Question

Fedora Core 3 NTP server setup

Asked by: M_A_D_C_A_T

Hi

I have installed Fedora Core 3 (64bit ed) on a PC to use as my squid, httpd, sql etc server on my network.

I am attempting to setup NTP on this server, but I am behind a firewall that blocks port 123, therefore I cannot connect to any NTP servers on the internet. This is OK though, I will be happy having all the computers on this network sync with the local time on the server.

My problem is that when I attempt to sync time with the server I receive the following error:
>#ntpdate -u 10.71.128.47
20 May 13:32:34 ntpdate[12763]: no server suitable for synchronization found

When I start the ntpd service on the server, It fails to sync with the time server.

If I run ntpdate -d 10.71.128.47 on the server itself ( the server is 10.71.128.47), It reports that the "Server dropped: strata too high" (The strata being 16) and that the reference time is "Thu, Feb 7 2036 6:28:16.000"

I have removed all server directives in ntp.conf, step-tickers and ntpservers files.

All client machines report that the time server is not avaible.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-05-19 at 21:24:13ID21430796
Tags

server

,

ntp

,

fedora

Topic

Linux Networking

Participating Experts
1
Points
400
Comments
16

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. fedora core 1 mirror sites for yum.conf
    Hello experts, Anyone has a working yum.conf with good mirror sites for Fedora Core 1? Please show mw your yum.conf. Thanks.
  2. Fedora core 4
    Greetings! Can someone point me to a good link on howto get dvd's to run in fedora core 4. TIA
  3. sync time on two linux fedora core 5
    hi, Two freshly installed fedora core 5. Please assist how can we set the time for server B to sync with server A? thanks!

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: RedimidoPosted on 2005-05-19 at 21:40:19ID: 14043020

first check the time server is running:

ps -efa | grep -v grep | grep ntpd

if you do not get any line, then you do not have the ntp server running.

to start the ntp server:

ntpd

if you do not get an error message on the command line, check the messages log:

dmesg

or

tail -30 /var/log/messages

and check what is the error.

I would think your problem is that you do not have any time server to syncronize with.
can you confirm that's the case?

 

by: RedimidoPosted on 2005-05-19 at 21:51:51ID: 14043050

another way to see if your ntpd server is working, is if it anwsers:
ntpq -p

with something different than "***Request timed out"

now, check if with this in your /etc/ntp.conf
#local time sources:
server 127.127.1.0              # local clock (LCL)
fudge  127.127.1.0 stratum 10   # LCL is unsynchronized

#don't forget to add a drift file and a log one so you can read the error messages when they appear:
driftfile /etc/ntp.drift
logfile   /var/log/ntp


you can work fine.

also check you are able to answer local computers time in the firewall
iptables -I INPUT -p tcp --dport 123 -j ACCEPT


hope this help

 

by: M_A_D_C_A_TPosted on 2005-05-19 at 21:52:20ID: 14043053

NTPD is running, there are no erros in /var/log/messages after I start the ntpd server.

ay 20 04:43:35 squid ntpd[15383]: ntpd 4.2.0a@1.1190-r Mon Oct 11 09:15:58 EDT2004 (1)
May 20 04:43:35 squid ntpd[15383]: precision = 1.000 usec
May 20 04:43:35 squid ntpd[15383]: Listening on interface wildcard, 0.0.0.0#123
May 20 04:43:35 squid ntpd[15383]: Listening on interface wildcard, ::#123
May 20 04:43:35 squid ntpd[15383]: Listening on interface lo, 127.0.0.1#123
May 20 04:43:35 squid ntpd[15383]: Listening on interface eth0, 10.71.128.47#123
May 20 04:43:35 squid ntpd[15383]: kernel time sync status 0040

> would think your problem is that you do not have any time server to syncronize with.
can you confirm that's the case?

I am aware that I cannot syncronize with any time servers. I wish to set up this PC to act as a time server for my LAN.

I beleive that the clients are ignoring the time from the server because the server is not synced with a high stratam server.

