Can't get time to sync with local time server - NTP

This is a discussion on Can't get time to sync with local time server - NTP ; Using Freebsd 6.1 My time server is running ntpd and does not appear to have trouble syncing with the public time servers. My local boxes cannot seem to set the time off of my server, but they can query it... ...

+ Reply to Thread
Results 1 to 15 of 15

Thread: Can't get time to sync with local time server

  1. Can't get time to sync with local time server

    Using Freebsd 6.1

    My time server is running ntpd and does not appear to have trouble
    syncing with the public time servers.

    My local boxes cannot seem to set the time off of my server, but they
    can query it...


    Example. (from my client)
    # ntpdate
    14 Dec 16:07:44 ntpdate[94134]: no servers can be used, exiting

    # ntpdate 192.168.1.1
    14 Dec 16:08:07 ntpdate[94135]: no server suitable for synchronization found

    # ntpdate -q 192.168.1.1
    server 10.1.16.2, stratum 16, offset 177.266135, delay 0.02588
    14 Dec 16:08:42 ntpdate[94136]: no server suitable for synchronization found

    # /etc/rc.d/ntpd start
    ntpdc> listpeers
    client ntpbox
    ntpdc> showpeer ntpbox
    remote 192.168.1.1, local 192.168.1.2
    hmode client, pmode unspec, stratum 16, precision -18
    leap 11, refid [73.78.73.84], rootdistance 0.00000, rootdispersion 0.00000
    ppoll 10, hpoll 6, keyid 0, version 4, association 50172
    reach 000, unreach 2, flash 0x0000, boffset 0.00400, ttl/mode 0
    timer 0s, flags config, bclient, prefer
    reference time: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
    originate timestamp: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
    receive timestamp: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
    transmit timestamp: c92c3c59.04571611 Thu, Dec 14 2006 16:10:49.016
    filter delay: 0.00000 0.00000 0.00000 0.00000
    0.00000 0.00000 0.00000 0.00000
    filter offset: 0.000000 0.000000 0.000000 0.000000
    0.000000 0.000000 0.000000 0.000000
    filter order: 7 6 5 4
    3 2 1 0
    offset 0.000000, delay 0.00000, error bound 0.00000, filter error 4.00000


    Why can't I set my time???


    server ntp.conf-------------
    server time.nist.gov prefer
    server pool.ntp.org
    server clock.isc.org

    driftfile /var/db/ntp.drift
    restrict default ignore
    #restrict 192.168.1.0 mask 255.255.255.0 nomodify
    restrict 192.168.1.0 mask 255.255.255.0


    client ntp.conf-----------------------
    server 192.168.1.1 prefer
    driftfile /var/db/ntp.drift

  2. Re: Can't get time to sync with local time server

    >My local boxes cannot seem to set the time off of my server, but they
    >can query it...


    http://ntp.isc.org/bin/view/Support/TroubleshootingNTP

    My guess would be restrict problems.

    --
    These are my opinions, not necessarily my employer's. I hate spam.


  3. Re: Can't get time to sync with local time server

    Arty wrote:

    > Using Freebsd 6.1
    >
    > My time server is running ntpd and does not appear to have trouble
    > syncing with the public time servers.
    >
    > My local boxes cannot seem to set the time off of my server, but they
    > can query it...
    >
    >
    > Example. (from my client)
    > # ntpdate
    > 14 Dec 16:07:44 ntpdate[94134]: no servers can be used, exiting
    >
    > # ntpdate 192.168.1.1
    > 14 Dec 16:08:07 ntpdate[94135]: no server suitable for synchronization found
    >
    > # ntpdate -q 192.168.1.1
    > server 10.1.16.2, stratum 16, offset 177.266135, delay 0.02588
    > 14 Dec 16:08:42 ntpdate[94136]: no server suitable for synchronization found


    Do you see where it says "stratum 16"?? Stratum 16 is not a "stratum",
    it is a flag saying this server is not synchronized!!!!


    When you find out why your server is reporting itself as not
    synchronized and fix it, the client will be happy to use it aa a
    synchronization source.

  4. Re: Can't get time to sync with local time server

    Hal Murray wrote:

    >>My local boxes cannot seem to set the time off of my server, but they
    >>can query it...

    >
    >
    > http://ntp.isc.org/bin/view/Support/TroubleshootingNTP
    >
    > My guess would be restrict problems.
    >


    Restrict problems come right after "is it plugged in?" and "is it turned
    on?" in the troubleshooting process but I think they have nothing to do
    with this problem. The server is reporting itself as "stratum 16" or
    "I'm not synchronized!". Since it hasn't a clue what time it is, nobody
    should be trying to synchronize with it.

  5. Re: Can't get time to sync with local time server

    On 2006-12-14, Arty wrote:

    > Why can't I set my time???
    >
    > server ntp.conf-------------
    > server time.nist.gov prefer
    > server pool.ntp.org
    > server clock.isc.org
    >
    > driftfile /var/db/ntp.drift
    > restrict default ignore


    You've told ntpd to ignore all NTP packets form all addresses. Then you
    neglected to tell ntpd that it is OK to accept NTP packets from your
    time servers.

    You may want to review the Restrictions HOWTO at
    http://ntp.isc.org/Support/AccessRestrictions.

    BTW: You're not going to be able to use 'restrict default ignore'
    with a host name, such as pool.ntp.org, which resolves to multiple IP
    addresses.

    Here's what your ntp.conf could look like:

    | # server ntp.conf
    | driftfile /var/db/ntp.drift
    |
    | # Allow only time service by default
    | restrict default noquery nomodify notrap nopeer
    | restrict 127.0.0.1 nomodify
    |
    | # Remote time servers
    | server time.nist.gov iburst
    | server pool.ntp.org iburst
    | server clock.isc.org iburst
    |
    | # Authorized clients
    | # They are allowed time service and may query ntpd
    | restrict 192.168.1.0 mask 255.255.255.0 notrap nopeer nomodify

    A couple of notes (that have no bearing on your current synchronization
    problem):

    1. You ought to use pool servers from your geographical area;
    pool.ntp.org can resolve to any one of larger number of time servers
    workd wide. See http://ntp.isc.org/pool or http://www.pool.ntp.org for
    more information.

    2. According to the Rules of Engagement (http://ntp.isc.org/rules) you
    should not be directly using Stratum-1 time servers unless you meet
    certain criteria (such as serving time a large number of clients). You
    really ought to choose from the Public Stratum-2 server list (at
    http://www.ntp.org/s2 or http://ntp.isc.org/s2) or just use the pool.

    3. Using only 3 remote time servers doesn't leave you with any back up
    if one of them "goes bad". You ought to consider using 4 or 5 remote
    time servers.

    > # client ntp.conf-----------------------
    > server 192.168.1.1 prefer


    Using 'prefer' here is of no benefit.

    > driftfile /var/db/ntp.drift


    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  6. Re: Can't get time to sync with local time server

    Steve Kostecke wrote:
    > On 2006-12-14, Arty wrote:
    >
    >> Why can't I set my time???
    >>
    >> server ntp.conf-------------
    >> server time.nist.gov prefer
    >> server pool.ntp.org
    >> server clock.isc.org
    >>
    >> driftfile /var/db/ntp.drift
    >> restrict default ignore

    >
    > You've told ntpd to ignore all NTP packets form all addresses. Then you
    > neglected to tell ntpd that it is OK to accept NTP packets from your
    > time servers.
    >
    > You may want to review the Restrictions HOWTO at
    > http://ntp.isc.org/Support/AccessRestrictions.
    >
    > BTW: You're not going to be able to use 'restrict default ignore'
    > with a host name, such as pool.ntp.org, which resolves to multiple IP
    > addresses.
    >
    > Here's what your ntp.conf could look like:
    >
    > | # server ntp.conf
    > | driftfile /var/db/ntp.drift
    > |
    > | # Allow only time service by default
    > | restrict default noquery nomodify notrap nopeer
    > | restrict 127.0.0.1 nomodify
    > |
    > | # Remote time servers
    > | server time.nist.gov iburst
    > | server pool.ntp.org iburst
    > | server clock.isc.org iburst
    > |
    > | # Authorized clients
    > | # They are allowed time service and may query ntpd
    > | restrict 192.168.1.0 mask 255.255.255.0 notrap nopeer nomodify
    >
    > A couple of notes (that have no bearing on your current synchronization
    > problem):
    >
    > 1. You ought to use pool servers from your geographical area;
    > pool.ntp.org can resolve to any one of larger number of time servers
    > workd wide. See http://ntp.isc.org/pool or http://www.pool.ntp.org for
    > more information.
    >
    > 2. According to the Rules of Engagement (http://ntp.isc.org/rules) you
    > should not be directly using Stratum-1 time servers unless you meet
    > certain criteria (such as serving time a large number of clients). You
    > really ought to choose from the Public Stratum-2 server list (at
    > http://www.ntp.org/s2 or http://ntp.isc.org/s2) or just use the pool.
    >
    > 3. Using only 3 remote time servers doesn't leave you with any back up
    > if one of them "goes bad". You ought to consider using 4 or 5 remote
    > time servers.
    >
    >> # client ntp.conf-----------------------
    >> server 192.168.1.1 prefer

    >
    > Using 'prefer' here is of no benefit.
    >
    >> driftfile /var/db/ntp.drift

    >


    Thank you all (especially kostecke and rgilbert)!!!!
    It was a combo of things.
    1. My config wasn't right. I misunderstood the use of restrict.
    Actually i'm still a bit confused.

    It seems as ntp makes a request to a time server, to have the time
    server set my time. (as opposed to me requesting the time, and i'll set
    it myself).
    To sync my time, i have to set my restrict options to allow a remote ip
    to set my time?
    I'm still working on my ntp.conf files. What is the absolute minimum
    access needed to sync my time?


    Here is what I want to do.
    On my ntp server:
    1. sync my time from a public server
    2. allow a subnet on my lan to sync from this server.
    3. allow another subnet on my lan to to make sure i'm still in sync.
    4. deny everything else from every one.

    On my hosts:
    1. sync my time with from ntp server.
    2. allow a subnet on my vlan check to make sure i'm in sync.
    3. deny everything else from every one



    As far as monitoring goes, i think i can just check to make sure my
    stratum is not < 16 right ?

    to find my own statum: ntpdc -c sysinfo |grep stratum
    to find my ntp servers stratum: ntpdc -c "showpeer admin1-nj" | grep stratum



    Thanks again!




  7. Re: Can't get time to sync with local time server

    Arty wrote:
    > Steve Kostecke wrote:
    >> On 2006-12-14, Arty wrote:
    >>
    >>> Why can't I set my time???
    >>>
    >>> server ntp.conf-------------
    >>> server time.nist.gov prefer
    >>> server pool.ntp.org
    >>> server clock.isc.org
    >>>
    >>> driftfile /var/db/ntp.drift
    >>> restrict default ignore

    >> You've told ntpd to ignore all NTP packets form all addresses. Then you
    >> neglected to tell ntpd that it is OK to accept NTP packets from your
    >> time servers.
    >>
    >> You may want to review the Restrictions HOWTO at
    >> http://ntp.isc.org/Support/AccessRestrictions.
    >>
    >> BTW: You're not going to be able to use 'restrict default ignore'
    >> with a host name, such as pool.ntp.org, which resolves to multiple IP
    >> addresses.
    >>
    >> Here's what your ntp.conf could look like:
    >>
    >> | # server ntp.conf
    >> | driftfile /var/db/ntp.drift
    >> |
    >> | # Allow only time service by default
    >> | restrict default noquery nomodify notrap nopeer
    >> | restrict 127.0.0.1 nomodify
    >> |
    >> | # Remote time servers
    >> | server time.nist.gov iburst
    >> | server pool.ntp.org iburst
    >> | server clock.isc.org iburst
    >> |
    >> | # Authorized clients
    >> | # They are allowed time service and may query ntpd
    >> | restrict 192.168.1.0 mask 255.255.255.0 notrap nopeer nomodify
    >>
    >> A couple of notes (that have no bearing on your current synchronization
    >> problem):
    >>
    >> 1. You ought to use pool servers from your geographical area;
    >> pool.ntp.org can resolve to any one of larger number of time servers
    >> workd wide. See http://ntp.isc.org/pool or http://www.pool.ntp.org for
    >> more information.
    >>
    >> 2. According to the Rules of Engagement (http://ntp.isc.org/rules) you
    >> should not be directly using Stratum-1 time servers unless you meet
    >> certain criteria (such as serving time a large number of clients). You
    >> really ought to choose from the Public Stratum-2 server list (at
    >> http://www.ntp.org/s2 or http://ntp.isc.org/s2) or just use the pool.
    >>
    >> 3. Using only 3 remote time servers doesn't leave you with any back up
    >> if one of them "goes bad". You ought to consider using 4 or 5 remote
    >> time servers.
    >>
    >>> # client ntp.conf-----------------------
    >>> server 192.168.1.1 prefer

    >> Using 'prefer' here is of no benefit.
    >>
    >>> driftfile /var/db/ntp.drift

    >
    > Thank you all (especially kostecke and rgilbert)!!!!
    > It was a combo of things.
    > 1. My config wasn't right. I misunderstood the use of restrict.
    > Actually i'm still a bit confused.
    >
    > It seems as ntp makes a request to a time server, to have the time
    > server set my time. (as opposed to me requesting the time, and i'll set
    > it myself).
    > To sync my time, i have to set my restrict options to allow a remote ip
    > to set my time?
    > I'm still working on my ntp.conf files. What is the absolute minimum
    > access needed to sync my time?
    >
    >
    > Here is what I want to do.
    > On my ntp server:
    > 1. sync my time from a public server
    > 2. allow a subnet on my lan to sync from this server.
    > 3. allow another subnet on my lan to to make sure i'm still in sync.
    > 4. deny everything else from every one.
    >
    > On my hosts:
    > 1. sync my time with from ntp server.
    > 2. allow a subnet on my vlan check to make sure i'm in sync.
    > 3. deny everything else from every one
    >
    >
    >
    > As far as monitoring goes, i think i can just check to make sure my
    > stratum is not < 16 right ?
    >
    > to find my own statum: ntpdc -c sysinfo |grep stratum
    > to find my ntp servers stratum: ntpdc -c "showpeer admin1-nj" | grep stratum
    >
    >
    >
    > Thanks again!
    >
    >
    >



    Also I see what you mean about using a pool with restrict all. I'm
    getting a random server, but I would need to specify access to specific
    servers.

    I was going to put:
    server north-america.pool.ntp.org iburst
    server clock.isc.org iburst
    server time.nist.gov iburst
    server ntp0.cornell.edu iburst
    server sundial.columbia.edu iburst


    but I need to pick individual ones like this instead (if i want to
    restrict default ignore):
    server clock.isc.org iburst
    server time.nist.gov iburst




  8. Re: Can't get time to sync with local time server

    On 2006-12-15, Arty wrote:

    > 1. My config wasn't right. I misunderstood the use of restrict.
    > Actually i'm still a bit confused.
    >
    > It seems as ntp makes a request to a time server, to have the time
    > server set my time. (as opposed to me requesting the time, and i'll
    > set it myself).


    Your ntpd polls a number of time sources (in your cases remote time
    servers) and determines which sources are believable and then which on
    is the current best source. Once ntpd has collected enough data is
    starts to continually discipline your system clock.

    > To sync my time, i have to set my restrict options to allow a remote
    > ip to set my time?


    It's not really a matter of "allowing a remote ip to set your time".

    You have to allow your ntpd to exchange NTP packets with the remote time
    servers you have chosen to use. ntpd uses the data collected from the
    remote time servers to determine which time source to believe.

    If you're _really_ that concerned and don't think that you can find a
    group of time sources that you can trust then you should get a ref-clock
    (e.g. a GPS time source) and use it. Of course, then you'll have to
    trust the GPS constellation.

    > I'm still working on my ntp.conf
    > files. What is the absolute minimum access needed to sync my time?


    The following allows only time service:

    restrict some.time.server nomodify nopeer notrap noquery

    > Here is what I want to do. On my ntp server:
    > 1. sync my time from a public server
    > 2. allow a subnet on my lan to sync from this server.
    > 3. allow another subnet on my lan to to make sure i'm still in sync.
    > 4. deny everything else from every one.


    You need to review http://ntp.isc.org/Support/AccessRestrictions and pay
    attention to the decision tree that guides you through the process of
    setting your default restriction.

    In short ... If your ntpd is behind a stateful firewall or NAT _and_ you
    are not forwarding the ntp port _then_ your ntpd is invisible to the
    outside world.

    The example file I sent to you in a previous message will work (with the
    addition of a restrict line for the "monitor-only" subnet.

    > On my hosts:
    > 1. sync my time with from ntp server.
    > 2. allow a subnet on my vlan check to make sure i'm in sync.
    > 3. deny everything else from every one


    driftfile /path/to/drift/file
    restrict default ignore
    restrict 127.0.0.1 nomodify
    server your.local.server iburst
    restrict your.local.server's.ip nomodify notrap nopeer
    restrict trusted.monitor.subnet mask AAA.BBB.CCC.DDD noserve

    > As far as monitoring goes, i think i can just check to make sure my
    > stratum is not < 16 right ?


    You want to use 'ntpq -p your_time_server' to view your ntpd peer
    billboard. This will tell you if you're synced to one of your time
    source and will show you how ntpd sees those sources.

    > to find my own statum: ntpdc -c sysinfo | ntp servers grep stratum
    > to find my stratum: ntpdc -c "showpeer admin1-nj" | grep stratum


    ntpq -c"rv 0 stratum" your_time_server

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  9. Re: Can't get time to sync with local time server

    On 2006-12-15, Arty wrote:

    > Arty wrote:
    > [---=| Quote block shrinked by t-prot: 95 lines snipped |=---]


    Please trim the quoted material in your reply.

    > but I need to pick individual ones like this instead (if i want to
    > restrict default ignore):


    Why do you need to use 'restrict default ignore'?

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  10. Re: Can't get time to sync with local time server

    Arty wrote:

    > Steve Kostecke wrote:
    >
    >>On 2006-12-14, Arty wrote:
    >>
    >>
    >>>Why can't I set my time???
    >>>
    >>>server ntp.conf-------------
    >>>server time.nist.gov prefer
    >>>server pool.ntp.org
    >>>server clock.isc.org
    >>>
    >>>driftfile /var/db/ntp.drift
    >>>restrict default ignore

    >>
    >>You've told ntpd to ignore all NTP packets form all addresses. Then you
    >>neglected to tell ntpd that it is OK to accept NTP packets from your
    >>time servers.
    >>
    >>You may want to review the Restrictions HOWTO at
    >>http://ntp.isc.org/Support/AccessRestrictions.
    >>
    >>BTW: You're not going to be able to use 'restrict default ignore'
    >>with a host name, such as pool.ntp.org, which resolves to multiple IP
    >>addresses.
    >>
    >>Here's what your ntp.conf could look like:
    >>
    >>| # server ntp.conf
    >>| driftfile /var/db/ntp.drift
    >>|
    >>| # Allow only time service by default
    >>| restrict default noquery nomodify notrap nopeer
    >>| restrict 127.0.0.1 nomodify
    >>|
    >>| # Remote time servers
    >>| server time.nist.gov iburst
    >>| server pool.ntp.org iburst
    >>| server clock.isc.org iburst
    >>|
    >>| # Authorized clients
    >>| # They are allowed time service and may query ntpd
    >>| restrict 192.168.1.0 mask 255.255.255.0 notrap nopeer nomodify
    >>
    >>A couple of notes (that have no bearing on your current synchronization
    >>problem):
    >>
    >>1. You ought to use pool servers from your geographical area;
    >>pool.ntp.org can resolve to any one of larger number of time servers
    >>workd wide. See http://ntp.isc.org/pool or http://www.pool.ntp.org for
    >>more information.
    >>
    >>2. According to the Rules of Engagement (http://ntp.isc.org/rules) you
    >>should not be directly using Stratum-1 time servers unless you meet
    >>certain criteria (such as serving time a large number of clients). You
    >>really ought to choose from the Public Stratum-2 server list (at
    >>http://www.ntp.org/s2 or http://ntp.isc.org/s2) or just use the pool.
    >>
    >>3. Using only 3 remote time servers doesn't leave you with any back up
    >>if one of them "goes bad". You ought to consider using 4 or 5 remote
    >>time servers.
    >>
    >>
    >>># client ntp.conf-----------------------
    >>>server 192.168.1.1 prefer

    >>
    >>Using 'prefer' here is of no benefit.
    >>
    >>
    >>>driftfile /var/db/ntp.drift

    >>

    >
    > Thank you all (especially kostecke and rgilbert)!!!!
    > It was a combo of things.
    > 1. My config wasn't right. I misunderstood the use of restrict.
    > Actually i'm still a bit confused.
    >


    Avoid "restrict" until you know what problem you are trying to solve!
    Then read the documentation carefully. Very carefully!!!

    > It seems as ntp makes a request to a time server, to have the time
    > server set my time. (as opposed to me requesting the time, and i'll set
    > it myself).


    Not quite. The NTP daemon, ntpd, sends several request packets to the
    server to learn the round trip delay and determine how good the server
    and the network connection to it are. It will then adjust your clock.

    Ntpd will set, or step, your clock if it is off by more than the step
    threshold (128 milliseconds) and less than the panic threshold (1024
    seconds). Otherwise it adjusts the frequency of the clock oscillator to
    "slew" the clock to the correct time. It then readjusts the frequency
    to maintain the correct time. When the clock is tuned to its
    satisfaction, ntpd will gradually increase the polling interval until it
    is querying the server once every 1024 seconds.

    > To sync my time, i have to set my restrict options to allow a remote ip
    > to set my time?


    NO! The remote server tells your NTP daemon what time it thinks it is.
    It is customary to use at least four servers in order to be able to
    detect and reject a server that is offering incorrect time. Your NTP
    daemon adjusts your clock.

    > I'm still working on my ntp.conf files. What is the absolute minimum
    > access needed to sync my time?
    >


    If you are that paranoid about security, perhaps you should get a
    hardware reference clock, such as a GPS timing receiver, and forget
    about using internet servers.
    >
    > Here is what I want to do.
    > On my ntp server:
    > 1. sync my time from a public server
    > 2. allow a subnet on my lan to sync from this server.
    > 3. allow another subnet on my lan to to make sure i'm still in sync.
    > 4. deny everything else from every one.
    >
    > On my hosts:
    > 1. sync my time with from ntp server.
    > 2. allow a subnet on my vlan check to make sure i'm in sync.
    > 3. deny everything else from every one
    >
    >
    >
    > As far as monitoring goes, i think i can just check to make sure my
    > stratum is not < 16 right ?


    Try "ntpq -p" at least thirty minutes after you start ntpd. It will
    show each server you are using, the reference that each server is using,
    etc, etc. Here is a sample with server id's obscured.

    sunblok_$ ntpq -p
    remote refid st t when poll reach delay offset
    jitter
    ================================================== ============================
    *GPS_ONCORE(0) .GPS. 0 l 6 16 377 0.000 0.002
    0.001
    xsunburn .. 1 u 43 64 377 0.452 -40.698
    0.273
    + .PSC. 1 u 62 64 377 17.446 2.024
    3.751
    + .CDMA. 1 u 47 64 377 16.967 3.776
    0.697
    - 128.4.1.1 2 u 24 64 377 15.796 2.071
    1.025
    - 128.59.39.48 2 u 43 64 377 12.664 1.833
    1.887
    LOCAL(0) .LOCL. 10 l 4 64 377 0.000 0.000
    0.000

    "remote" is the address of the server.
    "refid" is the source of the server's time.
    "st" is stratum.
    "t" is type; "l" for local and "u" for ?? (maybe unknown)
    "when" is the number of seconds since that server last responded
    "poll" is the poll interval
    "reach" is an octal number representing an eight bit shift register. A
    one bit is shifted in from the right each time the server responds to a
    query; a zero bit is shifted in when the server fails to respond. A
    value of "377" means the last eight queries received replies.
    "delay" is the round trip delay in milliseconds
    "Offset" is the difference between your clock and the server's clock.
    "jitter" is a measure of the "noise" in the time value received.

    If you configure it so, ntpd will write a "peerstats" file which you can
    analyze statistically or graphically to monitor server and network
    quality. See:
    http://ntp.isc.org/bin/view/Support/...ControllingNTP


  11. Re: Can't get time to sync with local time server

    On 2006-12-15, Richard B. Gilbert wrote:

    > Arty wrote:
    >
    > [---=| Quote block shrinked by t-prot: 67 lines snipped |=---]


    Please trim the quoted material in your article.

    >> As far as monitoring goes, i think i can just check to make sure my
    >> stratum is not < 16 right ?

    >
    > Try "ntpq -p" at least thirty minutes after you start ntpd.


    It is not necessary to wait thirty minutes before using ntpq. You will
    begin to see information about your ntpd peer associations almost
    immediately.

    The amount of time that it takes for ntpd to select a sys-peer (i.e.
    become synced) depends on a number of factors. But, in general, a
    sys-peer should be selected within about 8 minutes after ntpd starts.

    If you are using 'iburst' on your server lines _and_ you "pre-set" your
    system clock, by using ntpdate or ntpd -gq, before starting ntpd you
    may see the '*' tally code next to your sys-peer (i.e. the chosen time
    server) in as little as 15 - 30 seconds.

    If you are not using 'iburst' and/or ntpd has to step the clock during
    the initial setting you will not see the '*' tally code until ntpd has
    been operating for about 8 minutes.

    Once you see the '*' your ntpd is operating at the stratum of that peer
    +1. If your sys-peer is at stratum 2 your ntpd is at stratum 3. And so
    on.

    > "t" is type; "l" for local and "u" for ?? (maybe unknown)


    unicast (i.e. the "normal" client <-> server association)

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  12. Re: Can't get time to sync with local time server

    On 2006-12-14, Richard B. Gilbert wrote:

    > Do you see where it says "stratum 16"?? Stratum 16 is not a "stratum",
    > it is a flag saying this server is not synchronized!!!


    Stratum 16 _is_ a valid stratum. It just happens to indicate an
    unsynchronized state.

    An ntpd operating at Stratum 1 is synchronized to a local ref-clock.

    An ntpd operating at Stratum 2 is synchronized to an ntpd operating at
    Stratum 1.

    ....

    An ntpd operating at Stratum 15 is synchronized to an ntpd operating at
    Stratum 14.

    An ntpd operating at Stratum 16 is not synchronized.

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  13. Re: Can't get time to sync with local time server

    Steve Kostecke wrote:

    > On 2006-12-14, Richard B. Gilbert wrote:
    >
    >
    >>Do you see where it says "stratum 16"?? Stratum 16 is not a "stratum",
    >>it is a flag saying this server is not synchronized!!!

    >
    >
    > Stratum 16 _is_ a valid stratum. It just happens to indicate an
    > unsynchronized state.


    > An ntpd operating at Stratum 16 is not synchronized.
    >


    That's what I said. In a LOT FEWER WORDS!!!

  14. Re: Can't get time to sync with local time server

    On 2006-12-15, Richard B. Gilbert wrote:

    > Steve Kostecke wrote:
    >
    >> On 2006-12-14, Richard B. Gilbert wrote:
    >>
    >>>Do you see where it says "stratum 16"?? Stratum 16 is not a
    >>>"stratum", it is a flag saying this server is not synchronized!!!

    >>
    >> Stratum 16 _is_ a valid stratum. It just happens to indicate an
    >> unsynchronized state.

    >
    >
    >
    >> An ntpd operating at Stratum 16 is not synchronized.

    >
    > That's what I said. In a LOT FEWER WORDS!!!


    No, that's not what you said. In the text quoted above you clearly
    state:

    "Stratum 16 is not a 'stratum', it is a flag saying
    this server is not synchronized!!!"

    Stratum 16 is one of the 16 valid strata that an ntpd can operate at.
    It so happens that this particular stratum indicates an unsynchronized
    state (or that an ntpd is synchronized to a S15 time source).

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  15. Re: Can't get time to sync with local time server

    "Arty" wrote in message
    news:4581F551.2000400@domain.tld...
    [...]
    > I'm still working on my ntp.conf files. What is the absolute minimum
    > access needed to sync my time?


    'server ntp'. That's _all_.

    It assumes that you have a working internal server that has a name
    (probably an alias) 'ntp' in DNS. This configuration file is then for
    your internal clients.

    Adding the iburst flag is a good idea. Adding a line for the drift
    file is a good idea. Adding more servers is a good idea. Adding
    restrictions is a good idea... once you understand them.

    Groetjes,
    Maarten Wiltink



+ Reply to Thread