| View previous topic :: View next topic |
| Author |
Message |
jonny5
n00b
Joined: 01 May 2002
Posts: 18
Location: USA
|
 Posted: Fri Apr 16, 2004 1:06 am Post subject: |
 |
|
Thank you for the help. Worked perfectly.
_________________
Jonny5
Dell Optiplex GX260
Love-Sources 2.6.5-love5
nova-labs
mid-west massive
^_^ |
|
| Back to top |
|
 |
rfr7310
n00b
Joined: 17 Apr 2004
Posts: 2
|
| Posted: Sat Apr 17, 2004 6:09 am Post subject: ntp-client Start Error |
|
|
As part of a world update, I upgraded NTP to version 4.2.0-r2. When the /etc/init.d/ntp-client start command is executed, I get the following error:
| Code: | * Setting clock via the ntp client 'ntpdate'...
17 Apr 01:18:22 ntpdate[18246]: cannot find family compatible socket to send ntp packet
* Failed to set clock [ !! ] |
I have set the ntp-client program to run at boot time and the same error occurs (though the number in the brackets is different). Here is what I have turned up in the various logs on my system:
(1) dmesg => nothing
(2) /var/log/messages =>
Apr 16 07:52:07 manderley grsec: time set by (ntpdate:28761) UID(0) EUID(0), parent (rc:1604) UID(0) EUID(0)
Apr 16 19:21:28 manderley grsec: time set by (ntpdate:15938) UID(0) EUID(0), parent (rc:29605) UID(0) EUID(0)
Apr 16 22:19:21 manderley grsec: time set by (ntpdate:29810) UID(0) EUID(0), parent (bash:24169) UID(0) EUID(0)
Apr 16 23:55:50 manderley rc-scripts: Please edit /etc/conf.d/ntp-client
(3) /var/log/ntpd.log => does not exist
I am using the 2.4.25-gentoo-r1 kernel sources. I am also using DHCP to obtain an IP address, and my system (Dell DImension 4100) has a 3Com 3C905TX NIC. My system sits behind a Linksys Cable/DSL Router. (I was able to successfully synchronize before upgrading NTP.)
Here are my config files as they currently stand (comments have been stripped for brevity):
(1) /etc/ntp.conf
| Code: | server ntp0.cornell.edu prefer
server sundial.columbia.edu
server reva.sixgirls.org
logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
restrict default nomodify
restrict 127.0.0.1 |
(2) /etc/conf.d/ntp-client
| Code: | NTPCLIENT_CMD="ntpdate"
NTPCLIENT_OPTS="-b ntp0.cornell.edu sundial.columbia.edu reva.sixgirls.org" |
(3) /etc/conf.d/ntpd
| Code: | | NTPD_OPTS="-u ntp:ntp" |
All I want to do is have my system clock synchronized at startup (I do not have a need for a NTP server at this point). I have looked through Bugzilla, the forums, and ntp.org to no further avail. Any help you can give would be greatly appreciated. |
|
| Back to top |
|
|
mattmm
Tux's lil' helper
Joined: 27 Feb 2004
Posts: 79
|
| Posted: Tue Apr 20, 2004 8:09 pm Post subject: |
|
|
I'm having the same problem as rfr7310 
unfortunatley these tips dont work for the 4.2 version. Or at least not for me... |
|
| Back to top |
|
|
jjasghar
Guru
Joined: 07 Mar 2004
Posts: 342
Location: $HOME=/usa/tx/austin
|
| Posted: Tue Apr 27, 2004 11:11 pm Post subject: |
|
|
| Code: |
tito etc # /etc/init.d/ntpd start
* Starting ntpd...
usage: /usr/bin/ntpd [ -abdgmnqx ] [ -c config_file ] [ -e e_delay ]
[ -f freq_file ] [ -k key_file ] [ -l log_file ]
[ -p pid_file ] [ -r broad_delay ] [ -s statdir ]
[ -t trust_key ] [ -v sys_var ] [ -V default_sysvar ]
[ -P fixed_process_priority ]
[ -u user[:group] ] [ -i chrootdir ]
* Failed to start ntpd [ !! ]
|
i get this error trying to start ntp any ideas?
_________________
#include <LinuxUser #324070>
main()
{
printf("and i'm sorry my spellign sucs.");
} |
|
| Back to top |
|
|
kozmic
n00b
Joined: 29 Oct 2002
Posts: 33
|
| Posted: Thu May 06, 2004 1:29 am Post subject: |
|
|
| Quote: |
ntpdate[18246]: cannot find family compatible socket to send ntp packet
|
I get that error too while trying to sync against ntpd's that worked before a new version of ntpd/ntp-client came in portage.. is it borked? |
|
| Back to top |
|
|
Andersson
Guru
Joined: 12 Jul 2003
Posts: 525
Location: Göteborg, Sweden
|
| Posted: Thu May 06, 2004 2:57 am Post subject: |
|
|
| I'm using ntp-4.2.0-r2, it works just like before. I just had to re-enter a server in /etc/conf.d/ntp-client after etc-update. |
|
| Back to top |
|
|
rfr7310
n00b
Joined: 17 Apr 2004
Posts: 2
|
| Posted: Fri May 07, 2004 1:15 am Post subject: ntp-client Start Error Resovled |
|
|
Thanks for the tip, Andersson! I looked at the NTPCLIENT_OPTS line in my /etc/conf.d/ntp-client file and removed the two extra servers I had in there (now there's only one server). It works like a charm! So much for backup servers. 
| Code: | NTPCLIENT_CMD="ntpdate"
NTPCLIENT_OPTS="-b ntp0.cornell.edu" |
|
|
| Back to top |
|
|
stripe
n00b
Joined: 04 Jan 2004
Posts: 72
Location: Prague
|
| Posted: Sat May 08, 2004 7:50 pm Post subject: |
|
|
Just upgraded to 4.2.0-r2 daemon, read the forums about the "notrust noserve" implementation and NTP seems to be working, just I am not clear about the log. Can anybody tell me what does NTP mean by the log string? Please let me know, there's nothing useful out there on the net. Thanks...
my config
| Code: |
logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
server 81.95.96.33 prefer
server 195.113.144.201
server 217.11.227.68
restrict 81.95.96.33 nomodify
restrict 195.113.144.201 nomodify
restrict 217.11.227.68 nomodify
restrict 127.0.0.1
restrict 10.19.1.44 nomodify
restrict 10.19.6.1 nomodify
|
my log - the unkown string
| Code: |
7 May 22:42:56 ntpd[30326]: frequency initialized 111.062 PPM from /var/lib/ntp/ntp.drift
7 May 22:43:03 ntpd[20559]: sendto(217.11.227.68): Bad file descriptor
7 May 22:43:05 ntpd[20559]: sendto(81.95.96.3): Bad file descriptor
7 May 22:47:43 ntpd[30326]: ntpd exiting on signal 15
7 May 22:47:44 ntpd[30577]: frequency initialized 111.062 PPM from /var/lib/ntp/ntp.drift
7 May 22:47:44 ntpd[30577]: getaddrinfo: "195.113..144.201" invalid host address, line ignored
7 May 22:48:09 ntpd[30577]: ntpd exiting on signal 15
7 May 22:48:11 ntpd[30674]: frequency initialized 111.062 PPM from /var/lib/ntp/ntp.drift
7 May 22:56:50 ntpd[30674]: synchronized to 217.11.227.68, stratum=2
7 May 22:56:52 ntpd[30674]: synchronized to 195.113.144.201, stratum=1
7 May 22:56:52 ntpd[30674]: time reset -0.174600 s
7 May 22:56:52 ntpd[30674]: kernel time sync disabled 0041
7 May 22:59:56 ntpd[20559]: sendto(195.113.144.201): Bad file descriptor
8 May 17:12:47 ntpd[20559]: sendto(217.11.227.68): Bad file descriptor
8 May 17:12:55 ntpd[20559]: sendto(81.95.96.3): Bad file descriptor
8 May 17:12:56 ntpd[20559]: sendto(195.113.144.201): Bad file descriptor
8 May 17:29:53 ntpd[20559]: sendto(217.11.227.68): Bad file descriptor
8 May 17:30:00 ntpd[20559]: sendto(81.95.96.3): Bad file descriptor
8 May 17:30:00 ntpd[20559]: sendto(195.113.144.201): Bad file descriptor
8 May 17:46:57 ntpd[20559]: sendto(217.11.227.68): Bad file descriptor
8 May 17:47:03 ntpd[20559]: sendto(81.95.96.3): Bad file descriptor
8 May 17:47:06 ntpd[20559]: sendto(195.113.144.201): Bad file descriptor
8 May 18:04:01 ntpd[20559]: sendto(217.11.227.68): Bad file descriptor
8 May 18:04:06 ntpd[20559]: sendto(81.95.96.3): Bad file descriptor
|
_________________
Sick of computers? Well, Czech girls and beer solve it! Trust me  |
|
| Back to top |
|
|
Garth
n00b
Joined: 21 Jan 2004
Posts: 35
Location: Michigan
|
| Posted: Sun May 09, 2004 3:35 am Post subject: |
|
|
Stripe, et. al.
I found this morning that I had the same crazy log messages. I spent the better part of 4 hours trying to figure it out, and in the process really messed up my time server. After I finally had my server getting good time and the two clients getting good time off the server I left because my brain was fried! (went looking for beer and czech women, alas, found neither) I din't see any funny log messages either. But, I just basically ran the dumb thing with no restrict flags (I am behind a firewall anyway).
Not sure what my machines are up to now, but I'll find out Monday morning if I'm back to the crazy log messages.
Anyway, I want to also pass along this tidbit that goes against what the comments say in the default ntp.conf file.
The restrict flag notrust means "Deny service unless the packet is cryptographically authenticated." This comes right from Access Control in the NTP Documentation. Therefore, If you are not using the authentication keys provided in ntpd (who does) then DO NOT put "notrust" on the line that allows your subnet client to access your time server!
Also, maybe this will help some understand the "restrict' statements.
- All incoming packets addresses will be compared to your list of restrict statements.
- The restrict statement that produces a value closest to 255.255.255.255 is the statement that will be used.
- The restrict statement always uses a default mask of 255.255.255.255 unless you specify one.
- "restrict" with an address and no flags will allow complete unfettered access to your time server from that address.
- No restrict statements at all allows complete, unfettered access to your time server from anyone on your LAN or the Internet!
Illustrating:
"restrict default ignore" -- the string "default" has special meaning: it uses address 0.0.0.0 and mask of 0.0.0.0. If this is your only restrict statement, all address will match this and be ignored, including the time servers you specified in the top of the file! No one will be able to communicate with your ntpd server!
"restrict 128.8.10.1 nomodify"
"restrict 192.35.82.50 nomodify" -- with no specified mask, ntpd applies the default mask of 255.255.255.255 to each of these address, therefore the only restriction applied to these two specific addresses is the "nomodify" option: "Deny ntpq and ntpdc queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted." This is the option you need to set up for each time server you are syncing to if you also have the above restrict line (default ignore)
"restrict 192.168.1.0 mask 255.255.255.0 nomodify" -- the expressed mask forces all the addresses on the subnet "192.168.1.x" to take only the same restriction as above.
"restrict 127.0.0.1" -- this allows no restrictions to the local machine. I would beware, however, that your server may allow itself to sync to it's own hardware clock. I'm not sure if this would difinately happen, but in my 3 hours of reading, I saw it mentioned somewhere.
For the complete, authoritative list of restrict flags and their descriptions, see Access Control in the NTP Documentation.
Anyway, hope this helps someone. I can think straight now. Now where's my beer?
_________________
Garth |
|
| Back to top |
|
|
stripe
n00b
Joined: 04 Jan 2004
Posts: 72
Location: Prague
|
| Posted: Sun May 09, 2004 9:35 am Post subject: |
|
|
wow, thanks a lot Garth for that "manual", It´s a fantastic flag description I was looking for a long time. Just I added a mask behind IPs and log is clean, finaly. Somehow I thought it´s resolving automaticaly, but it is not.
Well if you would like to taste a Czech beer and girl, well if you will pass trough Prague someday, just let me know, you´ll get some by me, about the girl I´m afraid it´s up to you to catch one  but I think it would not be a problem all of them are beautiful....
_________________
Sick of computers? Well, Czech girls and beer solve it! Trust me |
|
| Back to top |
|
|
Garth
n00b
Joined: 21 Jan 2004
Posts: 35
Location: Michigan
|
| Posted: Mon May 10, 2004 12:03 pm Post subject: |
|
|
Thanks stripe, I will remember that invite for the next time I am in Praha
Here is my working ntpd.conf file. I found that if you create all the restricts as shown, but do not allow localhost (restrict 127.0.0.1), then what happens when you type ntpq -pn is that your command line will just sit and do nothing. So dont forget that line!
| Code: |
# Name of the servers ntpd should sync with
server ntp-2.cso.uiuc.edu
server ntp1.kansas.net
server louie.udel.edu
# you should not need to modify the following paths
logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
# Warning: Using NO NTP restrict settings will leave your NTP
# server accessible to all hosts on the Internet.
# deny all machines from accessing the NTP server
restrict default ignore
# allow localhost, but don't sync to local harware clock
restrict 127.0.0.1 nopeer
# To allow machines within your network to synchronize
# their clocks with your server, but ensure they are
# not allowed to configure the server or used as peers
# to synchronize against
restrict 192.168.1.0 mask 255.255.255.0 nomodify nopeer
#allow access from the above time servers
restrict 130.126.24.44 nomodify
restrict 199.240.130.12 nomodify
restrict 128.4.40.12 nomodify
|
ntpq output from this machine:
| Code: |
garth_1 etc # ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp-2.gw.uiuc.e 128.174.38.133 2 u 16 64 37 26.509 -4.675 2.356
+triangle.kansas 128.252.19.1 2 u 11 512 37 34.356 -7.358 1.867
+louie.udel.edu 18.145.0.30 2 u 9 512 37 42.573 -1.062 2.183
|
ntpd.conf on clients:
| Code: |
server garth_1
logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
restrict default ignore
restrict 127.0.0.1 nopeer
restrict 192.168.1.219 nomodify
|
ntpq output from the client:
| Code: |
garth_2 root # ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*GARTH_1 ntp-2.gw.uiuc.e 3 u 9 64 17 0.215 -14.309 3.820
|
Also, for another great HOWTO to understand the "reach" keyword in your ntpq output, see this article in the Linux Journal: Understanding NTP Reachability Statistics
Party On!
_________________
Garth |
|
| Back to top |
|
|
rtwick
Tux's lil' helper
Joined: 27 Aug 2002
Posts: 138
Location: Philadelphia
|
| Posted: Tue May 11, 2004 1:25 pm Post subject: |
|
|
bump
_________________
-This Is A Signature |
|
| Back to top |
|
|
Andersson
Guru
Joined: 12 Jul 2003
Posts: 525
Location: Göteborg, Sweden
|
| Posted: Tue May 11, 2004 1:39 pm Post subject: |
|
|
Bump? You haven't even asked a question. |
|
| Back to top |
|
|
rtwick
Tux's lil' helper
Joined: 27 Aug 2002
Posts: 138
Location: Philadelphia
|
| Posted: Tue May 11, 2004 2:11 pm Post subject: |
|
|
| Andersson wrote: |
Bump? You haven't even asked a question. |
that's because I know I will need it frequently as I'm planning to move 3 machines form redhat to gentoo
_________________
-This Is A Signature |
|
| Back to top |
|
|
thekk
n00b
Joined: 28 Jan 2004
Posts: 11
|
| Posted: Thu May 13, 2004 12:21 am Post subject: |
|
|
Slightly off-topic, but I think it does belong here:
An initiative of several public NTP server adminsitrators has started, because some NTP servers were overloaded with requests for the correct time. Therefor, a project was started to spread the load more evenly over the participating servers. This is done through round-robin DNS (meaning: domainname lookups resolve to different IP's). On the projects website is a more extensive explanation (and an invitation to join the group, if you have a good NTP-server)
Anyway, what the point in this whole story is that you don't have to find out which servers are the best for you, but you can specify your servers using (only the top bit of the file):
| Code: |
# Server config
# Because of round robin DNS we get 3 different IP's
server pool.ntp.org
server pool.ntp.org
server pool.ntp.org
|
Greetings,
Thekk |
|
| Back to top |
|
|
Andersson
Guru
Joined: 12 Jul 2003
Posts: 525
Location: Göteborg, Sweden
|
| Posted: Thu May 13, 2004 10:45 am Post subject: |
|
|
Following the advice on using the restrict commands for the servers, this pool doesn't work. These lines:
| Garth wrote: | # deny all machines from accessing the NTP server
restrict default ignore
[...]
#allow access from the above time servers
restrict 130.126.24.44 nomodify
restrict 199.240.130.12 nomodify
restrict 128.4.40.12 nomodify |
I suppose I could add all the time servers in that project (I think it said there was 115 of them), but that would be a little too much work to keep track of when new ones are added all the time. Or I could allow access from any time server. But I think I'd rather stick with my hand picked servers and hope they're not under too much load.
On a side note, that ntp pool means ntp emerge could come with a working configuration.  |
|
| Back to top |
|
|
Garth
n00b
Joined: 21 Jan 2004
Posts: 35
Location: Michigan
|
| Posted: Thu May 13, 2004 1:27 pm Post subject: |
|
|
| Andersson wrote: | Following the advice on using the restrict commands for the servers, this pool doesn't work. These lines:
| Garth wrote: | # deny all machines from accessing the NTP server
restrict default ignore
[...]
#allow access from the above time servers
restrict 130.126.24.44 nomodify
restrict 199.240.130.12 nomodify
restrict 128.4.40.12 nomodify |
I suppose I could add all the time servers in that project (I think it said there was 115 of them), but that would be a little too much work to keep track of when new ones are added all the time. Or I could allow access from any time server. But I think I'd rather stick with my hand picked servers and hope they're not under too much load.
On a side note, that ntp pool means ntp emerge could come with a working configuration. |
Andersson, I was thinking the same thing. Noting in a previous post:
| NickDaFish wrote: | | EDIT: Discovered that the dispite what the docs listed above say you don't appear to be able to use DNS host names with restrict. Any one with any insite on why not please let me know. |
Most stratum 2 time server admins tell you not to key off their IP address since it could easily change, use the name instead. I was worried that my config might crap out over time if some or all of the servers changes their IP address and this was bugging me.
However, I just tried using the hostnames for my timeservers in my restrict statements and it works! However, on my system, at least, watch ntpq -p hangs, but simple ntpq -p prints good results. This may be due to some DNS resolve issues. I note also that if I give a ntpq -pn it gives me the proper IP addresses of the time servers.
So, yes, Anderson, if the pools are functional, the ebuild ntp.conf could set up a functional system right out of the box.
I'm sticking to my hand-picked servers for now, but if anyone has good success with the pool, post the results here.
 One big question about the pool configuration:
if you use: | Code: |
# Server config
# Because of round robin DNS we get 3 different IP's
server pool.ntp.org
server pool.ntp.org
server pool.ntp.org |
How do you know that: | Code: |
restrict pool.ntp.org nomodify
restrict pool.ntp.org nomodify
restrict pool.ntp.org nomodify |
Will produce the same 3 IP's  I see scripting ahead! 
_________________
Garth |
|
| Back to top |
|
|
cbr
Apprentice
Joined: 05 Jan 2004
Posts: 285
Location: Tallinn/Rakvere, Estonia
|
| Posted: Thu May 13, 2004 1:41 pm Post subject: |
|
|
| Code: | root@tux:/home/cbr# /etc/init.d/ntpd stop
* Stopping ntpd...
start-stop-daemon: warning: failed to kill 8143: No such process
1 pids were not killed
No process in pidfile `/var/run/ntpd.pid' found running; none killed.
* Failed to stop ntpd [ !! ]
root@tux:/home/cbr# /etc/init.d/ntpd start
* Starting ntpd... [ ok ]
root@tux:/home/cbr# ps -A | grep ntp
root@tux:/home/cbr# |
/etc/init.d/ntpd start doesnt start ntpd. When i start it manually without $NTPD_OPTS (which are '-u ntp:ntp'), it starts. What is the problem? |
|
| Back to top |
|
|
Garth
n00b
Joined: 21 Jan 2004
Posts: 35
Location: Michigan
|
| Posted: Thu May 13, 2004 1:57 pm Post subject: |
|
|
cbr, Check your /etc/passwd file, your should have a line as such: | Code: |
ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false |
also, in your /etc/group file:
If not, this may be the cause of the problem.
_________________
Garth |
|
| Back to top |
|
|
cbr
Apprentice
Joined: 05 Jan 2004
Posts: 285
Location: Tallinn/Rakvere, Estonia
|
| Posted: Thu May 13, 2004 6:48 pm Post subject: |
|
|
The /etc/group line is slightly different:
-edit- But i tryed to change it and it didnt give any difference. It has started doing that lately.. before that it worked great. |
|
| Back to top |
|
|
thekk
n00b
Joined: 28 Jan 2004
Posts: 11
|
| Posted: Fri May 14, 2004 11:59 am Post subject: |
|
|
| Garth wrote: | One big question about the pool configuration:
if you use: | Code: |
# Server config
# Because of round robin DNS we get 3 different IP's
server pool.ntp.org
server pool.ntp.org
server pool.ntp.org |
How do you know that: | Code: |
restrict pool.ntp.org nomodify
restrict pool.ntp.org nomodify
restrict pool.ntp.org nomodify |
Will produce the same 3 IP's I see scripting ahead! |
Yes, that was a problem that I struggled with. I solved it by denying NEW udp connections at the firewall from the internet to port 123 (ntp).
For the good order, here is my ntp.conf:
| Code: | #First specify log and driftfile:
logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
# Server config
# Because of round robin DNS we get 3 different IP's
server pool.ntp.org
server pool.ntp.org
server pool.ntp.org
# Restrict default acces, no ignore because then we block packets from
# the (unknown) servers, still some restrictions so we don't sync the
# internet servers with our hardware time.
restrict default nopeer noquery nomodify
# Now allow some access from lo, don't allow to sync with hardware clock
restrict 127.0.0.1 nopeer
# Allow requests from the local network:
restrict 10.0.0.0 mask 255.0.0.0 nomodify nopeer |
For a full list of access control options, click here.
Now, the internet is able to get time information from our server. Even though this gives almost no traffic, it is still a (very) small (especially because Gentoo by default runs it as a non-privileged user) security risk. Therefor we want to intercept packets requesting timeinfo from our server. This can be done by iptables, because even though UDP is a stateless protocol, it is possible to filter new requests using iptables. (I found that out here).
So, without further ado, a few rules from my iptables script:
| Code: | # NTP section
# eth0 is local network, eth1 is internet
# Allow questions to be asked to the time server from the local network.
iptables -A INPUT -i eth0 -p udp --dport ntp --sport ntp -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport ntp --sport ntp -j ACCEPT
# Disallow requests asking questions from the internet.
iptables -A INPUT -i eth1 -p udp --dport ntp --sport ntp -m state --state NEW -j DROP
# Allow questions to be asked to to the internet time servers.
iptables -A INPUT -i eth1 -p udp --dport ntp --sport ntp -j ACCEPT
iptables -A OUTPUT -o eth1 -p udp --dport ntp --sport ntp -j ACCEPT |
I hope this may help someone.
