[ntp:questions] Problem with time synchronisaton
Greetings, I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 (1) and running but the time on the ntp host does not appear to be synching with the nominated external time references. Any assistance much appreciated. Details as follows: [EMAIL PROTECTED] etc]# ntpq -p remote refid st t when poll reach delay offset jitter == wireless.org.au .INIT. 16 u- 25600.0000.000 0.000 pond.thecave.ws .INIT. 16 u- 25600.0000.000 0.000 cust6381.nsw01. .INIT. 16 u- 25600.0000.000 0.000 core.narx.net .INIT. 16 u- 25600.0000.000 0.000 *LOCAL(0).LOCL. 10 l3 64 3770.0000.000 0.001 The logs don't seem to indicate a problem: Apr 11 15:53:05 maitproddns ntpd[11595]: ntpd [EMAIL PROTECTED] Mon Jun 4 15:13:02 UTC 2007 (1) Apr 11 15:53:05 maitproddns ntpd[11596]: precision = 1.000 usec Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface wildcard, 0.0.0.0#123 Disabled Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface wildcard, ::#123 Disabled Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface lo, ::1#123 Enabled Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface eth0, fe80::250:56ff:fe8d:45f3#123 Enab led Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface lo, 127.0.0.1#123 Enabled Apr 11 15:53:05 maitproddns ntpd[11596]: Listening on interface eth0, 203.11.159.13#123 Enabled Apr 11 15:53:05 maitproddns ntpd[11596]: kernel time sync status 0040 Apr 11 15:53:08 maitproddns ntpd[11596]: frequency initialized 0.000 PPM from /var/lib/ntp/drift Apr 11 15:56:25 maitproddns ntpd[11596]: synchronized to LOCAL(0), stratum 10 Apr 11 15:56:25 maitproddns ntpd[11596]: kernel time sync enabled 0001 My ntp.conf file is out of thebox with the exception of the external time servers ntp.conf - [EMAIL PROTECTED] etc]# more ntp.conf # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict -6 ::1 # Hosts on local network are less restricted. #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # server 0.rhel.pool.ntp.org # server 1.rhel.pool.ntp.org # server 2.rhel.pool.ntp.org server 0.au.pool.ntp.org server 1.au.pool.ntp.org server 2.au.pool.ntp.org server 3.au.pool.ntp.org #broadcast 192.168.1.255 key 42 # broadcast server #broadcastclient# broadcast client #broadcast 224.0.1.1 key 42 # multicast server #multicastclient 224.0.1.1 # multicast client #manycastserver 239.255.254.254 # manycast server #manycastclient 239.255.254.254 key 42 # manycast client # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 # Drift file. Put this in a directory which the daemon can write to. # No symbolic links allowed, either, since the daemon updates the file # by creating a temporary in the same directory and then rename()'ing # it to the file. driftfile /var/lib/ntp/drift # Key file containing the keys and key identifiers used when operating # with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted. #trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility. #requestkey 8 # Specify the key identifier to use with the ntpq utility. #controlkey 8 This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of their organisation. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
David J Taylor wrote: [] > By the way, that query doesn't work for me, so are you sure that > server is running NTP? Do you have permission to access it? You > might be better off with "pool" servers: > > 0.pool.ntp.org > 1.pool.ntp.org > > Cheers, > David Oops, I see you are using the Australian pool servers. However, 0.au.pool.ntp.org didn't answer my ntpq, and 1.au.pool.ntp.org returned incomplete data, so I would still check the servers carefully. They are (should be) dynamically allocated, to load balance. Check network connectivity first. You can add the iburst qualifiers for faster initial sync. server 0.pool.ntp.org iburst server 1.pool.ntp.org iburst David ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: > Greetings, > > I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC > 2007 (1) and running but the time on the ntp host does not appear to > be > synching with the nominated external time references. Any assistance > much > appreciated. > > Details as follows: > > [EMAIL PROTECTED] etc]# ntpq -p > remote refid st t when poll reach delay offset > jitter > == > wireless.org.au .INIT. 16 u- 25600.0000.000 > 0.000 > pond.thecave.ws .INIT. 16 u- 25600.0000.000 > 0.000 > cust6381.nsw01. .INIT. 16 u- 25600.0000.000 > 0.000 > core.narx.net .INIT. 16 u- 25600.0000.000 > 0.000 > *LOCAL(0).LOCL. 10 l3 64 3770.0000.000 > 0.001 > > The logs don't seem to indicate a problem: If the reach column is 0, then you are not seeing the remote servers. You should