NTPD catches in RHEL Server 5?
schilling
schilling2006 at gmail.com
Mon Jul 21 14:16:10 UTC 2008
Figured it out.
the restrict clause, notrust meaning changed dramatically. Removed the
notrust from restrick clause fixed it.
Thanks.
Schilling
On Mon, Jul 21, 2008 at 8:36 AM, Olt, Joseph <jolt at ti.com> wrote:
> Stephen's suggestions are very good. You may also want to check the
> selinux permissions on the files since you copied them from another system.
> Are there any selinux permissions issues in the messages log?
>
> -----Original Message-----
> From: redhat-sysadmin-list-bounces at redhat.com [mailto:
> redhat-sysadmin-list-bounces at redhat.com] On Behalf Of Stephen John Smoogen
> Sent: Sunday, July 20, 2008 12:35 AM
> To: redhat-sysadmin-list at redhat.com
> Subject: Re: NTPD catches in RHEL Server 5?
>
> 2008/7/19 schilling <schilling2006 at gmail.com>:
> >
> > Hi,
> >
> > I was trying to upgrade my ntp server from AS 3 w/ ntp-4.1.2-5.el3 to
> RHEL
> > server 5 w/ntp-4.2.2p1-8.el5, I copied the /etc/ntp.conf and iptables to
> the
> > new installation. But now
> > the RHEL5 will not providing the NTP services. Is there any cactch
> > configuration for RHEL 5?
>
> 1. Check to see if the ntp server is running and that you can get the
> data locally.
>
> service ntp status
>
>
> 2. Check to see if the ntp server has sync'd up correctly. The newer
> ntp server takes a while to get a proper 'chaos' field or something
> ready before it will start serving time. It is a lot faster if you
> have a GPS etc local to it, but if it is relying on other ntp's it
> takes a while to give you the data.
>
> ntpq -p
>
> 3. Check to see if the firewall allows for systems to connect to port
> 123 on your new server.
>
> >
> > My configuration is as follows:
> >
> > [test at dns1 ~]$ more /etc/ntp.conf
> > # Prohibit general access to this service.
> > #restrict default ignore
> >
> > # Permit all access over the loopback interface. This could
> > # be tightened as well, but to do so would effect some of
> > # the administrative functions.
> > restrict 127.0.0.1
> >
> > #On Campus Peers
> > #peer 192.168.8.8
> > peer 10.10.121.44
> >
> >
> > # -- CLIENT NETWORK -------
> > # Permit systems on this network to synchronize with this
> > # time service. Do not permit those systems to modify the
> > # configuration of this service. Also, do not use those
> > # systems as peers for synchronization.
> > restrict 192.168.0.0 mask 255.255.0.0 notrust nomodify notrap
> > restrict 10.10.0.0 mask 255.255.0.0 notrust nomodify notrap
> >
> > # --- OUR TIMESERVERS -----
> > # or remove the default restrict line
> > # Permit time synchronization with our time source, but do not
> > # permit the source to query or modify the service on this system.
> >
> > # restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap
> > noquery
> > # server mytrustedtimeserverip
> >
> > server 18.145.0.30 #NAVOBS1.MIT.EDU.
> > server 128.118.25.12 #gps1.tns.its.psu.edu.
> > server 192.5.41.209 #ntp2.usno.navy.mil.
> > server 192.5.41.40 #tick.usno.navy.mil.
> >
> > restrict 18.145.0.30 mask 255.255.255.255 nomodify notrap noquery
> > restrict 128.118.25.12 mask 255.255.255.255 nomodify notrap noquery
> > restrict 192.5.41.209 mask 255.255.255.255 nomodify notrap noquery
> > restrict 192.5.41.40 mask 255.255.255.255 nomodify notrap noquery
> >
> >
> > # --- NTP MULTICASTCLIENT ---
> > #multicastclient # listen on default 224.0.1.1
> > # restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
> > # restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
> >
> >
> >
> > # --- GENERAL CONFIGURATION ---
> > #
> > # Undisciplined Local Clock. This is a fake driver intended for backup
> > # and when no outside source of synchronized time is available. The
> > # default stratum is usually 3, but in this case we elect to use stratum
> > # 0. Since the server line does not have the prefer keyword, this driver
> > # is never used for synchronization, unless no other other
> > # synchronization source is available. In case the local host is
> > # controlled by some external source, such as an external oscillator or
> > # another protocol, the prefer keyword would cause the local host to
> > # disregard all other synchronization sources, unless the kernel
> > # modifications are in use and declare an unsynchronized condition.
> > #
> > #server 127.127.1.0 # local clock
> > #fudge 127.127.1.0 stratum 10
> >
> > #
> > # Drift file. Put this in a directory which the daemon can write to.
> > # No symbolic links allowed, either, since the daemon updates the file
> > # by creating a temporary in the same directory and then rename()'ing
> > # it to the file.
> > #
> > driftfile /var/lib/ntp/drift
> > broadcastdelay 0.008
> >
> > #
> > # Authentication delay. If you use, or plan to use someday, the
> > # authentication facility you should make the programs in the auth_stuff
> > # directory and figure out what this number should be on your machine.
> > #
> > #authenticate yes
> >
> > #
> > # Keys file. If you want to diddle your server at run time, make a
> > # keys file (mode 600 for sure) and define the key number to be
> > # used for making requests.
> > #
> > # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
> > # systems might be able to reset your clock at will. Note also that
> > # ntpd is started with a -A flag, disabling authentication, that
> > # will have to be removed as well.
> > #
> > keys /etc/ntp/keys
> >
> > Thanks.
> >
> > Schilling
> >
> >
> > --
> > redhat-sysadmin-list mailing list
> > redhat-sysadmin-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
> >
>
>
>
> --
> Stephen J Smoogen. -- BSD/GNU/Linux
> How far that little candle throws his beams! So shines a good deed
> in a naughty world. = Shakespeare. "The Merchant of Venice"
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-sysadmin-list/attachments/20080721/78e1268f/attachment.htm>
More information about the redhat-sysadmin-list
mailing list