Solved

NTP configuration problem

Posted on 2002-06-06
21
2,524 Views
Last Modified: 2008-03-17
Hello,

I am trying to configure NTP on RH Linux 7.2. My PC appears not to be synchronizing correctly.  

My /etc/ntp.conf is:
server clock.via.net
server ntp1.mainecoon.com
server ntp2.mainecoon.com
server ntp-cup.external.hp.com
server ntp.ucsd.edu
server ntp2.sf-bay.org
server time.berkeley.netdot.net
server timekeeper.isi.edu

driftfile /etc/ntp/drift

ps -aef|grep ntpd gives me:
ntp      20175     1  0 01:46 ?        00:00:00 ntpd -U ntp
root     20185 19947  0 01:49 pts/2    00:00:00 grep ntpd

Also   # ntpdate clock.via.net   gives me...

 7 Jun 01:51:55 ntpdate[20212]: the NTP socket is in use, exiting

But # ntpdate -d clock.via.net  gives me...

 7 Jun 01:52:00 ntpdate[20213]: ntpdate 4.1.0 Wed Sep  5 06:54:31 EDT 2001 (1)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
server 209.81.9.7, port 123
stratum 1, precision -28, leap 00, trust 000
refid [GPS], delay 0.19719, dispersion 0.00107
transmitted 4, in filter 4
reference time:    c0aa8f47.cfb01c92  Thu, Jun  6 2002 18:47:51.811
originate timestamp: c0aa909d.9639d5e4  Thu, Jun  6 2002 18:53:33.586
transmit timestamp:  c0aaf2b0.d90d8cb0  Fri, Jun  7 2002  1:52:00.847
filter delay:  0.19917  0.19719  0.19839  0.20483
         0.00000  0.00000  0.00000  0.00000
filter offset: -25107.3 -25107.3 -25107.3 -25107.3
         0.000000 0.000000 0.000000 0.000000
delay 0.19719, dispersion 0.00107
offset -25107.354945

 7 Jun 01:52:01 ntpdate[20213]: step time server 209.81.9.7 offset -25107.354945
 sec



How can I get my clock to sync up ok?

0
Comment
Question by:peyo
  • 10
  • 10
21 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7062009
is ntpd running? then the socket is in use, and the message is ok.
If ntpd is running, what's your prblem then?
0
 
LVL 1

Author Comment

by:peyo
ID: 7063623
ntpd is running, however the clock is not being synchronized.  In fact, the local clock is off by 6 hours and 58 minutes.

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7063951
there is a limit for ntpd when it will not adjust the clock, AFAIK it's 1000 sec. You should see a corresponding message in the log files.
In this case you need to set your clock first with date and/or hwclock.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:peyo
ID: 7076304
My clock was set to nearby the correct time. However, it still appears that ntp is not synchronizing properly.

The NTP server is a known good one (other clients can successfully connect to it...).

Hopefully this output may help:
[root@linus rc3.d]# ntpq
ntpq> pe
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.0.23.1       0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00
ntpq> as
ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 64196  8000   yes   yes  none    reject
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7076359
what is in your log files?
0
 
LVL 1

Author Comment

by:peyo
ID: 7076619
hello--which log files would you like?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7076621
/var/log/{messages,ntp}
0
 
LVL 1

Author Comment

by:peyo
ID: 7093577
Using a different ntp.conf here, I still am unable to successfully sync my time, it appears:

#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server  10.0.23.1       # local clock
fudge   10.0.23.1 stratum 10

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift
multicastclient                 # listen on default 224.0.1.1
broadcastdelay  0.008

#
# Authentication delay.  If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate no

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
#keys           /etc/ntp/keys


From my /var/log/messages:
Jun 13 11:16:57 linus ntpd: ntpd startup succeeded
Jun 13 11:16:57 linus ntpd[21743]: precision = 33 usec
Jun 13 11:16:57 linus ntpd[21743]: kernel time discipline status 0040
Jun 13 11:16:57 linus ntpd[21743]: 10.0.23.1 is inappropriate address for the fudge command, line ignored
Jun 13 11:16:57 linus ntpd[21743]: frequency initialized 0.000 from /etc/ntp/drift
Jun 13 11:16:57 linus ntpd[21743]: bind() fd 8, family 2, port 123, addr 224.0.1.1, in_classd=1 flags=0 fails: Address already in use
Jun 13 11:16:57 linus ntpd[21743]: ...multicast address 224.0.1.1 using wildcard socket

There is no /var/log/ntp
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7093942
> Jun 13 11:16:57 linus ntpd[21743]: 10.0.23.1 is inappropriate address for the fudge command, line ignored

Well, simply fix this, and it should work ;-)
0
 
LVL 1

Author Comment

by:peyo
ID: 7175650
I've commented out the fudge line and it still doesn't work.  

*sigh*
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7175812
please print result of:
awk '($1 !~ /^#/){print}' /etc/ntp.conf
0
 
LVL 1

Author Comment

by:peyo
ID: 7175906
Result:

server  10.0.23.1       # local clock

driftfile /etc/ntp/drift
multicastclient                 # listen on default 224.0.1.1
broadcastdelay  0.008

authenticate no

0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7176607
do you have a multicast enabled kernel?
Do you know what the multicastclient really does?
I'd remove the multicastclient setting.

Can you reach the specified server?
what does ntpdate report now?
0
 
LVL 1

Author Comment

by:peyo
ID: 7177894
I don't think I have multicast enabled kernel..how would I find out?

Other PCs can sync to the server just fine.

ntpdate output:
[root@linus root]# ntpdate
25 Jul 10:03:50 ntpdate[28437]: no servers can be used, exiting

Note: I haven't seem to get ntpdate on Linux/SGIs systems to ever work.  So far, I've gotten only ntpq to report statistics back.
0
 
LVL 1

Author Comment

by:peyo
ID: 7177899
Out of curiosity, could I possibly have a firewall up that is blocking a port that NTP needs? If so, how can I determine whether a firewall is preventing connections?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7178436
ok, the ntpdate output is different now.
The firewall might be a problem, you need to allow port 123 UDP in both directions
0
 
LVL 1

Author Comment

by:peyo
ID: 7178719
i'm new to linux firewalls...how do i check to see how my firewall's ports are configured?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7179491
iptables -L -n && iptables -L -n -t nat

or

ipchains -L -n
0
 
LVL 1

Author Comment

by:peyo
ID: 7180570
Is this a good sign? If not, how would I go about fixing this?

Thanks so far.

# ipchains -L -n
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  10.0.20.10           0.0.0.0/0             53 ->   1025:65535
ACCEPT     udp  ------  10.0.13.14           0.0.0.0/0             53 ->   1025:65535
ACCEPT     udp  ------  10.0.23.34           0.0.0.0/0             53 ->   1025:65535
ACCEPT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   80
ACCEPT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   22
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   0:1023
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   2049
REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   0:1023
REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   2049
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   6000:6009
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   7100
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
ID: 7181165
> Is this a good sign?
Yes, it tells you that the firewall rejects port 123 udp ;-)

You either need to exclude this port from the rejected range 0.1023, or insert a accept rule for port 123 before.

ipchains -I input 1 -p udp -s YOUR-IP --dport 123 -j ACCEPT
ipchains -I input 1 -p udp -d YOUR-IP --dport 123 -j ACCEPT
0
 

Expert Comment

by:CleanupPing
ID: 9089017
peyo:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question