View previous topic :: View next topic |
Author |
Message |
zojas Veteran
Joined: 22 Apr 2002 Posts: 1138 Location: Phoenix, AZ
|
Posted: Tue Sep 30, 2003 2:02 pm Post subject: |
|
|
the ntp-client seems to be designed to set your clock once to get it in the ballpark. then ntpd runs after that.
this used to be handled by the ntpd script. _________________ http://www.desertsol.com/~kevin/ppc |
|
Back to top |
|
|
dju` Retired Dev
Joined: 11 Feb 2003 Posts: 370
|
Posted: Tue Sep 30, 2003 5:50 pm Post subject: hello |
|
|
i tried to run my own ntpd server for my lan, but it seems it can't synch to ntp servers on the internet. look at what i get an hour after having launched ntp-client and ntpd :
Code: | $ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
imag.imag.fr 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
dns.univ-lyon1. 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
ntp.unilim.fr 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
imag.imag.fr 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
ntp.internet-fr 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
soleil.uvsq.fr 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00 |
Code: | $ ntptrace
localhost: stratum 16, offset 0.000052, synch distance 0.00539
0.0.0.0: *Not Synchronized* |
here is my ntp.conf :
Code: | server ntp.imag.fr
server ntp.univ-lyon1.fr
server ntp.unilim.fr
server ntp.imag.fr
server ntp.internet-fr.net
server ntp.uvsq.fr
logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
restrict default ignore
restrict 127.0.0.1
restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap |
what's wrong with that ? |
|
Back to top |
|
|
zojas Veteran
Joined: 22 Apr 2002 Posts: 1138 Location: Phoenix, AZ
|
Posted: Tue Sep 30, 2003 5:59 pm Post subject: |
|
|
probably your 'restrict' lines?
I don't use 'restrict', I just rely on my firewall, I should probably look into it though _________________ http://www.desertsol.com/~kevin/ppc |
|
Back to top |
|
|
dju` Retired Dev
Joined: 11 Feb 2003 Posts: 370
|
Posted: Tue Sep 30, 2003 6:15 pm Post subject: |
|
|
that was it, thanks. i'll have a deeper look at the restrict option. |
|
Back to top |
|
|
dju` Retired Dev
Joined: 11 Feb 2003 Posts: 370
|
Posted: Tue Sep 30, 2003 8:42 pm Post subject: |
|
|
some news about restrict:
here is my config for my local ntp server (192.168.0.1 on my 192.168.0 network), it is currently working.
Code: | # allow all from localhost
restrict 127.0.0.1
# allow synchronisation from the lan
restrict 192.168.0.0 mask 255.255.255.0 notrust nopeer notrap noquery
# allow public servers we are synchronizing to to send information
# ntp packets (modes 6 and 7)
# it seems this is needed for sync to work!
#
# restrict public_ntp_server_ip noserve nomodify # a public ntp server
# examples i use :
restrict 164.81.11.1 noserve nomodify # ntp.unilim.fr
restrict 129.88.30.1 noserve nomodify # ntp.imag.fr
restrict 212.37.192.31 noserve nomodify # ntp.internet-fr.net
restrict 193.51.24.1 noserve nomodify # ntp.uvsq.fr
# ignoring the rest
restrict default ignore
|
the public_ntp_server_ip are the ip adresses of the public servers you try to sync to, there should be a restrict line per server line.
