Setup NTP server for stand alone, non-internet attached network using debian as NTP server

I have a small stand alone network, that I need to synchronize time on.  I have a debian box that I would like to use as the time server.  the clients are windows XP.  I've tried following the instructions at http://www.debianadmin.com/ntp-server-and-client-configuration-in-debian.html, but I can't seem to get it working.  I get an error on the windows boxes stating that "the peer's stratum is less that the hosts"

My ntp.conf file is

server 192.168.2.20 (local IP address of debian box)
fudge 192.168.2.20 stratum 5 (i've tried everything from 0 to 16 here)
restrict 192.168.2.20 (i've also tried the IP address of one of the XP machine here)
psueocAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

psueocAuthor Commented:
NOTE: the link in my original post refers to install ntp-server via the apt-get command

when I run "apt-get install ntp-server' its says that the package no longer exists.
0
Kerem ERSOYPresidentCommented:
Hi,

you can use ntpq to query your stratum. If you don't get time through a Atomic clock or from a lesser stratum clock you stratum will be 10 or higher. This is why your hosts reject the time.

ntpq
> cl

Will display your current status.
0
Kerem ERSOYPresidentCommented:
Since ntpd is already installed you can only update it.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

psueocAuthor Commented:
I understand that, but is there a way to FORCE a lower stratum number so my clients will accept it's time?
like I said, this system will never be on the internet, and will never get a chance to sync with an actual atomic clock.

0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
TRy entering the following 2 lines into your ntpd.conf file:

server 127.127.1.0
fudge 127.127.1.0 stratum 10

This tells the server to "trust" itself and set it's stratum value to 10...

If you want to, you can lower the value even further.

Best of luck!

Dan
IT4SOHO
0
psueocAuthor Commented:
will try monday
0
Kerem ERSOYPresidentCommented:
Though you can reduce the fuge stratum it will be a problem if your computer have some way of connecting to any ntp server over internet. The stratum valued for the fudge should not be less than 4 !

0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Running an NTP server that cannot connect to the outside world isn't exactly a "best practices" -- but given that it will be limited to the LAN environment, it would be VALID (although again, NOT best practice!) to set the year to 1980 and give yourself a "stratum" of 1!

Among other things, the above would definitely prevent any SSL connections to the outside world! :-)

Good luck, and let us know how it turns out!

Dan
IT4SOHO
0
psueocAuthor Commented:
no go.

NOTE: these are the ONLY 2 lines in my NTP.CONF file, I don't have an ntpd.conf file

server 127.127.1.0
fudge 127.127.1.0 stratum 10



0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Sorry for the delay in replying... I've had a VERY busy week!

The location of your "real" ntp configuration file may have to be found through examination...

First, cd to the startup script folder (cd /etc/init.d) [the example is for a RedHat "family" distribution]

Next, look at the startup script for your NTP service (more ntpd)

In "my" startup script, there are 2 variables set near the top:
  ntpconf=/etc/ntp.conf
  ntpstep=/etc/ntp/step-tickers

If this is not the case for you, then the config file should be defined in the "start" section of the script...
As it turns out, the "default" NPT config file is indeed /etc/ntp.conf (not ntpd.conf)....

OK... the last thing I'll say here is this ... most debian system install with a firewall in place (iptables)... If this is to be an NTP server for your LAN, you'll need to open the NTP port (UDP 123) to LAN traffic.

Oh... and one more question -- Windows clients inherently use the "Windows Time Service" instead of the "Network Time Service" -- this can be enabled in your Samba.
  Time Server = yes
goes into your smb.conf file...

Good luck!

Dan
IT4SOHO
0
psueocAuthor Commented:
how do i ensure udp 123 is open on the firewall?
0
Kerem ERSOYPresidentCommented:
> how do i ensure udp 123 is open on the firewall?

issue

iptables -L -n

and see if you have

udp 123

is among allowed ports list if not edit your  /etc/firewall-rules and add this line in there:

iptables -A FIREWALL -p udp -m udp --dport 123 -j ACCEPT
0
Kerem ERSOYPresidentCommented:
To check if ntp is running on your server issue this command:

netstat -anpu |grep :123

it should output something similat to this if it is running:

udp        0      0 10.0.0.1:123                0.0.0.0:*                               3542/ntpd          
udp        0      0 127.0.0.1:123               0.0.0.0:*                               3542/ntpd          
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               3542/ntpd          
udp        0      0 :::123                      :::*                                    3542/ntpd          
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
The latter above actually checks to see if you are running the NTP service, while the one immediately prior checks your firewall rules to see if NTP is being allowed.

The only TRUE way to see if NTP is available is to specifically test from another system (one of your clients). (maybe a full port scan of your Linux system wouldn't be a bad idea! lookup nmap in a google window for win or lin implementations.

Dan
IT4SOHO

0
psueocAuthor Commented:

Here is my portscan output.


Starting Nmap 4.68 ( http://nmap.org ) at 2009-07-29 11:13 Eastern Daylight Time
Interesting ports on 10.232.3.102:
Not shown: 1706 closed ports
PORT    STATE SERVICE
9/tcp   open  discard
13/tcp  open  daytime
21/tcp  open  ftp
22/tcp  open  ssh
23/tcp  open  telnet
37/tcp  open  time
80/tcp  open  http
111/tcp open  rpcbind
990/tcp open  ftps
MAC Address: 00:D0:69:41:D4:C9 (Technologic Systems)

Nmap done: 1 IP address (1 host up) scanned in 1.344 seconds
0
psueocAuthor Commented:
10.232.3.102 is the IP address of the box I'm trying to setup as an NTP server, I scanned from another system on the same network.
0
psueocAuthor Commented:
should UDP 123 be open?
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
In short, yes you need to open port 123 (the NTP port) to local traffic.

Were it my system, I'd also stop the FTP, Telnet, and RPC functions (these all use "cleartext" authentication). I cannot imagine what is opening the daytime port (13) and time port (37), as they shouldn't be there anymore -- all but depreciated. Also, I'd close the discard port as it has no real useful use in a working network.

Finally, if HTTP is optn, HTTPS should also be open...

If you follow my suggestions, you should find ONLY the following open ports (you may choose to open more later):

  22/tcp  - SSH
  80/tcp  - HTTP
123/udp - NTP        <= Add this
443/tcp  - HTTPS    <= and this
990/tcp  - FTPS

Now, to open or close the ports you'll need to adjust your firewall (assuming you're running one).... if you're NOT running a firewall, then you'll need to find out why your ntp server isn't running (if it was, you'd be listening on port 123!).

I would also think it wise to look into what processes are on those unwanted ports (daytime, time, & discard). You can do that with the lsof command:
   lsof -i | grep discard
will show you the process(es) that are listening on port 9 (discard).

The telnet & ftp ports are probably openned by your xinetd facility... go find the files "telnet" and "ftp" in your /etc/xinetd.d folder and change the line that says "disable = no" to "disable = yes" in each; then restart xinetd (service xinetd restart)... it is likely you don't really need xinetd running, but it harms nothing to leave xinetd running for now.

Whew... that's a few steps for now! Get that done & report back... I'd personally like to know what process was listening to the discard port! :-)

When done, a "fresh" output of an nmap scan would be useful, but then would a complete listing of the output of "lsof -i"

Good luck!

Dan
IT4SOHO
0
psueocAuthor Commented:
keep in mind, this system will never see the internet.  

as far as I know, (I kinda got dumped on this project).  This box is going to be used for TIMING various different data acquisition systems over ethernet.  That's the reason I'm trying to make it and NTP server.   "correct" time is not a critical as "synced" time.
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
OK... so you don't care about telnet, ftp, or the other services running... the fact remains that there is nothing on port 123 (the NTP port!)

