Ntp Client
Bruce McDonald
brucemcdonal at mindspring.com
Thu Feb 19 18:43:21 UTC 2004
Hello,
I appologise for the long post.
I have just spent a "fun" day yesterday trying to get ntpd to sync my clock
to a
timeserver, and have failed.
The only time it did work was when I started X, went to Main Menu Button =>
System Settings => Date & Time and specified a timeserver there.
Unfortunatly that only lets you use one server, I wanted to have several to
keep my clock honest.
A note to those who will suggest ntpdate and a cron job..... I really want
to use ntpd as my clock gains ~20 seconds a day (rough estimate).
I was unable to find any documentation that told me what to do properly. I
think I figured out what to do with the ntp.conf file, but I don't see any
traffic when I run tcpdump port ntp. Ntpq -p show my timeservers but none
are marked.
Ntpq -p:
remote refid st t when poll reach delay offset
jitter
==============================================================================
tick.usnogps.na 0.0.0.0 16 u - 64 0 0.000 0.000
4000.00
timekeeper.isi. 0.0.0.0 16 u - 64 0 0.000 0.000
4000.00
clock.redhat.co 0.0.0.0 16 u - 64 0 0.000 0.000
4000.00
clock2.redhat.c 0.0.0.0 16 u - 64 0 0.000 0.000
4000.00
This is what I have in my ntp.conf file:
(Is there anything wrong here?)
# Prohibit general access to this service.
restrict default ignore
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# --- OUR TIMESERVERS -----
# or remove the default restrict line
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap
noquery
# server mytrustedtimeserverip
# --- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
# server 127.127.1.0 # local clock
server navobs1.usnogps.navy.mil
server timekeeper.isi.edu
server clock.redhat.com
server clock2.redhat.com
server ntp1.linuxmedialabs.com
fudge 127.127.1.0 stratum 10
#
# Log file (added Feb 18, 2004)
#
logconfig all
logfile /var/log/xntpd
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift
broadcastdelay 0.008
#
# Authentication delay. If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate yes
#
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys /etc/ntp/keys
In case the firewall was blocking communication I added lines to allow ntp
to pass.
#Deny TCP and UDP packets to privileged ports
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 123 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp --dport 123 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp --dport 0:1023 -j DROP
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j DROP
Still no communication. Can anyone shed any light on how to get ntpd to
work properly as a client?
Thank you for your time.
Sincerely,
Bruce McDonald
More information about the Redhat-install-list
mailing list