almost the same thing for the others hosts on my lan, that sync to my ntp server :
Code: | restrict 127.0.0.1
restrict 192.168.0.1 noserve nomodify # my ntp server
restrict default ignore |
i hope this will help. |
|
Back to top |
|
|
meowsqueak Veteran
Joined: 26 Aug 2003 Posts: 1549 Location: New Zealand
|
Posted: Tue Sep 30, 2003 9:23 pm Post subject: |
|
|
Thanks carlos123 - this seems to be working perfectly for me. Perhaps you could update your original post to include the ntp-client info and rc-update-ing ntp-client and ntpd. |
|
Back to top |
|
|
Kirigoe Tux's lil' helper
Joined: 10 Jan 2003 Posts: 147 Location: concrete hut, sweden
|
|
Back to top |
|
|
k12linux n00b
Joined: 17 Oct 2003 Posts: 18
|
Posted: Sat Jan 17, 2004 2:25 am Post subject: |
|
|
tovrstra wrote: | 1) Why should /etc/init.d/ntp-client be started first. It only starts ${NTPCLIENT_CMD} >/dev/null ${NTPCLIENT_OPTS}. In my case NTPCLIENT_CMD="ntpdate" and NTPCLIENT_OPTS="-b ntp.telenet.be" After that I start /etc/init.d/ntpd and everything works fine. |
If for some reason your clock is way off at boot, ntpdate will force it to the correct time. The reason you might want to do this is that ntpd (depending on it's config) will refuse to adjust your clock if it is too far from "actual" time. |
|
Back to top |
|
|
carlos123 Guru
Joined: 12 Feb 2003 Posts: 536 Location: Alberta, Canada.
|
Posted: Sat Jan 17, 2004 4:22 am Post subject: |
|
|
Just so everyone knows I am going on an extended business trip that will take 6 months to a year and will not have the ability to update this FAQ item the way it deserves to be. For a few months at least I will not have my own computer or Internet connection.
So if someone could take over the upkeep of this FAQ item I would appreciate it. Let me know if I need to do anything in terms of making it possible for someone else to keep these instructions up to date.
Thanks.
Carlos (author of the instructions at the top of this thread). |
|
Back to top |
|
|
jshaw523 n00b
Joined: 29 Dec 2003 Posts: 12 Location: Columbus, OH
|
Posted: Tue Jan 20, 2004 2:47 pm Post subject: |
|
|
You can do a netstat -ta to make sure your time server, if running at all, isn't availible to the outside world. For instance, on my machine it is there but bound only to localhost, not to * which would mean it was bout to my external IP as well. |
|
Back to top |
|
|
Woollyfoot n00b
Joined: 01 Jul 2003 Posts: 16 Location: Nottingham, UK
|
Posted: Tue Jan 20, 2004 5:51 pm Post subject: |
|
|
I think you mean
since ntp uses udp, not tcp. |
|
Back to top |
|
|
angelacb n00b
Joined: 31 Oct 2003 Posts: 50
|
Posted: Thu Jan 22, 2004 1:18 am Post subject: |
|
|
dJu` wrote: | some news about restrict:
here is my config for my local ntp server (192.168.0.1 on my 192.168.0 network), it is currently working.
Code: | # allow all from localhost
restrict 127.0.0.1
# allow synchronisation from the lan
restrict 192.168.0.0 mask 255.255.255.0 notrust nopeer notrap noquery
# allow public servers we are synchronizing to to send information
# ntp packets (modes 6 and 7)
# it seems this is needed for sync to work!
#
# restrict public_ntp_server_ip noserve nomodify # a public ntp server
# examples i use :
restrict 164.81.11.1 noserve nomodify # ntp.unilim.fr
restrict 129.88.30.1 noserve nomodify # ntp.imag.fr
restrict 212.37.192.31 noserve nomodify # ntp.internet-fr.net
restrict 193.51.24.1 noserve nomodify # ntp.uvsq.fr
# ignoring the rest
restrict default ignore
|
the public_ntp_server_ip are the ip adresses of the public servers you try to sync to, there should be a restrict line per server line.
almost the same thing for the others hosts on my lan, that sync to my ntp server :
Code: | restrict 127.0.0.1
restrict 192.168.0.1 noserve nomodify # my ntp server
restrict default ignore |
i hope this will help. |
Hi, for this setup, does it require me to open ports 123 for the servers:
Quote: | restrict 164.81.11.1 noserve nomodify # ntp.unilim.fr
restrict 129.88.30.1 noserve nomodify # ntp.imag.fr
restrict 212.37.192.31 noserve nomodify # ntp.internet-fr.net
restrict 193.51.24.1 noserve nomodify # ntp.uvsq.fr |
Or does UDP/TCP ports on 123 only used by my local NTP clients trying to sync with my ntpd server and my ntpd syncing Stratum 2 servers doesn't require any specific ports to be open on the firewall?
Best Regards, _________________ Love Linux, Love Life |
|
Back to top |
|
|
uglyman Apprentice
Joined: 21 Apr 2002 Posts: 216 Location: Seattle, WA USA
|
Posted: Sun Jan 25, 2004 10:00 pm Post subject: thanks |
|
|
thanks everybody. It took me a couple of tries, but I got this all working now!
as for the previous question, I did not have to forward any ports on my router to get this working. I think you would only have to if you run your own ntp server for machines outside your LAN. I am no networking wizard though.
thanks again!
uglyman |
|
Back to top |
|
|
sgtrock Tux's lil' helper
Joined: 21 Feb 2003 Posts: 87
|
Posted: Fri Feb 06, 2004 5:01 pm Post subject: |
|
|
Hi, all.
One timekeeping requirement that I haven't seen identified yet has to do with limited Internet connectivity. I'm on an ISDN line at home that has generous but not unlimited metered usage. In addition, my personal requirements are such that I can easily ignore as much as a minute difference between my systems and the authoritative ones.
I've got a couple of desktops running Gentoo, a laptop running Debian, and a server that I'm planning to build as Gentoo.
Ideally, what I'd like to do is set up my timekeeping on my server to only request an update once a day. I would then use that server to update the rest of my subnet. Until I get the server up, I'm OK with setting up each PC to check once a day.
Unfortunately, I can't figure out from the Gentoo docs or the manpages how to do that. I thought about just setting up a cron job to run it. Two issues, though. I'm struggling with what the command should look like. Should I call /etc/init.d/ntpd and tweak /etc/conf.d/ntpd.conf to run '-q'? Several guys have stated that using ntp -q frequently isn't the right approach due to the extra traffic it creates. Should I do something else?
Or am I looking at the wrong files completely?
Also, I'm lucky in that my ISP does an excellent job of supplying network resources. They have a DNS round robin set up between 3 different local timeservers. Their three timeservers are getting their time from I think 5 different global servers. Since my needs don't require super tight timekeeping, I plan to use just the DNS entry for my timeserver; ntp.visi.com (only available to Visi customers, btw). Does anyone see a major issue with that?
TIA,
SgtRock |
|
Back to top |
|
|
shadow303 Tux's lil' helper
Joined: 19 Apr 2002 Posts: 101
|
Posted: Fri Feb 27, 2004 8:29 pm Post subject: |
|
|
I believe that you should just set the minpoll and maxpoll options on the server and otherwise run everything normally. I have never tried using this before, but I believe that for what you want, you set:
minpoll 17
maxpoll 17
The seventeen indicates and interval of 2^17 seconds (36.4 hours). Using a 16 would bring it down to 18.2 hours. I got the info from http://www.gsp.com/cgi-bin/man.cgi?section=5&topic=ntp.conf so you might want to check there. |
|
Back to top |
|
|
kamagurka Veteran
Joined: 25 Jan 2004 Posts: 1026 Location: /germany/munich
|
Posted: Tue Mar 23, 2004 2:26 pm Post subject: |
|
|
for some reason this doesnt work for me. there should really be no problems, as i'm not on a network or have a firewall. when i try ntpd -q it hangs there for indefinite time until i kill it. if i try ntpdate he exits at once with "no servers can be used, exiting".
i have already scoured multiple threads on this and usually its pretty confusing; as far as i can tell ive done everything correctly. heres my ntp.conf:
Code: |
# Name of the servers ntpd should sync with
# Please respect the access policy as stated by the responsible person.
server ntp.tuxfamily.net
server tick.keso.fi
server ntp.ndsoftwarenet.com
#local backup:
fudge 127.127.1.0 stratum 3
server 127.127.1.0
# you should not need to modify the following paths
logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
# If you want to deny all machines (including your own)
# from accessing the NTP server, uncomment:
#
restrict default ignore
restrict 127.0.0.1
|
_________________ If you loved me, you'd all kill yourselves today.
--Spider Jerusalem, the Word |
|
Back to top |
|
|
mbjr Guru
Joined: 17 Jan 2004 Posts: 531 Location: Budapest/Hungary
|
Posted: Mon Mar 29, 2004 12:36 am Post subject: listen :-) |
|
|
Is there any way to tell ntpd to listen on 1 ip address only? I was checking the manuals and well, no info on that. _________________ mb |
|
Back to top |
|
|
BlindSpy Apprentice
Joined: 20 Mar 2004 Posts: 263
|
Posted: Sun Apr 04, 2004 3:21 am Post subject: |
|
|
I've been looking around so much and reading sooo many lengthy guides on how to do this with no success. I wish I would have looked here first because it worked perfectly and only took a few minutes! thanks a lot for the great guide! |
|
Back to top |
|
|
mbjr Guru
Joined: 17 Jan 2004 Posts: 531 Location: Budapest/Hungary
|
Posted: Sun Apr 04, 2004 8:48 am Post subject: |
|
|
Yes, the guide is perfect, thank you Carlos! _________________ mb |
|
Back to top |
|
|
mbjr Guru
Joined: 17 Jan 2004 Posts: 531 Location: Budapest/Hungary
|
Posted: Sun Apr 04, 2004 9:29 am Post subject: Re: Time synchronization with ntp daemon. |
|
|
Let me do a quick hungarian translation for this howto I'd really appreciate if Gentoo admins decide to make these instructions available for the big-public (post in on gentoo.org's System Administration Documentation section)
GYORS INDÍTÁSI INSTRUKCIÓK NTPD FUTTATÁSÁHOZ
A következõ instrukciók vérgehajtása során az ntpd program települni fog. Sikeres végrehejtás esetén az ntpd folyamatosan karban tartja majd a rendszeridõt. Ez annyit jelent, a számítógép rendszeridejét szinkronizálja az idõ-szerverek idejével, interneten keresztül.
- # emerge ntp
- # cp /usr/share/ntp/ntp.conf /etc/ntp.conf
- Keress három idõszervert a ezen
az oldalon. Megjegyzés: NE használj Stratum 1 kiszolgálót, csak ha erre jogosult vagy! Legalább három idõszerver használata némi biztonságot jelent arra nézve, hogy az idõ biztosan szinkronizálódik, ha egy vagy több kiszolgáló nem elérhetõ.
- # nano /etc/ntp.conf
Megjegyzés: vagy használhatsz bármilyen más szerkerztõt, mint pl. a vi, vim, emacs, stb.
- Vedd fel a "server <idõszerver_domain_név>" sorokat minden idõszerverhez, melyeket korábban kiválatsztottál.
Megjegyzés: NE add hozzá az "iburst"-t ezekhez a sorokhoz, ha folyamatos internet-kapcsolattal rendelkezel, mint pl az ADSL, kábel, és a legpontosabb szinkronizációt szeretnéd! Ellenkezõ esetben az idõ kb óránként egyszer frissül, egy löketben (burst). Az "iburst" inkább azoknak való, akiknek külön el kell indítani és utánna leállítani az internet-kapcsolatot, mint pl a betárcsázás (dial-up).
- # nano /etc/conf.d/ntpd
- Uncommentáld az NTPDATE_CMD="ntpdate" sort.
- Uncommentáld az NTPDATE_OPTS="-b someserver" sort.
- Írd át a "someserver" szót az általad választott idõszerverek egyikének domain nevére.
Megjegyzés: Egyenlõre nem tudom, hogy hogyan lehet ide több szervert is felvenni.
- # /etc/init.d/ntpd start
- # rc-update add ntpd default
- Ellenõrízd, hogy az idõt a kövekezõn keresztül sikerült frissíteni:
http://tycho.usno.navy.mil/cgi-bin/timer.pl (csak az Észak-Amerikai régióra érvényes - használd a http://www.worldtimeserver.com/-ot nemzetközi idõk megszerzéséhez).
- Ellenõrízd, hogy az idõszerverekhez sikeres a hozzáférés az "ntpq -p" parancs megadásával egy parancssorban. Látnod kell a hozzáféréseket a szerverekhez a kimenetben.
Az errõl szóló beszélgetéseket a https://forums.gentoo.org/viewtopic.php?p=240688#240688 oldalon találod.
Köszönet fórum tagjának, cederbergnek, aki eredetileg az ötletet adta jelen instrukciók elkészítéséhez.
Ha kikapcsolod a számítógéped és utánna megint be, és az idõ frissítésére egy jó ideig nem kerül sor, akkor elõfordulhat, hogy az ntpd addig nem hajlandó futni, amíg manuálisan újra nem állítod az idõt. Ezt a következõképpen teheted meg:
- # /etc/init.d/ntpd stop
Megjegyzés: csak azért, hogy minden ami esetleg az ntpd-t használja, vegye tudomásul, hogy most stop van.
- Állítsd be az idõt manuálisan!
- # /etc/init.d/ntpd start
Megjegyzés: mindent újraindítasz, hogy az ntpd újra mûködõképes legyen.
Ha a fenti instrukciók nem mûködnek, akkor nézz bele az ntpd naplóállományba (/var/log/ntpd.log) bõvebb betekintést nyerve ezzel a lehetséges okokba.
Néhány egyéb megjegyzés:
az ntp egy protocol. az ntpd egy daemon, ami egyben ntp-szerver (idõt szolgáltat), és egy ntp-kliens (idõt szinkronizál). Az ntp szerver nem túl hasznos, ha nem külsõ helyrõl szerzi az idõt. Gentoo alatt "emerge ntp" telepíti az ntpd-t-
Ha pontatlanságokat találsz jelen instrukciókban, kérlek küldj nekem egy email értesítést, hogy felkutassam és megvizsgáljam az instrukciókat. Minden e-mailre válaszolok, még ha pár napig eltart is.
A privát email küldése segít megakadályozni, hogy aki jelen szálat olvassa, összezavarodjon a külömbözõ megjegyzésektõl.
Email küldéséhez csak nyomd meg a "pm" gombot a szál alján!
Ha jelen instrukciók segítségedre voltak, örömmel hallanék arról is.
Köszönettel:
Carlos
UI: Ha meglepõdsz azon, hogy hány alkalommal szerkesztettem jelen instrukciókat, akkor tudomásodra hozom, hogy ez a legegyszerûbb és legjobban érthetõ magyarázatok és megjegyzések keresésének tudható be, nem pedig annak, hogy az alap-instrukciók tele voltak hibákkal.
[/quote]
So how about this? ) Please feel free to take this translation based on the instructions by Carlos. This one was made to make the opensource community more happy _________________ mb |
|
Back to top |
|
|
nianderson Guru
Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Wed Apr 07, 2004 4:29 pm Post subject: Re: Time synchronization with ntp daemon. |
|
|
carlos123 wrote: |
[*] # nano /etc/conf.d/ntpd
[*] Uncomment the NTPDATE_CMD="ntpdate" line.
[*] Uncomment the NTPDATE_OPTS="-b someserver" line.
[*] Replace "someserver" with the domain name of one of the three servers you chose.