That is either because you have a firewall in place and it's blocking it, or because the NTP daemon isn't starting properly.

if you do a "ps -aefww | grep -i ntp" is there anything BUT the grep line that shows??

Dan
IT4SOHO
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
psueocAuthor Commented:
how can i tell whether or not I have a firewall installed.  FYI, this is all command line based, no GUI.  In fact I can hold this box in the palm of my hand, doesn't even have a hard drive, boots from an SD card.  you have to console or telnet or ssh to it.
0
Kerem ERSOYPresidentCommented:
Hi,

Your remote NMAP shows your open ports are:
PORT    STATE SERVICE
9/tcp   open  discard
13/tcp  open  daytime
21/tcp  open  ftp
22/tcp  open  ssh
23/tcp  open  telnet
37/tcp  open  time
80/tcp  open  http
111/tcp open  rpcbind
990/tcp open  ftps
MAC Address: 00:D0:69:41:D4:C9 (Technologic Systems)

But it seems that you've scanned only TCP ports. Ans since tehre are so many open ports I assume you have no firewall.

Please run nmpa with -sU siwtch. It is to san UDP ports. Your NTP should be listening to UDP:123.

You can also check firewall with:

iptables -L -n

if the command displays something like that:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination      

Or complains about it can not find iptables then it measn that you're not using a firewall. BTW it isalways a good idea to use one :)

If it displays something like:
 iptables -L -n        
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0          

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0          

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination        
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0          
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:5900:5999
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Then just check for this line:

ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:123

If not edit /etc/iptables to add the rule.

Cheers,
K.

0
Kerem ERSOYPresidentCommented:
You can check if the ntp process is running or not using this command:

netstat -anptu | grep :123

if not start it using

/etc/initi.d/ntp start

if still does not run check /var/log/messages to see why does  it quit. If it aborts it will print some nag lines in the log.


Cheers,
K.
0
psueocAuthor Commented:
my nmap command was "nmap -P0 10.232.3.102"  so i think that scan TCP and UDP

I got an error when I attempted thatd iptables command, so I must not be running one.
0
psueocAuthor Commented:
i can see the NTPD daemon starting during boot.  But I'll have to verify whether or not it just getting and error and stopping.
0
Kerem ERSOYPresidentCommented:
what does your

netstat -anA inet

show ?? Ae you really not running any process that listens to udp ports?

 
0
Kerem ERSOYPresidentCommented:
nmap -P0 means that nmap always assume the system is up skiipng host discovery and nmap scans only TCP ports if it nos instructed otherwise !
0
psueocAuthor Commented:
will it still be possible to have windows xp clients sync to this NTP server without having samba installed?
0
Kerem ERSOYPresidentCommented:
Yeah. Definitely.

In fact what they do through samba is windows time synching not NTP. NTP is a different protocol and won't require samba.
0
psueocAuthor Commented:
is windows capable of NTP without modification?   like in windows XP, when I double-click the clock in the bottom right, then click the "internet time" tab.  Can I just put the IP address of my debian box in there when it's all said and done?
0
Kerem ERSOYPresidentCommented:
Yeah they do. Date and Time Properties >> Internet Time. Then enter your NTP servers ip and click set. But to use NTP synchronization XP PC's must not be a member of a Windows Domain. Id they are internet time sync menu is not accessible.
0
psueocAuthor Commented:
right, i noticed that machines joined to a domain no longer have that option.
0
psueocAuthor Commented:

netstat -anpu |grep :123

udp        0      0 127.0.0.1:123           0.0.0.0:*                          1324/ntpd          
udp        0      0 10.232.3.102:123        0.0.0.0:*                          1324/ntpd          
udp        0      0 0.0.0.0:123             0.0.0.0:*                          1324/ntpd          





ps -aefww | grep -i ntp

ntp       1324     1  0  1943 ?        00:00:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 105:105 -g
root      1366  1336  0  1943 ttyS0    00:00:00 grep ntp




netstat -anA inet

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:37              0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:9               0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:1002            0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:13              0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN    
udp        0      0 0.0.0.0:9               0.0.0.0:*                          
udp        0      0 0.0.0.0:69              0.0.0.0:*                          
udp        0      0 0.0.0.0:996             0.0.0.0:*                          
udp        0      0 0.0.0.0:999             0.0.0.0:*                          
udp        0      0 0.0.0.0:111             0.0.0.0:*                          
udp        0      0 127.0.0.1:123           0.0.0.0:*                          
udp        0      0 10.232.3.102:123        0.0.0.0:*                          
udp        0      0 0.0.0.0:123             0.0.0.0:*                          


NMAP is currently scanning with the -sU switch, will post results when complete




0
psueocAuthor Commented:
i don't have a /var/log/messages
0
psueocAuthor Commented:
see windows xp screenshot
time.jpg
0
psueocAuthor Commented:
ntp.conf file


# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
server 127.0.0.1       
fudge 127.0.0.1 stratum 4
 

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#server 0.debian.pool.ntp.org iburst dynamic
#server 1.debian.pool.ntp.org iburst dynamic
#server 2.debian.pool.ntp.org iburst dynamic
#server 3.debian.pool.ntp.org iburst dynamic


# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1  
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
restrict 10.232.0.0 mask 255.255.252.0 nomodify notrap


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 10.232.3.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
disable auth
broadcastclient
0
psueocAuthor Commented:
nmap -T Aggressive -v -n -sU 10.232.3.102


Starting Nmap 4.68 ( http://nmap.org ) at 2009-07-30 15:13 Eastern Daylight Time
Initiating ARP Ping Scan at 15:13
Scanning 10.232.3.102 [1 port]
Completed ARP Ping Scan at 15:13, 0.38s elapsed (1 total hosts)
Initiating UDP Scan at 15:13
Scanning 10.232.3.102 [1488 ports]
Increasing send delay for 10.232.3.102 from 0 to 50 due to max_successful_tryno increase to 5
Increasing send delay for 10.232.3.102 from 50 to 100 due to 11 out of 12 dropped probes since last increase.
UDP Scan Timing: About 3.92% done; ETC: 15:26 (0:12:16 remaining)
Increasing send delay for 10.232.3.102 from 100 to 200 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.232.3.102 from 200 to 400 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.232.3.102 from 400 to 800 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 10.232.3.102 from 800 to 1000 due to 11 out of 27 dropped probes since last increase.
UDP Scan Timing: About 48.76% done; ETC: 15:39 (0:13:26 remaining)
UDP Scan Timing: About 97.68% done; ETC: 15:40 (0:00:37 remaining)
Completed UDP Scan at 15:40, 1649.69s elapsed (1488 total ports)
Host 10.232.3.102 appears to be up ... good.
All 1488 scanned ports on 10.232.3.102 are closed (1456) or open|filtered (32)
MAC Address: 00:D0:69:41:D4:C9 (Technologic Systems)

Read data files from: C:\Program Files\Nmap
Nmap done: 1 IP address (1 host up) scanned in 1650.375 seconds
           Raw packets sent: 1923 (53.858KB) | Rcvd: 1677 (93.994KB)
0
psueocAuthor Commented:
iptables -L -n

iptables v1.2.11: can't initialize iptables table 'filter' : iptables who?": (do you need to insmod?)
Perhaps iptables or your kernel  needs to be upgraded


uname -a
linux ts7800 2.6.21-ts #1 PREEMPT Tue Apr 15 11:05:50 MST 2008 armv5tejl GNU/Linux
0
psueocAuthor Commented:
did apt-get install iptables

and now it says

iptables v1.4.2: can't initialize iptables table 'filter' : iptables who?": (do you need to insmod?)
Perhaps iptables or your kernel  needs to be upgraded

same error different version :)

0
Kerem ERSOYPresidentCommented:
yeah but where do you log hour daemons ? Will you please post your /etc/syslog.conf too ?
0
Kerem ERSOYPresidentCommented:
BTW your udp scan can not find your ntp daemon.   I've noticed you'set the user to  "-u105:105" with the ntp daemon. re these really valid numbers ? Will you check /etc/passwd and /etc/group to see if ntp uses 105 for both id and gid ?
0
psueocAuthor Commented:
see attachments.

I can enable logging to help diagnose this problem if you think it will help.

group.txt
passwd.txt
syslog.txt
0
psueocAuthor Commented:
-u105:105


?????    I didn't do anything...
0
Kerem ERSOYPresidentCommented:
> -u105:105
>
>
> ?????    I didn't do anything...


Please check here: http://www.experts-exchange.com/OS/Linux/Q_24540637.html?cid=1066#a24983449

> ps -aefww | grep -i ntp

> ntp       1324     1  0  1943 ?        00:00:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -u 105:105 -g
> root      1366  1336  0  1943 ttyS0    00:00:00 grep ntp
0
psueocAuthor Commented:
but i didn't set that "105" part.
0
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
the -u 105 part is setting the username and groupname of the process to 105 -- probably ntp or ntpd in /etc/passwd and /etc/group... this is so that the ntp daemon runs without root permission so that, should someone find a way to hack into the ntp daemon, all they get are the permissions of that user (minimal, to say the least).

The ntp user & group are properly set & there is nothing wrong with that part...

Dan
IT4SOHO
0
psueocAuthor Commented:
any more ideas guys?  Why would port 123 not be open? why do i get errors when I try to issue iptables commands?
0
Kerem ERSOYPresidentCommented:
Hi,

As it could be seen from passwd and group files 105 belongs to the 105 user.

And your syslog conf says:

# Don't log anything by default to reduce wear on compact flash
# To enable logging, "cp /etc/syslog.conf-debian /etc/syslog.conf"

This is why you don't have any logs. Pelase do as it says and populare your syslog then restart it.

Your iptables prints error and quits because iptables is not properly installed. It means that it does not work and block anything from your computer.

This note shows that ntp is bound to the 123 port and listening
http://www.experts-exchange.com/OS/Linux/Q_24540637.html?cid=1066#a24983449 

Your config seems ok too:
http://www.experts-exchange.com/OS/Linux/Q_24540637.html?cid=1066#a24983639

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1  
restrict ::1

> # Clients from this (example!) subnet have unlimited access, but only if
> # cryptographically authenticated.
> restrict 10.232.0.0 mask 255.255.252.0 nomodify notrap
>
>
> # If you want to provide time to your local subnet, change the next line.
> # (Again, the address is an example only.)
> broadcast 10.232.3.255

I guess you've  made sure that all your clients are located in this segment 10.232.0.0/255.255.252.0 and All clients are agree on the subnet/mask/broadcat and Default Gateway addresses and this is not a routing issue. Can you ping the ntp sytem ? or run traceroute to it to double check??

But this note shows that there's something blocking you comms between your ntp server and your client.

http://www.experts-exchange.com/OS/Linux/Q_24540637.html?cid=1066#a24983672

Please check any L3 switch, firewall etc against the blocking of NTP traffic between clients and your servers. Also please make sure that you can ping ans traceroute to your debian nt host.

Cheers,
K.



0
Kerem ERSOYPresidentCommented:
> As it could be seen from passwd and group files 105 belongs to the 105 user.

I mean ntp user.
0
psueocAuthor Commented:
test client: 10.232.3.101/22
ntp server: 10.232.3.102/22

ping and tracert work fine.

both connected to a little 5 port mini hub at the moment
0
psueocAuthor Commented:
interesting info from /var/log/daemon.log

although the date and time are incorrect.  They do match the current system time.

see attached.

daemon.log
0
psueocAuthor Commented:
i got it working!!!!

http://doc.ntp.org/4.2.2/manyopt.html

orphan mode was the key, as well as uninstalling ntpdate.

thank you for all your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.