time sync with ntp not working correctly? - solved

Götz Reinicke goetz.reinicke at filmakademie.de
Tue Feb 1 15:13:05 UTC 2005 

Hi,

I Think I found the missconfigured parts :-)! Thanks for pointing me 
into the right direction.

"notrust" and "restrict" where misconfigurred!

Now the clients have:

restrict IP mask 255.255.255.255 nomodify notrap noquery
server IP

The server:

restrict IP mask 255.255.255.0 notrust nomodify notrap
...

Regards

Götz Reinicke


John DeDourek wrote:
> Note the column called "reach".  On the server it has 377.
> That's the octal (base 8) representation of an 8-bit quantity.
> (377 = 11111111 binary).  Periodically a machine running ntp
> sends a time query to its configured servers.  When it gets a
> reply it shifts a 1 into the right of "reach"; no reply, it
> shifts a 0.  Thus on the server, the last eight queries to
> its servers got a reply: 11111111.  On the clients 00000000;
> that's obviously bad.  So the clients are not getting responses
> to their queries.
> 
> Two usual problems:
> -- Either the queries or the responses to the clients are not
>    getting through the network; most commonly firewall issues;
>    occasionally network problems like routing; check the latter
>    by ping.  The former requires an investigation of the firewall
>    setup
> -- Bad ntp configuration on the server (refusing to accept queries)
>    or on the clients (refusing to accept responses).  You
>    unfortunately didn't shows us the ntp configuration on the two
>    machines.  Most common problem is that the meaning of "restrict
>    notrust" changed between older and newer versions of ntp.  If
>    you are reading old guidlines, or have upgraded to the newer
>    ntp and used the configuration files from the old one, that
>    could be the problem.  Have a quick look at /etc/ntp.conf;
>    if the word "notrust" appears on any "restrict" lines, try
>    editing it out (saving a copy of the old configuration first).
>    If you just copied an old configuration file over the new one
>    after upgrading (and happened to save the original installed
>    configuration, which I highly recommend), a good procedure would
>    be to go back to the ntp.conf installed by the upgrade and edit
>    your own server lines in (making changes as appropriate).  In
>    any case, we would need to see the configuration files to
>    comment further.
> 
> 
> Götz Reinicke wrote:
> 
>> Hi,
>>
>> today I checked the time on some servers and found that they differ by 
>> a couple off minutes. Without teh ntpd running a "ntpdate gaugin" 
>> syncs the clock.
<...>

-- 
Götz Reinicke
IT Koordinator - IT OfficeNet

Tel. +49 (0) 7141 - 969 420
Fax  +49 (0) 7141 - 969 55 420
goetz.reinicke at filmakademie.de

Filmakademie Baden-Württemberg
Mathildenstr. 20
71638 Ludwigsburg
www.filmakademie.de

More information about the fedora-list mailing list