ntpd sync fails on boot

Craig White craigwhite at azapple.com
Fri Jan 9 23:38:23 UTC 2009 

On Fri, 2009-01-09 at 23:04 +0000, Mike -- EMAIL IGNORED wrote:
> On Fri, 09 Jan 2009 15:21:42 -0500, Todd Denniston wrote:
> 
> [...]
> > any ntpd messages in /var/log/messages during boot? If ntpd detects what
> > the problem is, it often gives a clue there.
> > 
> > do you see any messages on boot where network is being delayed?
> > 
> > Is it only the ntpdate failing or is ntpd also not finding hosts on
> > boot? if only ntpdate, then I would suspect the /etc/ntp/ntpservers or
> > /etc/ntp/step-tickers to have a bad name. if it is both ntpdate and ntpd
> > failing, then I would suspect some problem with DNS, but that usually
> > leaves traces in /var/log/messages.
> > 
> > --
> > Todd Denniston
> > Crane Division, Naval Surface Warfare Center (NSWC Crane) Harnessing the
> > Power of Technology for the Warfighter
> 
> Here are some excerpts from /var/log/messages:
> 
> This is a failure on boot:
> 
> Jan  9 17:30:24 mbrc32 automount[2112]: lookup_read_master: lookup
> (nisplus): couldn't locat nis+ table auto.master
> Jan  9 17:30:25 mbrc32 nscd: 2137 Access Vector Cache (AVC) started
> Jan  9 17:30:25 mbrc32 hpiod: 1.7.4a accepting connections at 2208...
> Jan  9 17:30:26 mbrc32 ntpdate[2223]: sendto(mbrc21): Operation not 
> permitted
> Jan  9 17:30:27 mbrc32 setroubleshoot:      SELinux is preventing the /
> usr/sbin/nscd from using potentially mislabeled files (/etc/hosts).      
> For complete SELinux messages. r
> un sealert -l d4747998-8ff4-4f42-8688-abbbb3671216
> Jan  9 17:30:27 mbrc32 ntpdate[2223]: sendto(mbrc21): Operation not 
> permitted
> Jan  9 17:30:29 mbrc32 last message repeated 2 times
> Jan  9 17:30:30 mbrc32 ntpdate[2223]: no server suitable for 
> synchronization found
> Jan  9 17:30:30 mbrc32 ntpd[2228]: ntpd 4.2.4p2 at 1.1495-o Thu Jun 21 
> 10:53:04 UTC 2007 (1)
> 
> 
> 
> Ihis is a successful command line restart of ntp:
> 
> Jan  9 17:31:34 mbrc32 setroubleshoot:      SELinux is preventing /usr/
> sbin/openvpn (openvpn_t) "write" to /etc/openvpn/openvpn-status.log 
> (openvpn_etc_t).      For complete SELinux messages. run sealert -l 
> c3e4092f-9526-45a2-9eaf-effe3284ee2c
> Jan  9 17:31:42 mbrc32 setroubleshoot:      SELinux is preventing the /
> usr/sbin/nscd from using potentially mislabeled files (/etc/hosts).      
> For complete SELinux messages. run sealert -l d4747998-8ff4-4f42-8688-
> abbbb3671216
> Jan  9 17:32:47 mbrc32 ntpd[2229]: ntpd exiting on signal 15
> Jan  9 17:32:47 mbrc32 ntpdate[3264]: step time server 192.168.9.21 
> offset 0.110985 sec
> Jan  9 17:32:47 mbrc32 ntpd[3266]: ntpd 4.2.4p2 at 1.1495-o Thu Jun 21 
> 10:53:04 UTC 2007 (1)
> Jan  9 17:32:47 mbrc32 ntpd[3267]: precision = 1.000 usec
> Jan  9 17:32:47 mbrc32 ntpd[3267]: Listening on interface #0 wildcard, 
> 0.0.0.0#123 Disabled
> 
> Could selinux be interfering even though
> /etc/selinux/config (comments removed):
> SELINUX=permissive
> SELINUXTYPE=targeted
> SETLOCALDEFS=0
> 
> When I first looked at messages per your suggestion, it looked
> like openvpn might be related to the problem.  I therefore
> changed /etc/init.d/openvpn so openvpn would start after ntpd.
> No difference.
----
1 - you're using mbrc32 in /etc/ntp/step-tickers but 192.168.9.21
in /etc/ntp.conf

2 - You really need to relabel your disk for selinux...

as root...
# fixfiles onboot
# shutdown now -r

Go to lunch...rebooting/relabeling could take a while

Craig

More information about the fedora-list mailing list