 

by: M_A_D_C_A_TPosted on 2005-05-19 at 21:58:47ID: 14043076

Hi
my /etc/ntp.conf file:
server 127.127.1.0 #local clock (LCL)
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp.drift
logfile /var/log/ntp

I not running iptables firewall

Even with the strarum set to 10 for the localhost; ntpdate -d still says that the stratum is 16

 

by: M_A_D_C_A_TPosted on 2005-05-19 at 22:21:28ID: 14043143

I can confirm that clients are connecting the the server:
>#ntpdc
monlist shows  3 computers that I tried to sync their times with

 

by: RedimidoPosted on 2005-05-19 at 22:27:47ID: 14043161

okay

check that *really* you do not have a firewall:

iptables -L -vn

iptables -L -vn -t nat

what they say?

 

by: M_A_D_C_A_TPosted on 2005-05-19 at 22:30:43ID: 14043165

Hi here is the output for  the above commands:

iptables -L -vn
Chain INPUT (policy ACCEPT 2328 packets, 1102K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0        tcp dpt:123

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 2232 packets, 797K bytes)
 pkts bytes target     prot opt in     out     source               destination
[root@squid ~]# iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

 

by: RedimidoPosted on 2005-05-19 at 22:36:28ID: 14043178

okay. it is not filtered.

now, lets see. you internal interface is eth0?
May 20 04:43:35 squid ntpd[15383]: Listening on interface eth0, 10.71.128.47#123

can you telnet from the windows machine to
10.71.128.47 port 123? (I would try to use PuTTY for that)

did you tried to use nettime from sourceforge?
http://NetTime.sourceforge.net/

it sould see your internal network and discover your ntp daemon on the linux server, or you can set it up by hand and make it try to update itself.

 

by: M_A_D_C_A_TPosted on 2005-05-22 at 17:03:01ID: 14057007

>can you telnet from the windows machine to
10.71.128.47 port 123? (I would try to use PuTTY for that)

no, I receive connection refused errors. I have a old ntp server on this network (redhat 9) that is to be de-commisioned and that  machine also refuses telnet connections to port 123

>did you tried to use nettime from sourceforge?
I installed Nettime on one of the few PCs that I have here ( the network has 100+ macs running OS9 and OSX). It found ntp server ok and managed to sync with it, so the server is running. I tried to sync using the normal date/time control panel, and I received the following error:

An error occurred while Windows was synchronizing with 10.71.128.47. The time sample was rejected because: The peers stratum is less than the host's stratum.

Like I said in my first post - the server's stratum is being set to 16 which is not high enough for most clients to be happy syncing with, so the time is rejected.

This is a ntpdc - sysinfo dump of my working NTP server running on redhat 9:
ntpdc> sysinfo
system peer:          LOCAL(0)
system peer mode:     client
leap indicator:       00
stratum:              11
precision:            -16
root distance:        0.00000 s
root dispersion:      0.01147 s
reference ID:         [127.127.1.0]
reference time:       c63b9a1f.901669ce  Mon, May 23 2005  9:24:07.562
system flags:         auth monitor ntp kernel stats
jitter:               0.000015 s
stability:            0.000 ppm
broadcastdelay:       0.007996 s
authdelay:            0.000000 s

This is a dump of my non-working NTP server running on FC3:
ntpdc> sysinfo
system peer:          0.0.0.0
system peer mode:     unspec
leap indicator:       11
stratum:              16
precision:            -20
root distance:        0.00000 s
root dispersion:      0.01996 s
reference ID:         [73.78.73.84]
reference time:       00000000.00000000  Thu, Feb  7 2036  6:28:16.000
system flags:         auth monitor ntp kernel stats
jitter:               0.000000 s
stability:            0.000 ppm
broadcastdelay:       0.003998 s
authdelay:            0.000000 s

 

by: RedimidoPosted on 2005-05-22 at 18:31:34ID: 14057296

why the old ntp server has this:

reference ID:         [73.78.73.84]


while the new one is not syncing with ouside?

maybe only that host is allowed by the firewall, so I would try to add it to ntp.conf

server 73.78.73.84

 

by: M_A_D_C_A_TPosted on 2005-05-22 at 19:12:44ID: 14057426

Hi
>why the old ntp server has this:
>reference ID:         [73.78.73.84]

It doesn't - that is from the non-working new install of FC3 that I am attempting to get to work. I have no idea where it is getting that address from, you wil also see that the time it gets from that "server" is Thu, Feb  7 2036  6:28:16.000, which i can confirm is not the FC3 server time

 

by: RedimidoPosted on 2005-05-22 at 19:32:42ID: 14057495

Ok... there is another way:

setup two servers, and make one to syncronize against the other one

 

by: M_A_D_C_A_TPosted on 2005-05-22 at 20:35:34ID: 14057679

Hi,

I don't believe that would work, I would run into the same problem with the second machine as I have with this one.

