Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
setup server ntp problems
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pigreco
Apprentice
Apprentice


Joined: 16 Nov 2005
Posts: 178
Location: Italia

PostPosted: Mon Sep 16, 2013 4:21 pm    Post subject: setup server ntp problems Reply with quote

Hello,
I'm trying without success to setup a NTP server for synchronize multiple servers in my private lan.
I always get one stratum = 16 for the server that I made and I can not understand what the problem is, the firewall should be ok and I have no error in the logs.

some info:
ntpd.conf:
Code:
server 212.45.144.16 iburst
server 212.121.88.250 iburst
server 127.127.1.0
fudge  127.127.1.0 stratum 10

# you should not need to modify the following paths
driftfile   /var/lib/ntp/ntp.drift

# logfile defaults to /var/log/messages
logfile /var/log/ntp.log

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Allow local lans to sync
restrict 192.168.1.0 mask 255.0.0.0 nomodify notrap



Code:
ntpq -c pe
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 saguaro.bilink. .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 212.121.88.250  .INIT.          16 u    - 1024    0    0.000    0.000   0.000
*LOCAL(0)        .LOCL.          10 l   50   64  377    0.000    0.000   0.000


remote servers ntp are reached:
Code:
ntpdate -d 212.121.88.250
16 Sep 13:47:02 ntpdate[12248]: ntpdate 4.2.6p5@1.2349-o Wed Sep 11 14:31:08 UTC 2013 (1)
transmit(212.121.88.250)
receive(212.121.88.250)
transmit(212.121.88.250)
receive(212.121.88.250)
transmit(212.121.88.250)
receive(212.121.88.250)
transmit(212.121.88.250)
receive(212.121.88.250)
server 212.121.88.250, port 123
stratum 2, precision -20, leap 00, trust 000
refid [212.121.88.250], delay 0.03352, dispersion 0.00012
transmitted 4, in filter 4
reference time:    d5e1690d.98d18648  Mon, Sep 16 2013 13:25:01.596
originate timestamp: d5e16e3e.984a086c  Mon, Sep 16 2013 13:47:10.594
transmit timestamp:  d5e16e3d.11b29f28  Mon, Sep 16 2013 13:47:09.069
filter delay:  0.03352  0.03462  0.03395  0.03380
         0.00000  0.00000  0.00000  0.00000
filter offset: 1.521704 1.522278 1.521833 1.521629
         0.000000 0.000000 0.000000 0.000000
delay 0.03352, dispersion 0.00012
offset 1.521704

16 Sep 13:47:09 ntpdate[12248]: step time server 212.121.88.250 offset 1.521704 sec



ntpq -crv:
Code:
associd=0 status=0515 leap_none, sync_local, 1 event, clock_sync,
version="ntpd 4.2.6p5@1.2349-o Wed Sep 11 14:31:06 UTC 2013 (1)",
processor="x86_64", system="Linux/3.7.5-hardened-r1", leap=00,
stratum=11, precision=-23, rootdelay=0.000, rootdisp=11.151,
refid=LOCAL(0), reftime=d5e16e9e.1e8b5fbe  Mon, Sep 16 2013 13:48:46.119,
clock=d5e16ead.8b335f1d  Mon, Sep 16 2013 13:49:01.543, peer=23637, tc=6,
mintc=3, offset=0.000, frequency=0.000, sys_jitter=0.000,
clk_jitter=0.000, clk_wander=0.000


stratum=11 come from localhost setting:

Code:
 server 127.127.1.0
fudge  127.127.1.0 stratum 10


otherwise it would be = 16,
every suggestion is very welcome, thank you,

Maurizio
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1235
Location: 42.68n 85.41w

PostPosted: Mon Sep 16, 2013 10:07 pm    Post subject: Reply with quote

su -c '/etc/init.d/ntpd status'

reports?

if stopped try

su -c '/etc/init.d/ntpd start'

see https://wiki.gentoo.org/wiki/NTP
_________________
cat /etc/*-release
Funtoo Linux - baselayout 2.2.0
consider this warning no. 1
https://wiki.gentoo.org/index.php?title=Special:Contributions/666threesixes666&offset=&limit=500&target=666threesixes666
Back to top
View user's profile Send private message
pigreco
Apprentice
Apprentice


Joined: 16 Nov 2005
Posts: 178
Location: Italia

PostPosted: Tue Sep 17, 2013 7:32 am    Post subject: Reply with quote

hi,
thanks for reply

Code:

su -c '/etc/init.d/ntpd status'
 * status: started


I have saw the wiki and some others tutorial on Internet but I can't found what is the problem.

regards,
Maurizio
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1235
Location: 42.68n 85.41w