Greetings,
Thekk |
|
| Back to top |
|
|
meowsqueak
Veteran
Joined: 26 Aug 2003
Posts: 1549
Location: New Zealand
|
| Posted: Fri Jul 02, 2004 12:38 am Post subject: |
|
|
I have a problem - today I restarted ntpd (4.2.0-r2) and it stopped providing time to clients. You can't get any simpler than my setup:
/etc/ntp.conf
| Quote: | logfile /var/log/ntpd.log
driftfile /var/lib/ntp/ntp.drift
server ntp.iprolink.co.nz
server ntp.massey.ac.nz
server ntp.public.otago.ac.nz
server tk1.ihug.co.nz
server tk2.ihug.co.nz
server tk3.ihug.co.nz
server ntp2.sf-bay.org |
/etc/conf.d/ntp
| Quote: | | #NTPD_OPTS="-u ntp:ntp" |
| Code: | $ netstat -ua | grep ntp
udp 0 0 theoden.middle_eart:ntp *:*
udp 0 0 localhost:ntp *:*
udp 0 0 *:ntp *:* |
| Code: | $ ps aux | grep [n]tp
root 28847 0.0 0.6 3504 3504 ? SL 12:41 0:00 /usr/bin/ntpd -p /var/run/ntpd.pid
|
| Code: | # ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
amp-gw.compass. 203.167.224.60 2 u 2 64 1 54.006 -121.85 0.001
mu-relay1.masse 192.5.41.40 2 u 65 64 1 47.932 -112.30 0.001
orthanc.otago.a 130.217.76.79 3 u 1 64 3 62.903 -117.38 20.495
gen2.ihug.co.nz 130.217.76.34 2 u 63 64 1 28.494 -120.21 0.001
gen3.ihug.co.nz 130.217.76.49 2 u 62 64 1 43.594 -127.83 0.001
gen1.ihug.co.nz 130.217.76.34 2 u 61 64 1 29.626 -120.67 0.001
zorac.sf-bay.or 204.123.2.5 2 u 60 64 1 178.675 -117.72 0.001
|
Now if I try this on another machine (no firewall, direct LAN connection, was working before I restarted server today):
| Code: | # ntpdate theoden
Looking for host theoden and service ntp
host found : theoden
2 Jul 12:36:25 ntpdate[2502]: no server suitable for synchronization found
|
I have no 'restrict' lines, no iptables, nothing confusing or strange at all. I've tried rolling back to ntp-4.1.2 but that made no difference.
This was working earlier - what could possibly have changed? I've spent two hours on this now... anyone got any ideas?
(I also upgraded NTP on my Debian server recently and the exact same thing has happened there too - other machines on LAN cannot use it as a time server any more). |
|
| Back to top |
|
|
meowsqueak
Veteran
Joined: 26 Aug 2003
Posts: 1549
Location: New Zealand
|
| Posted: Fri Jul 02, 2004 1:58 am Post subject: |
|
|
| Ah ha! I went to lunch and when I came back it was working! It seems running '/etc/init.d/ntpd restart' locks clients out of the server for a while - perhaps until the time is in sync. That makes sense. And my debian box is working now too. Time cures all ills... |
|
| Back to top |
|
|
Quantumstate
Apprentice
Joined: 26 May 2004
Posts: 270
Location: Dallas
|
| Posted: Tue Jul 06, 2004 4:17 pm Post subject: Re: listen :-) |
|
|
I'd like to repeat this question. The fewer ports open, the better.
| mbjr wrote: | Is there any way to tell ntpd to listen on 1 ip address only? I was checking the manuals and well, no info on that.  |
|
|
| Back to top |
|
|
Quantumstate
Apprentice
Joined: 26 May 2004
Posts: 270
Location: Dallas
|
| Posted: Mon Jul 12, 2004 1:43 pm Post subject: |
|
|
| ^^ |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
