ntpd help needed (SOLVED)

Message

Akaihiryuu · Post by **Akaihiryuu** » Tue Nov 29, 2005 8:43 am

I'm having issues running ntpd on my LAN. As far as I can tell, it's keeping the time synchronized on the server itself, but the clients don't work. Here's my /etc/ntp.conf:

server pool.ntp.org
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
restrict default ignore
restrict 127.0.0.1
restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap

Here's /etc/hosts.allow

ALL:127.0.0.1
ALL:*.internal.lan
sshd:ALL

and /etc/hosts.deny

ALL:ALL

and the relevant lines from netstat -l

udp 0 0 d60-65-182-141.col.:ntp *:*
udp 0 0 triforce.internal.l:ntp *:*
udp 0 0 triforce.internal.l:ntp *:*
udp 0 0 *:ntp *:*
udp 0 0 *:ntp *:*

(I have no idea why there are duplicates there)

And here's the /etc/conf.d/ntp-client from a client:

NTPCLIENT_CMD="ntpdate"
NTPCLIENT_OPTS="-b triforce"
NTPCLIENT_TIMEOUT=30

nall # ntpdate -q triforce
server 192.168.0.1, stratum 16, offset 0.000004, delay 0.02567
29 Nov 03:39:53 ntpdate[23794]: no server suitable for synchronization found

nall # ntpdate triforce
29 Nov 03:40:25 ntpdate[23809]: the NTP socket is in use, exiting

I'm pulling my hair out over this, can't figure out wtf is wrong. Anyone have any ideas? I really don't think the hosts.allow/hosts.deny are the problem, because all my other services work.

I just ran ntpdate on localhost on that machine, to get some additional information, and my server is showing up in stratum 16...I guess that means it's not synchronized. Could that be the problem? And if so, how do I correct it?

triforce akai # ntpdate -vq localhost
29 Nov 04:12:32 ntpdate[23927]: ntpdate 4.2.0a@1.1190-r Sun Nov 13 00:41:42 EST 2005 (1)
server 127.0.0.1, stratum 16, offset 0.000001, delay 0.02565
29 Nov 04:12:32 ntpdate[23927]: no server suitable for synchronization found

PaulBredbury · Post by **PaulBredbury** » Tue Nov 29, 2005 9:14 am

Akaihiryuu wrote:As far as I can tell, it's keeping the time synchronized on the server itself

server 192.168.0.1, stratum 16, offset 0.000004, delay 0.02567

The server's stratum will be lower than 16 if it is synchronizing from other time servers properly. At 16, the client rejects it.

Akaihiryuu · Post by **Akaihiryuu** » Tue Nov 29, 2005 9:30 am

I see...I've been reading documentation, and it looks like you're supposed to select at least 3 servers for it to work properly. I got rid of pool.ntp.org and added 0.us.pool.ntp.org, 1.us.pool.ntp.org, and 2.us.pool.ntp.org. Hopefully in a few hours it'll settle down and sync properly.

PaulBredbury · Post by **PaulBredbury** » Tue Nov 29, 2005 9:48 am

It will only take minutes, not hours

Akaihiryuu · Post by **Akaihiryuu** » Tue Nov 29, 2005 6:44 pm

No luck...it's been running for about 8 hours right now, but it still says my server is stratum 16. I checked netstat and no connections are showing up in there either, which I find odd. I know ntp uses UDP, do those connections just not show up in netstat? Only log entry is this:

29 Nov 05:19:46 ntpd[10005]: parent died before we finished, exiting

I'm restarting it now...but it doesn't look like it works very well.

Akaihiryuu · Post by **Akaihiryuu** » Tue Nov 29, 2005 6:47 pm

No luck on restarting it...that message comes back almost immediately.

PaulBredbury · Post by **PaulBredbury** » Tue Nov 29, 2005 6:50 pm

Anything in /var/log/ntp.log? Try following the howto precisely.

Akaihiryuu · Post by **Akaihiryuu** » Tue Nov 29, 2005 6:52 pm

I've followed both the howto in the home router guide, and another one that I found on Gentoo Wiki. It just doesn't seem to work. I either get nothing in the log (other than the program exiting when I restart it), or the notice that the parent died that I posted above. But either way...the server doesn't seem to function and stays at statum 16. Could my firewall possibly be blocking it? Do I need to allow UDP on port 123? I don't see why I'd need to...the other shouldn't be trying to connect to me.

PaulBredbury · Post by **PaulBredbury** » Tue Nov 29, 2005 7:10 pm

I've just added a firewall section to the howto. Read it, and its mention of "ntpq", and its configuration files.

Akaihiryuu · Post by **Akaihiryuu** » Tue Nov 29, 2005 7:26 pm

I already have that exact firewall rule set, so that shouldn't be a problem. The ntp server is still not doing anything at all. It didn't even leave any logs this time. I'm lost.

Akaihiryuu · Post by **Akaihiryuu** » Tue Nov 29, 2005 9:33 pm

After a couple of hours, still NOTHING in the ntp log file. The last entry was when I shut it down when I restarted it. I don't know what it's doing, but it's definitely NOT trying to communicate with any remote servers. I've been over my configuration file 3 times, and I know it's not a firewall issue, I've been over my firewall too, no outgoing traffic is being blocked and I'm doing state matching on my incoming connections like you suggested...it's been set up that way from day 1. Do I maybe need to set the "iburst" option in the config file?

PaulBredbury · Post by **PaulBredbury** » Wed Nov 30, 2005 12:57 am

You obviously don't care to RTFM. The howto works. Your setup (which is different to the howto) doesn't work. See the solution here? Why are you ignoring ntpq? Why do you mention iburst - are you running dnsmasq?

Akaihiryuu · Post by **Akaihiryuu** » Wed Nov 30, 2005 1:17 am

I don't see how my setup is different from the howto. I even did the netselect -s 3 thing to choose the 3 fastest servers. I tried ntpq and it told me I'm connected to the 3 servers I put in

triforce akai # ntpq -c pe
remote refid st t when poll reach delay offset jitter
==============================================================================
sfobug.org .INIT. 16 u - 64 0 0.000 0.000 4000.00
surveyor.mars.o .INIT. 16 u - 64 0 0.000 0.000 4000.00
eddie.psaux.com .INIT. 16 u - 64 0 0.000 0.000 4000.00

I'm still getting NOTHING in ntp.log. I altered my firewall so it's exactly as the howto specified, still the exact same thing.

Akaihiryuu · Post by **Akaihiryuu** » Wed Nov 30, 2005 2:12 am

Here's a dump of starting ntpd in /var/log/messages:

Nov 29 21:10:46 triforce ntpd[9760]: ntpd 4.2.0a@1.1190-r Sun Nov 13 00:41:39 EST 2005 (1)
Nov 29 21:10:46 triforce ntpd[9760]: precision = 2.000 usec
Nov 29 21:10:46 triforce ntpd[9760]: Listening on interface wildcard, 0.0.0.0#123
Nov 29 21:10:46 triforce ntpd[9760]: Listening on interface wildcard, ::#123
Nov 29 21:10:46 triforce ntpd[9760]: Listening on interface lo, 127.0.0.1#123
Nov 29 21:10:46 triforce ntpd[9760]: Listening on interface eth0, 192.168.0.1#123
Nov 29 21:10:46 triforce ntpd[9760]: Listening on interface eth1, 65.60.141.182#123
Nov 29 21:10:46 triforce ntpd[9760]: kernel time sync status 0040
Nov 29 21:10:46 triforce ntpd[9760]: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift

And here's a dump of /var/log/ntp.log

29 Nov 05:09:09 ntpd[24352]: ntpd exiting on signal 15
29 Nov 05:19:21 ntpd[9507]: ntpd exiting on signal 15
29 Nov 05:19:46 ntpd[10005]: parent died before we finished, exiting
29 Nov 13:44:49 ntpd[11054]: ntpd exiting on signal 15
29 Nov 13:44:56 ntpd[11055]: parent died before we finished, exiting
29 Nov 13:46:05 ntpd[27018]: ntpd exiting on signal 15
29 Nov 19:49:35 ntpd[27151]: ntpd exiting on signal 15
29 Nov 20:04:56 ntpd[6532]: ntpd exiting on signal 15
29 Nov 21:03:25 ntpd[7140]: ntpd exiting on signal 15
29 Nov 21:10:44 ntpd[9314]: ntpd exiting on signal 15

each "exiting" entry is where I restarted ntpd after conf file changes. ntp-client (which uses ntpdate -q) works fine.

Here's some output of a query from ntpdate:

triforce akai # ntpdate -qv 0.us.pool.ntp.org
29 Nov 21:17:07 ntpdate[9983]: ntpdate 4.2.0a@1.1190-r Sun Nov 13 00:41:42 EST 2005 (1)
server 65.71.16.189, stratum 2, offset 0.239333, delay 0.08925
server 209.215.186.11, stratum 2, offset 0.236664, delay 0.08974
server 209.126.142.251, stratum 2, offset 0.239199, delay 0.09792
server 69.17.7.16, stratum 2, offset 0.252220, delay 0.12277
server 207.177.51.228, stratum 2, offset 0.245620, delay 0.05974
server 216.27.160.99, stratum 1, offset 0.241766, delay 0.09485
server 216.136.10.198, stratum 2, offset 0.240326, delay 0.04654
server 216.162.200.152, stratum 1, offset 0.222346, delay 0.13109
server 4.23.190.230, stratum 1, offset 0.248056, delay 0.08957
server 66.17.252.26, stratum 2, offset 0.239144, delay 0.06364
server 128.10.252.10, stratum 2, offset 0.201821, delay 0.12872
server 198.144.194.12, stratum 2, offset 0.240157, delay 0.09346
29 Nov 21:17:10 ntpdate[9983]: adjust time server 4.23.190.230 offset 0.248056 sec

I can obviously query other time servers...I just can't figure out what the problem is here. It doesn't make any sense at all.

Akaihiryuu · Post by **Akaihiryuu** » Wed Nov 30, 2005 3:50 am

Hm...sudden idea. Could it possibly be something in my /etc/conf.d/ntpd? Right now the only option in there is "-u ntp:ntp"

Akaihiryuu · Post by **Akaihiryuu** » Wed Nov 30, 2005 5:08 am

Fixed! It was the restrict lines in my ntp.conf. I was using restrict default ignore and didn't realize that would restrict my server from contacting others. I changed it to restrict default nomodify notrap noquery, then restrict 127.0.0.1 and restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap, now it's working fine. I feel kind of dumb now...but then the howto I was reading didn't really go into restrict lines very thoroughly. I had to read another howto I found on google to find that out. My ntpd is now synced and is sitting at stratum 2. I found that adding the iburst lines to the local machines that sync to my server will greatly speed up their syncing, so I added that to them, which helps since they're not on all the time like the server is.

ntpd help needed (SOLVED)

ntpd help needed (SOLVED)

Re: ntpd help needed