PostPosted: Tue Sep 17, 2013 3:10 pm    Post subject: Reply with quote

"# Allow local lans to sync
restrict 192.168.1.0 mask 255.0.0.0 nomodify notrap "

what ip addresses do the clients have? if they are 192.168.1.X they should be able to sync. id change that line around to 0.0.0.0 so everyone can sync, but not modify.
_________________
cat /etc/*-release
Funtoo Linux - baselayout 2.2.0
consider this warning no. 1
https://wiki.gentoo.org/index.php?title=Special:Contributions/666threesixes666&offset=&limit=500&target=666threesixes666
Back to top
View user's profile Send private message
pigreco
Apprentice
Apprentice


Joined: 16 Nov 2005
Posts: 178
Location: Italia

PostPosted: Wed Sep 18, 2013 7:58 am    Post subject: Reply with quote

hi, 666threesixes666,
yes the clients ip address are 192.168.1.X

but my problem is that my LAN ntp master not syncronize itself with network ntp servers, it's stratum is always too hight
Back to top
View user's profile Send private message
Aiken
Tux's lil' helper
Tux's lil' helper


Joined: 22 Jan 2003
Posts: 130
Location: Toowoomba/Australia

PostPosted: Wed Sep 18, 2013 10:06 pm    Post subject: Reply with quote

When ntp queries remote servers it uses a source port of 123, ie local_machine:123 to remote_machine:123. The ntpq -crv will use an unprivileged port as the source port, mine just did local_machine:37670 to remote_machine:123.

If incoming packets to port 123 are blocked then the ntpq -crv you did will work fine but ntp itself won't receive any replies to time requests it sends. Try finding out if and where incoming packets to port 123 are being blocked. The ntpq -crv working shows out going packets to port 123 work. The stratum of 16 and reach of 0 that ntp is showing indicate it is not receiving any replies leaving me wondering if incoming packets to port 123 are blocked.

Easy enough to watch the traffic with tcpdump. Assuming eth0 then -> tcpdump -i eth0 port 123

When ntp is receiving packets you should start seeing the stratum of the remote servers and reach of 1 with in seconds after ntpd is started. Once you have that sorted I suggest you add at least 1 more server. 2 servers can work but it won't be reliable. While the 2 servers are close enough ntp will select one of them but too much of a difference then ntp won't chose either. This is fixed by having at least 3 servers.

The 2 servers you are using look to be from pool.ntp.org project and in europe so if you are going to use the pool you could remove the 2 server lines and just use

pool europe.pool.ntp.org

That gives me 4 servers. Hard coding the ip in ntp.conf can mean you send up trying to use non existent ntp servers if they are closed down.
_________________
Beware the grue.
Back to top
View user's profile Send private message
pigreco
Apprentice
Apprentice


Joined: 16 Nov 2005
Posts: 178
Location: Italia

PostPosted: Thu Sep 19, 2013 8:21 am    Post subject: Reply with quote

hi, thanks for help
now after days of attempts I'm confusing...
I ave check again the firewall configuration and it seems to be correct but I can't see incoming comunications from time servers over internet

Code:
10:13:57.849416 IP 77.72.24.67.ntp > 213.209.109.45.ntp: NTPv4, Client, length 48
10:13:58.849438 IP 77.72.24.67.ntp > 217.79.179.16.ntp: NTPv4, Client, length 48
10:14:03.849411 IP 77.72.24.67.ntp > 195.200.224.66.ntp: NTPv4, Client, length 48
10:14:08.849439 IP 77.72.24.67.ntp > 144.76.96.7.ntp: NTPv4, Client, length 48
10:18:14.849439 IP 77.72.24.67.ntp > 217.79.179.16.ntp: NTPv4, Client, length 48
10:18:17.849411 IP 77.72.24.67.ntp > 213.209.109.45.ntp: NTPv4, Client, length 48
10:18:20.849437 IP 77.72.24.67.ntp > 195.200.224.66.ntp: NTPv4, Client, length 48
10:18:26.849438 IP 77.72.24.67.ntp > 144.76.96.7.ntp: NTPv4, Client, length 48


if i call my server(77.72.24.67) from my workstation (62.94.216.51):
Code:

10:06:32.016090 IP 62.94.216.51.64418 > 77.72.24.67.ntp: NTPv4, Client, length 48
10:06:32.016200 IP 77.72.24.67.ntp > 62.94.216.51.64418: NTPv4, Server, length 48


it seems ok


any ideas?
Back to top
View user's profile Send private message
Aiken
Tux's lil' helper
Tux's lil' helper


Joined: 22 Jan 2003
Posts: 130
Location: Toowoomba/Australia

PostPosted: Thu Sep 19, 2013 9:36 am    Post subject: Reply with quote

To help confuse it a bit more I just used ntpdate -q <your ip> to query it from Australia. It showed as stratum 11 and approx 2.7 seconds from correct time.
_________________
Beware the grue.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum