Solved

NTP configuration problem

Posted on 2002-06-06
21
2,423 Views
Last Modified: 2008-03-17
Hello,

I am trying to configure NTP on RH Linux 7.2. My PC appears not to be synchronizing correctly.  

My /etc/ntp.conf is:
server clock.via.net
server ntp1.mainecoon.com
server ntp2.mainecoon.com
server ntp-cup.external.hp.com
server ntp.ucsd.edu
server ntp2.sf-bay.org
server time.berkeley.netdot.net
server timekeeper.isi.edu

driftfile /etc/ntp/drift

ps -aef|grep ntpd gives me:
ntp      20175     1  0 01:46 ?        00:00:00 ntpd -U ntp
root     20185 19947  0 01:49 pts/2    00:00:00 grep ntpd

Also   # ntpdate clock.via.net   gives me...

 7 Jun 01:51:55 ntpdate[20212]: the NTP socket is in use, exiting

But # ntpdate -d clock.via.net  gives me...

 7 Jun 01:52:00 ntpdate[20213]: ntpdate 4.1.0 Wed Sep  5 06:54:31 EDT 2001 (1)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
receive(209.81.9.7)
transmit(209.81.9.7)
server 209.81.9.7, port 123
stratum 1, precision -28, leap 00, trust 000
refid [GPS], delay 0.19719, dispersion 0.00107
transmitted 4, in filter 4
reference time:    c0aa8f47.cfb01c92  Thu, Jun  6 2002 18:47:51.811
originate timestamp: c0aa909d.9639d5e4  Thu, Jun  6 2002 18:53:33.586
transmit timestamp:  c0aaf2b0.d90d8cb0  Fri, Jun  7 2002  1:52:00.847
filter delay:  0.19917  0.19719  0.19839  0.20483
         0.00000  0.00000  0.00000  0.00000
filter offset: -25107.3 -25107.3 -25107.3 -25107.3
         0.000000 0.000000 0.000000 0.000000
delay 0.19719, dispersion 0.00107
offset -25107.354945

 7 Jun 01:52:01 ntpdate[20213]: step time server 209.81.9.7 offset -25107.354945
 sec



How can I get my clock to sync up ok?

0
Comment
Question by:peyo
  • 10
  • 10
21 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
is ntpd running? then the socket is in use, and the message is ok.
If ntpd is running, what's your prblem then?
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
ntpd is running, however the clock is not being synchronized.  In fact, the local clock is off by 6 hours and 58 minutes.

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
there is a limit for ntpd when it will not adjust the clock, AFAIK it's 1000 sec. You should see a corresponding message in the log files.
In this case you need to set your clock first with date and/or hwclock.
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
My clock was set to nearby the correct time. However, it still appears that ntp is not synchronizing properly.

The NTP server is a known good one (other clients can successfully connect to it...).

Hopefully this output may help:
[root@linus rc3.d]# ntpq
ntpq> pe
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.0.23.1       0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00
ntpq> as
ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 64196  8000   yes   yes  none    reject
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
what is in your log files?
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
hello--which log files would you like?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
/var/log/{messages,ntp}
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
Using a different ntp.conf here, I still am unable to successfully sync my time, it appears:

#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server  10.0.23.1       # local clock
fudge   10.0.23.1 stratum 10

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift
multicastclient                 # listen on default 224.0.1.1
broadcastdelay  0.008

#
# Authentication delay.  If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate no

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
#keys           /etc/ntp/keys


From my /var/log/messages:
Jun 13 11:16:57 linus ntpd: ntpd startup succeeded
Jun 13 11:16:57 linus ntpd[21743]: precision = 33 usec
Jun 13 11:16:57 linus ntpd[21743]: kernel time discipline status 0040
Jun 13 11:16:57 linus ntpd[21743]: 10.0.23.1 is inappropriate address for the fudge command, line ignored
Jun 13 11:16:57 linus ntpd[21743]: frequency initialized 0.000 from /etc/ntp/drift
Jun 13 11:16:57 linus ntpd[21743]: bind() fd 8, family 2, port 123, addr 224.0.1.1, in_classd=1 flags=0 fails: Address already in use
Jun 13 11:16:57 linus ntpd[21743]: ...multicast address 224.0.1.1 using wildcard socket

There is no /var/log/ntp
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> Jun 13 11:16:57 linus ntpd[21743]: 10.0.23.1 is inappropriate address for the fudge command, line ignored

Well, simply fix this, and it should work ;-)
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
I've commented out the fudge line and it still doesn't work.  

*sigh*
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
please print result of:
awk '($1 !~ /^#/){print}' /etc/ntp.conf
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
Result:

server  10.0.23.1       # local clock

driftfile /etc/ntp/drift
multicastclient                 # listen on default 224.0.1.1
broadcastdelay  0.008

authenticate no

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
do you have a multicast enabled kernel?
Do you know what the multicastclient really does?
I'd remove the multicastclient setting.

Can you reach the specified server?
what does ntpdate report now?
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
I don't think I have multicast enabled kernel..how would I find out?

Other PCs can sync to the server just fine.

ntpdate output:
[root@linus root]# ntpdate
25 Jul 10:03:50 ntpdate[28437]: no servers can be used, exiting

Note: I haven't seem to get ntpdate on Linux/SGIs systems to ever work.  So far, I've gotten only ntpq to report statistics back.
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
Out of curiosity, could I possibly have a firewall up that is blocking a port that NTP needs? If so, how can I determine whether a firewall is preventing connections?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
ok, the ntpdate output is different now.
The firewall might be a problem, you need to allow port 123 UDP in both directions
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
i'm new to linux firewalls...how do i check to see how my firewall's ports are configured?
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
iptables -L -n && iptables -L -n -t nat

or

ipchains -L -n
0
 
LVL 1

Author Comment

by:peyo
Comment Utility
Is this a good sign? If not, how would I go about fixing this?

Thanks so far.

# ipchains -L -n
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  10.0.20.10           0.0.0.0/0             53 ->   1025:65535
ACCEPT     udp  ------  10.0.13.14           0.0.0.0/0             53 ->   1025:65535
ACCEPT     udp  ------  10.0.23.34           0.0.0.0/0             53 ->   1025:65535
ACCEPT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   80
ACCEPT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   22
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   0:1023
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   2049
REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   0:1023
REJECT     udp  ------  0.0.0.0/0            0.0.0.0/0             * ->   2049
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   6000:6009
REJECT     tcp  -y----  0.0.0.0/0            0.0.0.0/0             * ->   7100
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 200 total points
Comment Utility
> Is this a good sign?
Yes, it tells you that the firewall rejects port 123 udp ;-)

You either need to exclude this port from the rejected range 0.1023, or insert a accept rule for port 123 before.

ipchains -I input 1 -p udp -s YOUR-IP --dport 123 -j ACCEPT
ipchains -I input 1 -p udp -d YOUR-IP --dport 123 -j ACCEPT
0
 

Expert Comment

by:CleanupPing
Comment Utility
peyo:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now