.
    >


    Installing ntpd solves these problems.

    > 2. Our servers get the time from ntp sources, but it's my
    > understanding that being ntp-aware isn't enough to cause a Windows
    > workstation to receive a reply when they issue a "net time" query.
    >
    > 3. I did not know that if we enable samba on our Linux server we could
    > have our 'net time' requests replied to. I'll try to figure out how
    > to do that.
    >
    > 4. The reason we need to continually synchronize our devices during
    > the day to a reliable time source is because we have devices with
    > internal clocks that drift +/- quite a bit during a workday. The
    > people with the fast clocks wave 'goodbye' to those with the slow
    > clocks as they head out the door; the people with the slow clocks
    > grunt and blame the network administrator. A hundred or so
    > workstations are involved; so various registry tweeks to increase the
    > frequency of the "Internet Time' in Control Panel 'Date and Time'
    > would be too much of a headache.
    >


    This is normal. The computer manufacturers put no effort into getting
    good clock hardware and buy the cheapest that they can find. NTP is
    designed to deal with this and keep the clocks disciplined so that they
    never drift. That's why it would be worth your while to install NTP so
    you don't have this problem.

    > 5. If we get "net time" to work, then all local stations (punchclocks)
    > should the same time, effectively locking down the time used for
    > punches. That would be good because someone was fired here a few years
    > ago for advancing their clock by an hour or so, punching out and
    > leaving. We do not want to offer that temptation.
    >


    On Windows, you can set the privileges so that noone has the privilege
    to change the time, except for an adminstrator (and ntpd).

    Danny
    > Glenn in NJ


  8. Re: Seeking "net time" Response without Active Directory

    Glenn,

    my native language is German, not English, so maybe I have misunderstood
    your original post.

    > Martin, Danny, and Ryan, thank you for the suggestions. The
    > punchclock software we use is pcEntry by Paychex. Below are some
    > points that my original post overlooked.
    >
    > 1. We do have Windows servers; but our workstations, a combo of (a)
    > Win2000 with no firewall, (b) WinXP with the Windows Firewall and an
    > exception for 'File and Print Sharing,' and (c) a couple Vista boxes,
    > are not receiving a reply to "net time". It had been my understanding
    > that to receive a reply to "net time" required on a domain controller,
    > and we don't have any of them.


    So your puchclock boxes are all native Windows machines. On Windows 2000 or
    newer, w32time is installed by default. If your workstations were domain
    members then they would automatically detect their domain controller as
    time source, and synchronize to it. Since you don't have a domain, all the
    machines be configured by default to get their time from time.windows.com
    in very large intervals only. I'm not sure whether w32time is even started
    automatically on W2k if that machine is not a domain member.

    Anyway, using "net time" to synchronize the clock is obsolete if either
    w32time or NTP for Windows can be used.

    What may be causing some misunderstanding here is that "net time" commands
    may also be used to configure w32time, e.g. "net time /setsntp:.."
    configures the time source to which w32time should send its (S)NTP queries.

    As Danny has already mentioned, installing ntpd can solve these problems.
    The current version also supports an "unattended installation" which
    simplifies installation with a predefined configuration on a large number
    of machines.

    > 2. Our servers get the time from ntp sources, but it's my
    > understanding that being ntp-aware isn't enough to cause a Windows
    > workstation to receive a reply when they issue a "net time" query.
    >
    > 3. I did not know that if we enable samba on our Linux server we could
    > have our 'net time' requests replied to. I'll try to figure out how
    > to do that.


    See above, you won't need "net time"

    > 4. The reason we need to continually synchronize our devices during
    > the day to a reliable time source is because we have devices with
    > internal clocks that drift +/- quite a bit during a workday. The
    > people with the fast clocks wave 'goodbye' to those with the slow
    > clocks as they head out the door; the people with the slow clocks
    > grunt and blame the network administrator. A hundred or so
    > workstations are involved; so various registry tweeks to increase the
    > frequency of the "Internet Time' in Control Panel 'Date and Time'
    > would be too much of a headache.


    This is exactly what NTP tries to fix as good as possible under Windows.

    > 5. If we get "net time" to work, then all local stations (punchclocks)
    > should the same time, effectively locking down the time used for
    > punches. That would be good because someone was fired here a few years
    > ago for advancing their clock by an hour or so, punching out and
    > leaving. We do not want to offer that temptation.


    If you run NTP for Windows here then the times should be synchronized to a
    couple of milliseconds. Of course it's a good idea disable time to be
    changed by the normal users, as Danny has suggested.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  9. Re: Seeking "net time" Response without Active Directory

    On Wed, 02 Jan 2008 20:02:05 -0800, gcatlin wrote:

    > We use a pc punchclock that relies on the "net time" command. We are a
    > netware/linux shop and use an ntp time source, however, we do not use
    > Active Directory. So far have been unable to make the punchclock work.
    > Is there any way we can respond with the time when the punchclock requests
    > "net time?" Any assistance would be appreciated. Glenn in NJ


    What version of Winblows is it? Does "net help time" mention /setsntp? If
    it does:

    net time "/setsntp:192.168.0.1 192.168.0.2 192.168.0.3"

    Choice of appropriate ntp servers is left as an exercise for the OP.

    --
    2008/01/04:11:56:36UTC Slackware Linux 2.4.32
    up 32 days, 2:29, 6 users, load average: 2.43, 2.45, 2.30


  10. Re: Seeking "net time" Response without Active Directory

    On Jan 3, 10:43*pm, ma...@ntp.isc.org (Danny Mayer) wrote:
    >
    > Installing ntpd solves these problems.
    >

    My assumption is that the configuration of the punchclock machine
    cannot be altered beyond configuring a "NET TIME" source. This is very
    common for "appliance" system, whether they are based on Windows or
    some other OS.

    We used to have a nuynber of Fiery print controllers that were
    actually Windows 2000 machines, but they could not be modified by
    installing additional software or even patches. Only signed
    executables will run on them.

    Similaryly, our SAN cluster nodes all run a variant of FreeBSD on Xeon
    processors, but again, only signed code will run unless you want to
    replace the entire software stack. Vendors have to do that to ease
    support, especially for something that needs to be highly reliable
    like a SAN or highly audited like a time clock.

    --
    RPM


+ Reply to Thread