see 377. Look for a network or connectivity issue. Can you ping the remote servers? Ask them an NTP query like: ntpq -p wirelss.org.au By the way, that query doesn't work for me, so are you sure that server is running NTP? Do you have permission to access it? You might be better off with "pool" servers: 0.pool.ntp.org 1.pool.ntp.org Cheers, David ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: > I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 That is not a standard version number. Who allocated the "@1.1570-o" part of the version number? You may be better off getting support from them. > (1) and running but the time on the ntp host does not appear to be > synching with the nominated external time references. Any assistance much > appreciated. That's because no (valid) replies have been received from any of them. The two common causes of this are over-aggressive restrict lines and firewalls. I think your restrict lines may be OK, but I'd suggest confirming that it works without any. Using pool servers limits your ability to use restrict and the defaults must permit your client to use any times it receives. Another possibility is that they have restrict kod set on the servers, and you are using multiple clients and NAT, in a way that causes the rate limits to be exceeded. People often overlook the Linux iptables firewall. You should run ntpq rv on the associations from your servers, to see if they are responding, but the responses are being rejected, and if so why. You should also try running tcpdump, etc., at appropriate places on the network to find out if they are getting blocked at some point. > My ntp.conf file is out of thebox with the exception of the external time > servers Whose box? I believe the official box doesn't have a configuration file in it. > # Permit time synchronization with our time source, but do not > # permit the source to query or modify the service on this system. Note this answers the recent question about ntpq peers not working! > > # Undisciplined Local Clock. This is a fake driver intended for backup > # and when no outside source of synchronized time is available. This description is incomplete, and, in my view, no out of the box configuration should have these lines enabled. They should only be enabled on servers and only if you understand the risks. However, that is not an issue here. > server 127.127.1.0 # local clock > fudge 127.127.1.0 stratum 10 ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: > Greetings, > > I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 > (1) and running but the time on the ntp host does not appear to be > synching with the nominated external time references. Any assistance much > appreciated. > > Details as follows: > > [EMAIL PROTECTED] etc]# ntpq -p > remote refid st t when poll reach delay offset > jitter > == > wireless.org.au .INIT. 16 u- 25600.0000.000 > 0.000 > pond.thecave.ws .INIT. 16 u- 25600.0000.000 > 0.000 > cust6381.nsw01. .INIT. 16 u- 25600.0000.000 > 0.000 > core.narx.net .INIT. 16 u- 25600.0000.000 > 0.000 > *LOCAL(0).LOCL. 10 l3 64 3770.0000.000 > 0.001 > > The logs don't seem to indicate a problem: The problem should be clear from the above ntpq -p banner!! None of the servers you have configured have responded to requests sent by your system! Can you ping these servers and get a response? Do you have a firewall that is blocking Port 123? BTW, if you didn't wait at least 30 minutes between starting ntpd and getting the ntpq banner, you wasted your time! Ntpd generally requires about that much time to figure out exactly what time it is and to beat your clock into submission. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, David Woolley <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > >> I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC >> 2007 > > That is not a standard version number. Really? On my system running 4.2.5p54 built from sources downloaded from www.ntp.org I see: $ ntpq -c"rv 0 version" assID=0 status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg, version="ntpd [EMAIL PROTECTED] Fri Jun 22 14:26:20 UTC 2007 (2)" > Who allocated the "@1.1570-o" part of the version number? ntp.org > You may be better off getting support from them. I believe he's in the right place. >> (1) and running but the time on the ntp host does not appear to be >> synching with the nominated external time references. Any assistance much >> appreciated. > > That's because no (valid) replies have been received from any of them. > The two common causes of this are over-aggressive restrict lines and > firewalls. > > I think your restrict lines may be OK, They are. > but I'd suggest confirming that it works without any. It won't. > Using pool servers limits your ability to use restrict and the > defaults must permit your client to use any times it receives. They do. > Another possibility is that they have restrict kod set on the servers, > and you are using multiple clients and NAT, in a way that causes the > rate limits to be exceeded. If that were the case you would see .KOD. in the ntpq peers billboard. > People often overlook the Linux iptables firewall. Port 123/UDP must be open to receive packets from the remote time servers. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
Tony, Why do you have a local refclock configured? Why are you not using the 'iburst' keyword on your server lines? Have you seen http://support.ntp.org/bin/view/Support/ConfiguringNTP ? -- Harlan Stenn <[EMAIL PROTECTED]> http://ntpforum.isc.org - be a member! ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
>>> In article <[EMAIL PROTECTED]>, "Richard B. Gilbert" <[EMAIL PROTECTED]> >>> writes: Richard> BTW, if you didn't wait at least 30 minutes between starting ntpd Richard> and getting the ntpq banner, you wasted your time! Ntpd generally Richard> requires about that much time to figure out exactly what time it is Richard> and to beat your clock into submission. Which is why we recommend using 'iburst', as with a good drift file ntpd will have everything ready to go in about 11 seconds' time. -- Harlan Stenn <[EMAIL PROTECTED]> http://ntpforum.isc.org - be a member! ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
Harlan Stenn wrote: > > Why do you have a local refclock configured? Because he's using an out of the box configuration. That, is probably the main reason that people have them configured. You really need to ask the people who put in the box, but I suspect they don't know, either. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, David Woolley <[EMAIL PROTECTED]> wrote: > Harlan Stenn wrote: > >> Why do you have a local refclock configured? > > Because he's using an out of the box configuration. That, is probably > the main reason that people have them configured. You really need to > ask the people who put in the box, but I suspect they don't know, > either. The problem here is that the distribution does not contain a decent assortment of example configuration files for common configurations. So the OS distributors/aggregators/vendors each cobble together their own one size fits all configuration file. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
>The problem here is that the distribution does not contain a decent >assortment of example configuration files for common configurations. So >the OS distributors/aggregators/vendors each cobble together their own >one size fits all configuration file. But does a local refclock make sense in a typical setup? Does the wiki have a good collection of examples? and the discussion that goes with them? How much effort would it take to make one? Would it make sense to encourage distributions to include a URL at the top of their prototype config file? -- These are my opinions, not necessarily my employer's. I hate spam. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, Richard B. Gilbert <[EMAIL PROTECTED]> wrote: > BTW, if you didn't wait at least 30 minutes between starting ntpd and > getting the ntpq banner, you wasted your time! Nonsense. After only two polls you can see if your ntpd is able to contact the remote time servers. You don't need to wait 30 minutes for that. As ntpd continues to poll you can see if a step was required or if the clock is being steered in the right direction . > Ntpd generally requires about that much time to figure out exactly > what time it is and to beat your clock into submission. That's not the issue here. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
"Hal Murray" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >> The problem here is that the distribution does not contain a decent >> assortment of example configuration files for common configurations. >> So the OS distributors/aggregators/vendors each cobble together their >> own one size fits all configuration file. I suspect they would do that anyway. Because they usually want one size to fit all. > But does a local refclock make sense in a typical setup? Given the above, yes. It doesn't actually hurt a client (if a server is available), and an isolated server needs it. Differentiating between leaf node, dependent server, and isolated server is too hard for some. Especially since the difference is only in the configuration, and a dependent server, while it could use the Pool, would often need manual configuration. And I'm not even talking about broadcast/multicast. The logical end result is a distribution with three or four Pool servers and a local clock. It falls down with multiple installations in an isolated network, but works everywhere else. It may not be optimal, but it's the best you can do under a wide set of circumstances. Groetjes, Maarten Wiltink ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On Sat, 12 Apr 2008 06:34:57 +, David J Taylor wrote: > David J Taylor wrote: > [] >> By the way, that query doesn't work for me, so are you sure that >> server is running NTP? Do you have permission to access it? You >> might be better off with "pool" servers: >> >> 0.pool.ntp.org >> 1.pool.ntp.org >> >> Cheers, >> David > > Oops, I see you are using the Australian pool servers. However, > 0.au.pool.ntp.org didn't answer my ntpq, and 1.au.pool.ntp.org returned > incomplete data, so I would still check the servers carefully. They are > (should be) dynamically allocated, to load balance. Check network > connectivity first. You can add the iburst qualifiers for faster initial > sync. > > server 0.pool.ntp.org iburst > server 1.pool.ntp.org iburst They all work. None of them are in use by my *.au.pool.ntp.org config. Only one of them is currently listed by [0123].au.pool.ntp.org. Maybe there are restrict entries for non-APNIC addresses. server 203.23.237.200, port 123 stratum 2, precision -20, leap 00, trust 000 refid [203.23.237.200], delay 0.05562, dispersion 0.00015 transmitted 4, in filter 4 reference time:cbac6bca.c1f1aab8 Sun, Apr 13 2008 21:23:54.757 originate timestamp: cbac6f6a.8f9cf7d4 Sun, Apr 13 2008 21:39:22.560 transmit timestamp: cbac6f6a.8cb76f6d Sun, Apr 13 2008 21:39:22.549 filter delay: 0.05701 0.05721 0.05562 0.05666 0.0 0.0 0.0 0.0 filter offset: -0.00414 -0.00417 -0.00401 -0.00422 0.00 0.00 0.00 0.00 delay 0.05562, dispersion 0.00015 offset -0.004013 server 203.82.209.217, port 123 stratum 2, precision -20, leap 00, trust 000 refid [203.82.209.217], delay 0.09946, dispersion 0.00058 transmitted 4, in filter 4 reference time:cbac6d14.feb85f75 Sun, Apr 13 2008 21:29:24.995 originate timestamp: cbac6f6a.e88e94ad Sun, Apr 13 2008 21:39:22.908 transmit timestamp: cbac6f6a.e173eab3 Sun, Apr 13 2008 21:39:22.880 filter delay: 0.10147 0.09981 0.09978 0.09946 0.0 0.0 0.0 0.0 filter offset: -0.00788 -0.00944 -0.00991 -0.00917 0.00 0.00 0.00 0.00 delay 0.09946, dispersion 0.00058 offset -0.009178 server 203.171.85.237, port 123 stratum 1, precision -20, leap 00, trust 000 refid [PPS], delay 0.08073, dispersion 0.00037 transmitted 4, in filter 4 reference time:cbac6f64.3a0d3f1f Sun, Apr 13 2008 21:39:16.226 originate timestamp: cbac6f6b.0ed6fa80 Sun, Apr 13 2008 21:39:23.057 transmit timestamp: cbac6f6b.06a582db Sun, Apr 13 2008 21:39:23.025 filter delay: 0.08232 0.08218 0.08073 0.08098 0.0 0.0 0.0 0.0 filter offset: 0.003776 0.003835 0.003507 0.004039 0.00 0.00 0.00 0.00 delay 0.08073, dispersion 0.00037 offset 0.003507 server 203.34.87.2, port 123 stratum 2, precision -20, leap 00, trust 000 refid [203.34.87.2], delay 0.09901, dispersion 0.00012 transmitted 4, in filter 4 reference time:cbac6610.859c6410 Sun, Apr 13 2008 20:59:28.521 originate timestamp: cbac6f6b.50404692 Sun, Apr 13 2008 21:39:23.313 transmit timestamp: cbac6f6b.47cf3dc0 Sun, Apr 13 2008 21:39:23.280 filter delay: 0.10069 0.10120 0.09901 0.10210 0.0 0.0 0.0 0.0 filter offset: -0.00560 -0.00551 -0.00541 -0.00529 0.00 0.00 0.00 0.00 delay 0.09901, dispersion 0.00012 offset -0.005417 13 Apr 21:39:23 ntpdate[11563]: adjust time server 203.171.85.237 offset 0.003507 sec -- 2008/04/13:11:40:28UTC Slackware Linux 2.4.32 up 16 days, 15:36, 6 users, load average: 2.24, 2.11, 2.08 ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
David Woolley wrote: > [EMAIL PROTECTED] wrote: > >> I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 > > That is not a standard version number. Who allocated the "@1.1570-o" > part of the version number? You may be better off getting support from > them. > We do. It's the standard version string. The number following the @ is a bitkeeper version number. Note that 4.2.2 is old. I don't believe that orphan mode is supported until 4.2.4 so please install the latest version. Danny ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
>> [EMAIL PROTECTED] wrote: >>> I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 Please see http://support.ntp.org/bin/view/Dev/EmbeddedVersionStringContent -- Harlan Stenn <[EMAIL PROTECTED]> http://ntpforum.isc.org - be a member! ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions