Simple ntp setup,but I must be doing something wrong - NTP

This is a discussion on Simple ntp setup,but I must be doing something wrong - NTP ; Greetings - Over the last several weeks I have been trying to get the NTP service running properly on my company linux file server, but am not having much success. My objective is to synchronize my linux server with a ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Simple ntp setup,but I must be doing something wrong

  1. Simple ntp setup,but I must be doing something wrong

    Greetings -

    Over the last several weeks I have been trying to get the NTP service
    running properly on my company linux file server, but am not having much
    success. My objective is to synchronize my linux server with a secondary
    time server or one of the ntp pools, then synchronize a handfull of desktop
    windows systems with the file server. My reason for doing this is that the
    timekeeping on the PCs are all over the place, and the server seems to lose
    anywhere from 1-2 minutes per month. I don't need anything super accurate,
    just something that is reasonably close and stays consistent. I have read
    everything I can find on setting this up (the link between the PC's and the
    file server is working properly) and have been following discussions on this
    list for about a month, but haven't been able to solve it yet. Below is my
    config file, the output of ntpq -p and ntpq -pn, and the log messages from
    the last restart of ntp that matches the configuration file shown below.

    [root@Bison root]# ntpq -p
    remote refid st t when poll reach delay offset
    jitter
    ================================================== ============================
    rainforest.neor 0.0.0.0 16 u - 1024 0 0.000 0.000
    4000.00
    *LOCAL(0) LOCAL(0) 10 l 21 64 377 0.000 0.000
    0.008

    [root@Bison root]# ntpq -pn
    remote refid st t when poll reach delay offset
    jitter
    ================================================== ============================
    216.176.180.82 0.0.0.0 16 u - 1024 0 0.000 0.000
    4000.00
    *127.127.1.0 127.127.1.0 10 l 53 64 377 0.000 0.000
    0.008

    [root@Bison root]# grep --invert-match ^\# /etc/ntp.conf
    restrict 127.0.0.1
    server 216.176.180.82
    server 127.127.1.0 # local clock
    fudge 127.127.1.0 stratum 10
    driftfile /var/lib/ntp/drift
    broadcastdelay 0.008

    /var/log/messages
    Aug 24 08:26:31 bison ntpd[26341]: ntpd exiting on signal 15
    Aug 24 08:26:31 bison ntpd: ntpd shutdown succeeded
    Aug 24 08:26:56 bison ntpdate[27483]: no server suitable for synchronization
    found
    Aug 24 08:26:56 bison ntpd: failed
    Aug 24 08:26:56 bison ntpd[27487]: ntpd 4.1.2@1.892 Tue Feb 24 06:32:25 EST
    2004 (1)
    Aug 24 08:26:56 bison ntpd: ntpd startup succeeded
    Aug 24 08:26:56 bison ntpd[27487]: precision = 9 usec
    Aug 24 08:26:56 bison ntpd[27487]: kernel time discipline status 0040
    Aug 24 08:26:56 bison ntpd[27487]: frequency initialized 0.000 from
    /var/lib/ntp/drift
    Aug 24 08:28:28 bison sshd(pam_unix)[27593]: session opened for user root by
    (uid=0)
    Aug 24 08:28:51 bison sshd(pam_unix)[27593]: session closed for user root
    Aug 24 08:30:10 bison ntpd[27487]: kernel time discipline status change 41
    Aug 24 08:31:15 bison ntpd[27487]: kernel time discipline status change 1

    I previously thought the problem was firewall related. I have since turned
    off the firewall of my linux box, and the firewall application on my DSL
    router/gateway is set to allow both incoming and outgoing ntp communication.
    My linux box is a Dell PE 2600 with RHEL 3 fully up to date (U8). Therefore
    my current version of NTP is 4.1.2-4.EL3.1. The secondary time server
    listed in my config is from the stratum two time server list on ntp.org.
    This time server is located in the Seattle area (near my location) and is
    listed as having an open access policy. It is interesting to note that in
    my ntpq query this time server provides a listing of stratum 16, which I
    assume is why ntp is falling back to the local time clock. When I have
    substituted the ntp pool servers into my config file, then my ntp query
    shows that nothing is connecting (i.e., no astrix listed before any of the
    server names). Have I made a simple mistake somewhere in my config file? I
    thought I had it stripped down to the minimum. Can someone give me another
    diagnostic avenue to go down, I am running out of ideas here? Thanks.

    Jeff Boyce
    www.meridianenv.com

    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  2. Re: Simple ntp setup, but I must be doing something wrong

    > remote refid st t when poll reach delay offset jitter> ================================================== ============================
    > rainforest.neor 0.0.0.0 16 u - 1024 0 0.000 0.000 4000.00


    The 0 in the reach column says that you aren't getting back any valid
    answers.

    I'd start with tcpdump or similar. Are the answers getting back
    and discarded by your server? Or are they not getting back?

    > I previously thought the problem was firewall related. I have since turned
    > off the firewall of my linux box, and the firewall application on my DSL
    > router/gateway is set to allow both incoming and outgoing ntp communication.


    What does "allow incoming ntp communication" mean?

    Are you using NAT? If so you may need to setup your DSL box to send
    ntp packets to your server. That is explicitly tell it where your
    server is located rather than depend on it remembering where to send
    the answers.

    --
    The suespammers.org mail server is located in California. So are all my
    other mailboxes. Please do not send unsolicited bulk e-mail or unsolicited
    commercial e-mail to my suespammers.org address or any of my other addresses.
    These are my opinions, not necessarily my employer's. I hate spam.


  3. Re: Simple ntp setup, but I must be doing something wrong

    Jeff Boyce wrote:
    > Greetings -
    >
    > Over the last several weeks I have been trying to get the NTP service
    > running properly on my company linux file server, but am not having much
    > success. My objective is to synchronize my linux server with a
    > secondary time server or one of the ntp pools, then synchronize a
    > handfull of desktop windows systems with the file server. My reason for
    > doing this is that the timekeeping on the PCs are all over the place,
    > and the server seems to lose anywhere from 1-2 minutes per month. I
    > don't need anything super accurate, just something that is reasonably
    > close and stays consistent. I have read everything I can find on
    > setting this up (the link between the PC's and the file server is
    > working properly) and have been following discussions on this list for
    > about a month, but haven't been able to solve it yet. Below is my
    > config file, the output of ntpq -p and ntpq -pn, and the log messages
    > from the last restart of ntp that matches the configuration file shown
    > below.
    >
    > [root@Bison root]# ntpq -p
    > remote refid st t when poll reach delay offset
    > jitter
    > ================================================== ============================
    >
    > rainforest.neor 0.0.0.0 16 u - 1024 0 0.000 0.000
    > 4000.00
    > *LOCAL(0) LOCAL(0) 10 l 21 64 377 0.000 0.000
    > 0.008
    >
    > [root@Bison root]# ntpq -pn
    > remote refid st t when poll reach delay offset
    > jitter
    > ================================================== ============================
    >
    > 216.176.180.82 0.0.0.0 16 u - 1024 0 0.000 0.000
    > 4000.00
    > *127.127.1.0 127.127.1.0 10 l 53 64 377 0.000 0.000
    > 0.008
    >
    > [root@Bison root]# grep --invert-match ^\# /etc/ntp.conf
    > restrict 127.0.0.1
    > server 216.176.180.82
    > server 127.127.1.0 # local clock
    > fudge 127.127.1.0 stratum 10
    > driftfile /var/lib/ntp/drift
    > broadcastdelay 0.008
    >
    > /var/log/messages
    > Aug 24 08:26:31 bison ntpd[26341]: ntpd exiting on signal 15
    > Aug 24 08:26:31 bison ntpd: ntpd shutdown succeeded
    > Aug 24 08:26:56 bison ntpdate[27483]: no server suitable for
    > synchronization found
    > Aug 24 08:26:56 bison ntpd: failed
    > Aug 24 08:26:56 bison ntpd[27487]: ntpd 4.1.2@1.892 Tue Feb 24 06:32:25
    > EST 2004 (1)
    > Aug 24 08:26:56 bison ntpd: ntpd startup succeeded
    > Aug 24 08:26:56 bison ntpd[27487]: precision = 9 usec
    > Aug 24 08:26:56 bison ntpd[27487]: kernel time discipline status 0040
    > Aug 24 08:26:56 bison ntpd[27487]: frequency initialized 0.000 from
    > /var/lib/ntp/drift
    > Aug 24 08:28:28 bison sshd(pam_unix)[27593]: session opened for user
    > root by (uid=0)
    > Aug 24 08:28:51 bison sshd(pam_unix)[27593]: session closed for user root
    > Aug 24 08:30:10 bison ntpd[27487]: kernel time discipline status change 41
    > Aug 24 08:31:15 bison ntpd[27487]: kernel time discipline status change 1
    >
    > I previously thought the problem was firewall related. I have since
    > turned off the firewall of my linux box, and the firewall application on
    > my DSL router/gateway is set to allow both incoming and outgoing ntp
    > communication. My linux box is a Dell PE 2600 with RHEL 3 fully up to
    > date (U8). Therefore my current version of NTP is 4.1.2-4.EL3.1. The
    > secondary time server listed in my config is from the stratum two time
    > server list on ntp.org. This time server is located in the Seattle area
    > (near my location) and is listed as having an open access policy. It is
    > interesting to note that in my ntpq query this time server provides a
    > listing of stratum 16, which I assume is why ntp is falling back to the
    > local time clock.


    No, nptd is not receiving any response to its queries! If replies were
    being received, the "reach" field would not be zero.

    The server IS responding to my queries (ntpdate -du 216.176.180.82) so
    it is a server and it's working. You still have a problem with your
    network configuration, firewall or something! What happens if you try
    to "ping" the server? That's the basic test for connectivity and, until
    that works, it's quite likely that nothing else will work either.

    Your config file looks okay except for the "broadcast delay" statement.
    You do not need it because you are not configuring your system as a
    broadcast client. You don't need the "restrict" statement either. Get
    it working before you start playing with restrict statements.

  4. Re: Simple ntp setup, but I must be doing something wrong

    On 2006-08-25, Jeff Boyce wrote:

    > [root@Bison root]# ntpq -p
    > remote refid st t when poll reach delay offset jitter
    >================================================== ============================
    > rainforest.neor 0.0.0.0 16 u - 1024 0 0.000 0.000 4000.00


    I see this when I add rainforest to a running ntpd:

    rainforest.neor 204.34.198.40 2 u 336 1024 7 115.059 16.906 0.074

    > Aug 24 08:26:56 bison ntpdate[27483]: no server suitable for synchronization
    > found


    This suggests that port 123/UDP is not open somewhere between your ntpd
    and you remote time server(s).

    Try 'ntpdate -d 216.176.180.82' to see if you can reach that server via
    an unprivileged port (and some debugging output).

    > My linux box is a Dell PE 2600 with RHEL 3 fully up to date (U8). Therefore
    > my current version of NTP is 4.1.2-4.EL3.1.


    The current stable version is 4.2.2

    > The secondary time server listed in my config is from the stratum two
    > time server list on ntp.org.


    If you're depending on time servers maintained by others you really
    should be using at least 4. That way your ntpd won't be led astray by a
    false-ticker. An you'll have some backup in the event that one of your
    remote time servers becomes unreachable.

    > It is interesting to note that in my ntpq query this time server
    > provides a listing of stratum 16, which I assume is why ntp is falling
    > back to the local time clock.


    The reason why your ntpd is using the "LocalCLK" is because your ntpd
    can't talk to rainforest. Rainforest's stratum is displayed as 16
    because your ntpd has not been able to determine what it really is.

    FWIW: the rainforest looks fine from here ...

    steve@durabook:~$ ntpq -p 216.176.180.82
    remote refid st t when poll reach delay offset jitter
    ================================================== ==================
    LOCAL(0) LOCAL(0) 10 l 2 64 377 0.000 0.000 0.008
    +ntp1.usno.navy. .IRIG. 1 u 1014 1024 377 191.491 38.566 3.022
    *tick.usnogps.na .USNO. 1 u 451 1024 377 97.925 -11.827 1.071

    steve@durabook:~$ ntpq -c "rv 0 stratum,peer,refid,state" 216.176.180.82
    assID=0 status=06d4 leap_none, sync_ntp, 13 events, event_peer/strat_chg,
    stratum=2, refid=204.34.198.40, peer=21838, state=4

    > When I have substituted the ntp pool servers into my config file, then
    > my ntp query shows that nothing is connecting (i.e., no astrix listed
    > before any of the server names).


    Do you see any indication in the ntpq -p billboard that the pool servers
    are reachable?

    You will need to let ntpd run for ~ 8 minutes before you will see the
    talley codes (e.g. '*', '+', and so on). If you wish to reduce this time
    you must append 'iburst' to your server line(s).

    > Have I made a simple mistake somewhere in my config file? I
    > thought I had it stripped down to the minimum.


    Almost.

    > [root@Bison root]# grep --invert-match ^\# /etc/ntp.conf
    > restrict 127.0.0.1
    > server 216.176.180.82


    Append 'iburst' to this line for faster initial sync.

    > server 127.127.1.0 # local clock
    > fudge 127.127.1.0 stratum 10
    > driftfile /var/lib/ntp/drift
    > broadcastdelay 0.008


    You don't need the broadcastdelay line unless this ntpd is a
    broadcastclient _AND_ is unable to calculate the broadcastdelay.

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

+ Reply to Thread