Magnus Danielson wrote:
On 09/01/2013 10:42 PM, unruh wrote:
On 2013-09-01, Steve Kostecke <koste...@ntp.org> wrote:
On 2013-09-01, Rob <nom...@example.com> wrote:
The NTP Reference Implementation is free software. The copyright
holder (The University of Delaware) makes no representations
about the suitability this software for any purpose. It is
provided "as is" without express or implied warranty. Please visit
http://www.ntp.org/copyright for the complete copyright notice and
license statement.
Yes, usual legal ass protection. Fortunately ntpd developers usually do not
actually either believe that nor act as though they believe that.
They tend not to say "Oh-- it does not work, tough shit."
And you do them, and yourself a disservice by saying that that is what
they do. It is not what they or you do.
In this case ntpd wandered off by hours with no complaint. That is not a
proper behaviour of a professional piece of software. Now it could be
that they have the local clock enables, and for some reason ntpd chased
that rather than all of the other server sources. Pointing out that they
should never actually use the local clock as a source is certainly
useful since the clock is never wrong with respect to the local source.
But if the computer has 5 outside source available and still chases
after the local source that is a bug that should be fixed. If you know
some attempt was made to fix a bug like than in a more recent version
than the one used by the user, then advising upgrade is appropriate (as
is telling him never to use local)
As we are coming back to topic...
8<---
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
Hi
I'll join in here
where is your statsdir?
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server ntp1.kth.se iburst maxpoll 7
server ntp2.kth.se iburst maxpoll 7
server ntp3.kth.se iburst maxpoll 7
server ntp1.sp.se iburst maxpoll 7
server ntp2.sp.se iburst maxpoll 7
that seems too restrictive and possibly abusive if you do not
yourself have control over those servers.
My own servers and clients are NetBSD with ntpd 4.2.6p5 except
for one client on ntpd-4.2.7p377
iburst is used on my clients but only against servers on my local
network and from others where I have accounts.
If your clients pointed to my own pool servers they would
eventually get KOD or reach would slowly decay.
eg. one of my pool servers that is also a local client has:
! tos minsane 3
! tos orphan 10
! tos mindist 0.01
! peer -4 ntp0.lordynet.org.uk minpoll 6 maxpoll 8 iburst
! peer -4 ntp2.lordynet.org.uk minpoll 6 maxpoll 8 iburst
! server -4 ntp1.lordynet.org.uk minpoll 6 maxpoll 8 iburst
! server -4 (friendly isp_1) minpoll 8 maxpoll 10 iburst
! server -4 (friendly isp_2) minpoll 8 maxpoll 10 iburst
! server -4 (other isp_3) minpoll 8 maxpoll 11
! server -4 (other isp_4) minpoll 8 maxpoll 11
! server -4 (other isp_5) minpoll 8 maxpoll 11
There are some sane suggestions on the pool website as to how
to configure ntpd clients.
The only debian based systems I used are Ubuntu but that was
only clients and were usually within a few ms offset within
30 min of bootup. I have no idea if they drifted over several
days but logs show they keep good time when powered up.
Your servers aren't by any chance 'virtual' in which case you
should obtain time from your base system.
David
# Access control configuration; see
/usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page
<http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a
configuration
# that might be intended to block requests from certain clients could
also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet,
de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
--->8
This is the default Debian config file which have been changed to point
out 5 servers, which I was referring to in my follow-up message:
8<---
It has 2 stratum 1 and 3 stratum 2 unicast servers configured. NTP wise
this machine is a client with 5 configured servers. The problem was that
it was way off time with no apparent indication, which is wrong.
--->8
The debugger (another system admin) of this system did strace, and saw
updates to kernel. Nothing anywhere to indicate problems other than what
I mentioned that there was a zero offset.
I'll try to see if I can re-create this behavior on another machine, as
the machine we did see it on needs to be on time since its a server for
other things than time.
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
