Ntp Client

Bruce McDonald brucemcdonal at mindspring.com
Thu Feb 19 18:43:21 UTC 2004 

Hello,

I appologise for the long post.

I have just spent a "fun" day yesterday trying to get ntpd to sync my clock
to a
timeserver, and have failed.

The only time it did work was when I started X, went to Main Menu Button =>
System Settings => Date & Time and specified a timeserver there. 
Unfortunatly that only lets you use one server, I wanted to have several to
keep my clock honest.

A note to those who will suggest ntpdate and a cron job..... I really want
to use ntpd as my clock gains ~20 seconds a day (rough estimate).

I was unable to find any documentation that told me what to do properly.  I
think I figured out what to do with the ntp.conf file, but I don't see any
traffic when I run tcpdump port ntp.  Ntpq -p show my timeservers but none
are marked.  

Ntpq -p:
     remote           refid      st t when poll reach   delay   offset 
jitter
==============================================================================
 tick.usnogps.na 0.0.0.0         16 u    -   64    0    0.000    0.000
4000.00
 timekeeper.isi. 0.0.0.0         16 u    -   64    0    0.000    0.000
4000.00
 clock.redhat.co 0.0.0.0         16 u    -   64    0    0.000    0.000
4000.00
 clock2.redhat.c 0.0.0.0         16 u    -   64    0    0.000    0.000
4000.00

This is what I have in my ntp.conf file:
(Is there anything wrong here?)

# Prohibit general access to this service.
restrict default ignore

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 


# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service.  Do not permit those systems to modify the
# configuration of this service.  Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap


# --- OUR TIMESERVERS ----- 
# or remove the default restrict line 
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap
noquery
# server mytrustedtimeserverip



# --- NTP MULTICASTCLIENT ---
#multicastclient            # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap



# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
# server    127.127.1.0    # local clock
server navobs1.usnogps.navy.mil 
server timekeeper.isi.edu 
server clock.redhat.com
server clock2.redhat.com 
server ntp1.linuxmedialabs.com 

fudge   127.127.1.0 stratum 10


#
# Log file (added Feb 18, 2004)
#
logconfig    all
logfile        /var/log/xntpd

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift
broadcastdelay    0.008

#
# Authentication delay.  If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate yes

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys        /etc/ntp/keys



In case the firewall was blocking communication I added lines to allow ntp
to pass.

#Deny TCP and UDP packets to privileged ports
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 123 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp --dport 123 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -p udp --dport 0:1023 -j DROP
$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j DROP

Still no communication.  Can anyone shed any light on how to get ntpd to
work properly as a client?

Thank you for your time.

Sincerely,
Bruce McDonald

More information about the Redhat-install-list mailing list