Question

NTP client in Solaris 9

Asked by: jfeng5150

Helper,

How can I correctly implement Solaris 9 NTP client on a Sun server? I did exactly as Sun document said but the ntpxd daemon running and it listens on port 123 on all network interfaces, which makes our security guy unhappy. Please advise.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2003-05-29 at 12:55:15ID20630600
Tags

solaris

,

ntp

,

9

,

client

Topics

Sun Solaris

,

Sun JDS

Participating Experts
6
Points
0
Comments
14

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. NTP -  Solaris 2.5.1 - How???
    The instructions for configuring ntp on Solaris 2.6. , 7 , and 8 don't seem to work for 2.5.1 and solaris doesn't provide any documentation for configuring ntp on solaris 2.5.1. Does anyone know how to? thks.
  2. set up NTP on Solaris 8
    We're moving our NTP service from an older system to a new one. Can someone give me clues on how to set up NTP on Solaris 8? I am REALLY new to Unix and have only a limited amount of familiarity. I know nothing of writing scripts for Unix. Points will increase to anyone who c...
  3. Solaris 8 NTP server and client configuration
    I have attempting a to create a 2 layer sync time design. In my ist layer, I have a win server using nettime to grab time from a external time server and at the same time behave as a internal time server to allow client to sync time. In my second layer, I am trying to configu...
  4. NTP
    Well my ntp server is getting me time wrong from the remote server because of daylight saving configured on the remote machine how do i solve te problem
  5. Is NTP enabled by default in Solaris 5.10 ??
    Is NTP enabled by default in solaris 10?
  6. Solaris 8 and NTP question
    Does solaris 8 have NTP started by default?

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: jleviePosted on 2003-05-29 at 13:54:38ID: 8609056

It sounds like you've configured NTP to be a multicast client. It is just as easy to configure the client to poll a specific NTP server(s) by having something like:

server 111.222.333.444 prefer

in /etc/inet/ntp.conf

 

by: jfeng5150Posted on 2003-05-29 at 14:09:58ID: 8609146

jlevie,

Thanks for the information. However I have tried that, as soon as I restart the ntpxd, the daemon will do the same thing. I never had same problem with Solaris 8 environment.

 

by: jleviePosted on 2003-05-29 at 15:45:41ID: 8609657

I'll have to play with this on one of my Solaris 9 boxes.

 

by: bummerlordPosted on 2003-05-29 at 18:31:34ID: 8610630

If you don't need to serve as  UTC reference for other hosts you could use "ntpdate"  running periodically from cron instead.
(1-2 hour interval)
Note that you would still want to use several references to avoid being fooled by a really insane ntp server.
ntpdate will set the system time regardless.. whereas xntpd won't  do anything if the system time differs enough from the UTC.

/b

 

by: bummerlordPosted on 2003-05-29 at 18:38:15ID: 8610653

..or you could perhaps use SunScreen to block access to port 123  on the other interfaces (?)
(I can't find anything in the man page of xntpd that enables binding to a specific interface)

 

by: jfeng5150Posted on 2003-05-30 at 05:19:18ID: 8613305

Bummerlord,

Yes. I am using ntpdate to sync the time for now but I would like to find a correct way to implement the ntp client. I hope.

 

by: bummerlordPosted on 2003-05-30 at 15:48:33ID: 8617634

The correct way would be the way that keeps your system time ~correct.
Do you often loose connectivity to the Internet for long periods (dialup connection?), and you want to rely on the drift estimation maintained by ntpd rather then steping the time in larger chunks when ntpdate reaches a server again?
Or do you need to provide UTC for other internal hosts via this server as well (bypassing the firewall or whatever)?
I see no other real reason for using ntpd instead of ntpdate..  unless of course you are running a Sun cluster.

Anyway, the options you have seems to be
a) Filter the ports using a firewall software (e.g SunScreen or IPfilter)
b) Accept that port 123/udp accepts packets, and configure ntpd to _not_ send packets to _all_ IP addresses on the "other" interfaces.
(it's all in the man page about interface restrictions)
c) continue using ntpdate

 

by: mrquinPosted on 2003-06-01 at 06:00:12ID: 8623574

To keep my servers time in sync, I use the following:
     /usr/sbin/ntpdate nist1.datum.com time.nist.gov time-a.nist.gov

you can add this to cron and have it run every hour:
     0 * * * *             /usr/sbin/ntpdate nist1.datum.com time.nist.gov time-a.nist.gov > /dev/null 2>&1

it works just as good and there is no need to open up your firewall.

Here is a good website for all the NIST atomic clocks you can add on the list
     http://www.boulder.nist.gov/timefreq/service/time-servers.html

they say the more servers you query, the more accurate your clock will be.

Hope this helps.

 

by: bummerlordPosted on 2003-06-01 at 13:22:05ID: 8625330

Yes, it's the way Coordinated Universal Time (UTC) protocol works. The more the merrier...

All reasonable correct servers are used to calculate an average time (network latency is taken into account).
If using ntpd to synch the clock you may use ntpq to query and set parameters for the local daemon.
E.g to list the configured peers with some status indications, you would issue the command "peers" in ntpq interactive mode, or say "ntpq -c peers"  in the shell prompt.
There will be a sign in the left margin (+,-,*,x) that tell if the peers reference is being used to calculate the time in your server or not.
+ means the server is included, * is for the prefered choice (best  offset in relation to network latency I think), - and x is for peers out of synch or with bad network connectivity (at least they're not used for some reason or another)

You'd defenately have better control over the situation using the daemon considering you can make some checks using ntpq.

Also, remeber to notify the admin of the servers you intend to use, and don't use the server unless you have got an OK back.
Heavily loaded servers have less chance of providing accurate reference, thus weakening the entrie idea of NTP... keep the admin informed so he/she can scale the service as appropriate (or tell you  to go elsewhere)

 

by: jfeng5150Posted on 2003-06-02 at 10:47:05ID: 8631314

Thanks for all the ideas and recommendations. I am using the ntpdate to sync the time on the server before I came to here for help. I would like to close this issue but I do not know if I should accept any of these comments since I really did not use any of them. Please advise.

 

by: beskyPosted on 2003-06-03 at 00:38:26ID: 8636205

Im not sure I understand your question.

ntp is working, right, clock is adjusting  ?

But you say "it listens on ALL interfaces on port 123",
that´s not true.
Running as a multicastclient it listens on address
224.0.1.1 and this adressclass is only assigned to
the primary interface.
Run netstat -rn to see the routingtable.

When running as a broadcastclient it listens for the
hosts net.255 address which also are on the primary
interface.

I have a mixed env. with Solaris 7,8,9 Linux, XP, Me
and BSD  and it works pretty well, hm, forget Me and XP.
Why bother trying.

If your sysadm is that focused on security, make sure you
use encryption on clients. See man xntpd


HTH

 

by: bummerlordPosted on 2003-06-03 at 02:02:43ID: 8636592

Post a 0 point question into "community support" asking to have the points refunded.
Though if you use any of the information provided in the future, remember to buy be a beer ;-)
/b

 

by: liddlerPosted on 2004-03-06 at 01:40:14ID: 10530234

No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

PAQ and refund

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

liddler
EE Cleanup Volunteer

 

by: ampPosted on 2004-03-09 at 20:21:21ID: 10557834

PAQed, with points refunded (20)

Thanks very much!
amp
CS Admin
amp*at*experts-exchange.com

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...