The problem is that the fudge line of ntp.conf  doesn't appear to be working - when the server cannot sync with external servers, it should default to a stratum 10 server; but it is not.

 

by: RedimidoPosted on 2005-05-22 at 21:48:14ID: 14057824

well, I see another difference between both ntp servers:

the working one has this:
    >ntpdc> sysinfo
    system peer:          LOCAL(0)
    system peer mode:     client

while the other, has this:
    ntpdc> sysinfo
    system peer:          0.0.0.0
    system peer mode:     unspec

I think you can configure as this:
    # A very simple client-only ntp configuration.
    restrict aaa.bbb.ccc.ddd  # nonexistent server!
    server 127.127.1.0 # local clock
    fudge 127.127.1.0 stratum 10
    driftfile /etc/ntp/drift

this setup makes ntp try to configure with an inenxistent host, then fail, and begin to syncronize with itself.
which stratum do you get?

 

by: RedimidoPosted on 2005-05-22 at 21:52:15ID: 14057832

I tried it in a Slackware server and got a stratum 10 ntp server...

 

by: M_A_D_C_A_TPosted on 2005-05-22 at 22:23:46ID: 14057916

I made a new ntp.conf with the settings as described in your post and rebooted the system.

from /var/log/messages:
May 23 05:13:24 squid ntpd[2692]: ntpd 4.2.0a@1.1190-r Mon Oct 11 09:15:58 EDT 2004 (1)
May 23 05:13:24 squid ntpd: ntpd startup succeeded
May 23 05:13:24 squid ntpd[2692]: precision = 1.000 usec
May 23 05:13:24 squid ntpd[2692]: Listening on interface wildcard, 0.0.0.0#123
May 23 05:13:24 squid ntpd[2692]: Listening on interface wildcard, ::#123
May 23 05:13:24 squid ntpd[2692]: Listening on interface lo, 127.0.0.1#123
May 23 05:13:24 squid ntpd[2692]: Listening on interface eth0, 10.71.128.47#123
May 23 05:13:24 squid ntpd[2692]: kernel time sync status 0040
May 23 05:13:24 squid ntpd[2692]: getaddrinfo: "aaa.bbb.ccc.ddd" invalid host address, ignored
May 23 05:13:24 squid ntpd[2692]: frequency initialized 0.000 PPM from /etc/ntp/drift
Therefore the server is running and reading the new settings.
After running ntpdate on the server I get:
# ntpdate -d 10.71.128.47
23 May 05:18:55 ntpdate[3481]: ntpdate 4.2.0a@1.1190-r Mon Oct 11 09:15:59 EDT 2004 (1)
Looking for host 10.71.128.47 and service ntp
host found : 10.71.128.47
transmit(10.71.128.47)
receive(10.71.128.47)
transmit(10.71.128.47)
receive(10.71.128.47)
transmit(10.71.128.47)
receive(10.71.128.47)
transmit(10.71.128.47)
receive(10.71.128.47)
transmit(10.71.128.47)
server 10.71.128.47, port 123
stratum 11, precision -20, leap 00, trust 000
refid [10.71.128.47], delay 0.02562, dispersion 0.00000
transmitted 4, in filter 4
reference time:    c63be637.0446d82b  Mon, May 23 2005  5:18:47.016
originate timestamp: c63be63f.4e84cf07  Mon, May 23 2005  5:18:55.306
transmit timestamp:  c63be63f.4e83f4ec  Mon, May 23 2005  5:18:55.306
filter delay:  0.02573  0.02563  0.02562  0.02562
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.000039 0.000003 0.000001 0.000001
         0.000000 0.000000 0.000000 0.000000
delay 0.02562, dispersion 0.00000
offset 0.000001

23 May 05:18:55 ntpdate[3481]: adjust time server 10.71.128.47 offset 0.000001 sec


IT WORKS!!!, the windows OSX and OS9 machines now sync.

I had tried the above conf file without rebooting the server,  and I got the same
getaddrinfo: "aaa.bbb.ccc.ddd" invalid host address, ignored, but the stratum was not set to 11 - weird

Thanks for your assisstance

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...