Note: I am not yet sure how to add multiple servers to this line.
|
i think in the new ebuilds this is in /etc/conf.d/ntp-client |
|
Back to top |
|
|
mbjr Guru
Joined: 17 Jan 2004 Posts: 531 Location: Budapest/Hungary
|
Posted: Wed Apr 07, 2004 10:12 pm Post subject: |
|
|
yes, you're right, we have to get Carlos to make some modifications (update) ) But after all, its a great start-guide to ntp _________________ mb |
|
Back to top |
|
|
nianderson Guru
Joined: 06 May 2003 Posts: 369 Location: Lawrence, KS
|
Posted: Wed Apr 07, 2004 10:20 pm Post subject: |
|
|
yeh just the noobs would be lost there
but it is a great guide |
|
Back to top |
|
|
mbjr Guru
Joined: 17 Jan 2004 Posts: 531 Location: Budapest/Hungary
|
Posted: Wed Apr 07, 2004 10:21 pm Post subject: |
|
|
Hey ) Help the noobs, get Carlos _________________ mb |
|
Back to top |
|
|
Andersson Guru
Joined: 12 Jul 2003 Posts: 525 Location: Göteborg, Sweden
|
Posted: Wed Apr 14, 2004 8:50 pm Post subject: |
|
|
carlos123 wrote: | Just so everyone knows I am going on an extended business trip that will take 6 months to a year and will not have the ability to update this FAQ item the way it deserves to be. For a few months at least I will not have my own computer or Internet connection.
So if someone could take over the upkeep of this FAQ item I would appreciate it. Let me know if I need to do anything in terms of making it possible for someone else to keep these instructions up to date.
Thanks.
Carlos (author of the instructions at the top of this thread). |
Since carlos123 asked to be relieved of the responsibility of updating this guide, how about merging with the other ntp thread?
edit: On the other hand, completely rewriting the first post of the other thread to include this guide will make the rest of the thread very difficult to read. If anything, that thread should merge to this, we have the guide!
Oh well, I read through this thread (and the other) and tried to get all changes to the original list. Here's the updated version (I hope new readers in the thread find it here)... It should include most of the corrections in this thread, but I haven't tested it to see that it works. Find an error and correct it please.
changelog:
removed cp /usr/share/ntp/ntp.conf /etc/ntp.conf, no longer needed.
added uncomment the "restrict" line that matches your situation.
replaced nano /etc/conf.d/ntpd with nano /etc/conf.d/ntp-client in #6.
removed Uncomment the NTPDATE_CMD="ntpdate" line, no longer needed.
added open up for udp on port 123.
carlos123 wrote: |
- # emerge ntp
- Find three timeservers from here.
Note: do NOT use a Stratum 1 server unless you are authorized to do so! Using at least three time servers will ensure that your time gets updated if any one or more of the three is not available at any one point in time.
- # nano /etc/ntp.conf
Note: or use any other editor like vi, vim, emacs, etc..
- Add "server <your_timeserver_domain_name>" on a seperate line for each of the three time servers you chose earlier.
Note: do NOT add "iburst" to these lines if you have an always on connection to the Internet like ADSL or cable if you want the most accurate time synchronization. Otherwise the time will only be updated about once an hour in a burst. "iburst" is really more for those whose internet connection will generally be getting started and stopped such as with dial-up.
- # uncomment the "restrict" line that matches your situation. Look at the comments.
- # nano /etc/conf.d/ntp-client
- Uncomment the NTPDATE_OPTS="-b someserver" line.
- Replace "someserver" with the domain name of one of the three servers you chose.
Note: I am not yet sure how to add multiple servers to this line.
- # If you're using a firewall, open up for udp on port 123.
- # /etc/init.d/ntp-client start
- # /etc/init.d/ntpd start
- # rc-update add ntp-client default
- # rc-update add ntpd default
- Verify that correct time was set by going to
http://tycho.usno.navy.mil/cgi-bin/timer.pl (for North American time zones only - use http://www.worldtimeserver.com/ to get International time zones).
- Verify that the time servers are being accessed by typing "ntpq -p" at the command prompt. You should see the time servers being contacted as output.
|
|
|
Back to top |
|
|
|