| View previous topic :: View next topic |
| Author |
Message |
pigreco
Apprentice
Joined: 16 Nov 2005
Posts: 223
Location: Italia
|
 Posted: Mon Sep 16, 2013 4:21 pm Post subject: setup server ntp problems |
 |
|
Hello,
I'm trying without success to setup a NTP server for synchronize multiple servers in my private lan.
I always get one stratum = 16 for the server that I made and I can not understand what the problem is, the firewall should be ok and I have no error in the logs.
some info:
ntpd.conf:
| Code: | server 212.45.144.16 iburst
server 212.121.88.250 iburst
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# you should not need to modify the following paths
driftfile /var/lib/ntp/ntp.drift
# logfile defaults to /var/log/messages
logfile /var/log/ntp.log
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Allow local lans to sync
restrict 192.168.1.0 mask 255.0.0.0 nomodify notrap
|
| Code: | ntpq -c pe
remote refid st t when poll reach delay offset jitter
==============================================================================
saguaro.bilink. .INIT. 16 u - 1024 0 0.000 0.000 0.000
212.121.88.250 .INIT. 16 u - 1024 0 0.000 0.000 0.000
*LOCAL(0) .LOCL. 10 l 50 64 377 0.000 0.000 0.000 |
remote servers ntp are reached:
| Code: | ntpdate -d 212.121.88.250
16 Sep 13:47:02 ntpdate[12248]: ntpdate 4.2.6p5@1.2349-o Wed Sep 11 14:31:08 UTC 2013 (1)
transmit(212.121.88.250)
receive(212.121.88.250)
transmit(212.121.88.250)
receive(212.121.88.250)
transmit(212.121.88.250)
receive(212.121.88.250)
transmit(212.121.88.250)
receive(212.121.88.250)
server 212.121.88.250, port 123
stratum 2, precision -20, leap 00, trust 000
refid [212.121.88.250], delay 0.03352, dispersion 0.00012
transmitted 4, in filter 4
reference time: d5e1690d.98d18648 Mon, Sep 16 2013 13:25:01.596
originate timestamp: d5e16e3e.984a086c Mon, Sep 16 2013 13:47:10.594
transmit timestamp: d5e16e3d.11b29f28 Mon, Sep 16 2013 13:47:09.069
filter delay: 0.03352 0.03462 0.03395 0.03380
0.00000 0.00000 0.00000 0.00000
filter offset: 1.521704 1.522278 1.521833 1.521629
0.000000 0.000000 0.000000 0.000000
delay 0.03352, dispersion 0.00012
offset 1.521704
16 Sep 13:47:09 ntpdate[12248]: step time server 212.121.88.250 offset 1.521704 sec |
ntpq -crv:
| Code: | associd=0 status=0515 leap_none, sync_local, 1 event, clock_sync,
version="ntpd 4.2.6p5@1.2349-o Wed Sep 11 14:31:06 UTC 2013 (1)",
processor="x86_64", system="Linux/3.7.5-hardened-r1", leap=00,
stratum=11, precision=-23, rootdelay=0.000, rootdisp=11.151,
refid=LOCAL(0), reftime=d5e16e9e.1e8b5fbe Mon, Sep 16 2013 13:48:46.119,
clock=d5e16ead.8b335f1d Mon, Sep 16 2013 13:49:01.543, peer=23637, tc=6,
mintc=3, offset=0.000, frequency=0.000, sys_jitter=0.000,
clk_jitter=0.000, clk_wander=0.000 |
stratum=11 come from localhost setting:
| Code: | server 127.127.1.0
fudge 127.127.1.0 stratum 10 |
otherwise it would be = 16,
every suggestion is very welcome, thank you,
Maurizio |
|
| Back to top |
|
 |
666threesixes666
Veteran
Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w
|
| Posted: Mon Sep 16, 2013 10:07 pm Post subject: |
|
|
su -c '/etc/init.d/ntpd status'
reports?
if stopped try
su -c '/etc/init.d/ntpd start'
see https://wiki.gentoo.org/wiki/NTP |
|
| Back to top |
|
|
pigreco
Apprentice
Joined: 16 Nov 2005
Posts: 223
Location: Italia
|
| Posted: Tue Sep 17, 2013 7:32 am Post subject: |
|
|
hi,
thanks for reply
| Code: |
su -c '/etc/init.d/ntpd status'
* status: started
|
I have saw the wiki and some others tutorial on Internet but I can't found what is the problem.
regards,
Maurizio |
|
| Back to top |
|
|
666threesixes666
Veteran
Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w
|
| Posted: Tue Sep 17, 2013 3:10 pm Post subject: |
|
|
"# Allow local lans to sync
restrict 192.168.1.0 mask 255.0.0.0 nomodify notrap "
what ip addresses do the clients have? if they are 192.168.1.X they should be able to sync. id change that line around to 0.0.0.0 so everyone can sync, but not modify. |
|
| Back to top |
|
|
pigreco
Apprentice
Joined: 16 Nov 2005
Posts: 223
Location: Italia
|
| Posted: Wed Sep 18, 2013 7:58 am Post subject: |
|
|
hi, 666threesixes666,
yes the clients ip address are 192.168.1.X
but my problem is that my LAN ntp master not syncronize itself with network ntp servers, it's stratum is always too hight |
|
| Back to top |
|
|
Aiken
Apprentice
Joined: 22 Jan 2003
Posts: 239
Location: Toowoomba/Australia
|
| Posted: Wed Sep 18, 2013 10:06 pm Post subject: |
|
|
When ntp queries remote servers it uses a source port of 123, ie local_machine:123 to remote_machine:123. The ntpq -crv will use an unprivileged port as the source port, mine just did local_machine:37670 to remote_machine:123.
If incoming packets to port 123 are blocked then the ntpq -crv you did will work fine but ntp itself won't receive any replies to time requests it sends. Try finding out if and where incoming packets to port 123 are being blocked. The ntpq -crv working shows out going packets to port 123 work. The stratum of 16 and reach of 0 that ntp is showing indicate it is not receiving any replies leaving me wondering if incoming packets to port 123 are blocked.
Easy enough to watch the traffic with tcpdump. Assuming eth0 then -> tcpdump -i eth0 port 123
When ntp is receiving packets you should start seeing the stratum of the remote servers and reach of 1 with in seconds after ntpd is started. Once you have that sorted I suggest you add at least 1 more server. 2 servers can work but it won't be reliable. While the 2 servers are close enough ntp will select one of them but too much of a difference then ntp won't chose either. This is fixed by having at least 3 servers.
The 2 servers you are using look to be from pool.ntp.org project and in europe so if you are going to use the pool you could remove the 2 server lines and just use
pool europe.pool.ntp.org
That gives me 4 servers. Hard coding the ip in ntp.conf can mean you send up trying to use non existent ntp servers if they are closed down.
_________________
Beware the grue. |
|
| Back to top |
|
|
pigreco
Apprentice
Joined: 16 Nov 2005
Posts: 223
Location: Italia
|
| Posted: Thu Sep 19, 2013 8:21 am Post subject: |
|
|
hi, thanks for help
now after days of attempts I'm confusing...
I ave check again the firewall configuration and it seems to be correct but I can't see incoming comunications from time servers over internet
| Code: | 10:13:57.849416 IP 77.72.24.67.ntp > 213.209.109.45.ntp: NTPv4, Client, length 48
10:13:58.849438 IP 77.72.24.67.ntp > 217.79.179.16.ntp: NTPv4, Client, length 48
10:14:03.849411 IP 77.72.24.67.ntp > 195.200.224.66.ntp: NTPv4, Client, length 48
10:14:08.849439 IP 77.72.24.67.ntp > 144.76.96.7.ntp: NTPv4, Client, length 48
10:18:14.849439 IP 77.72.24.67.ntp > 217.79.179.16.ntp: NTPv4, Client, length 48
10:18:17.849411 IP 77.72.24.67.ntp > 213.209.109.45.ntp: NTPv4, Client, length 48
10:18:20.849437 IP 77.72.24.67.ntp > 195.200.224.66.ntp: NTPv4, Client, length 48
10:18:26.849438 IP 77.72.24.67.ntp > 144.76.96.7.ntp: NTPv4, Client, length 48 |
if i call my server(77.72.24.67) from my workstation (62.94.216.51):
| Code: |
10:06:32.016090 IP 62.94.216.51.64418 > 77.72.24.67.ntp: NTPv4, Client, length 48
10:06:32.016200 IP 77.72.24.67.ntp > 62.94.216.51.64418: NTPv4, Server, length 48
|
it seems ok
any ideas? |
|
| Back to top |
|
|
Aiken
Apprentice
Joined: 22 Jan 2003
Posts: 239
Location: Toowoomba/Australia
|
| Posted: Thu Sep 19, 2013 9:36 am Post subject: |
|
|
To help confuse it a bit more I just used ntpdate -q <your ip> to query it from Australia. It showed as stratum 11 and approx 2.7 seconds from correct time.
_________________
Beware the grue. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
