[ntp:questions] NTP reachable but rejected
davehart at gmail.com
Thu Dec 17 22:44:30 UTC 2009
On Wed, Dec 16, 2009 at 2:11 AM, Moses Truong wrote:
> I have an NTP server (v.4.2.2) running on CentOS5 and it sync with ntp
> servers over the internet.
> On the local network, I have a variety of NTP clients running, those
> running CentOS4 with NTP daemon v4.2.0 are able to sync without a
> problem, but those running CentOS5 (ntp v4.2.2) or Ubuntu 9.10 (ntp
> v4.2.4) are not able to sync.
> leap=00, stratum=2, precision=-20, rootdelay=727.264,
> rootdispersion=448.120, refid=22.214.171.124, reach=001, unreach=1,
> hmode=3, pmode=4, hpoll=6, ppoll=6, flash=400 peer_dist, keyid=0, ttl=0,
> offset=8716.317, delay=0.166, dispersion=0.031, jitter=0.858,
> From the ntp manual, flash=400 refers to
> 0x400 TEST11
> The autokey protocol has not verified the server or peer is
> proventic and has valid public key credentials.
You are not looking at the NTP documentation which matches the version
in question. They are distributed in the same tarball as each
corresponding release of the NTP software. I don't know if CentOS
distributes the official (HTML-only) docs or not, but fortunately
there's http://doc.ntp.org/ providing documentation matching each
prior stable release.
ntpq told you the key piece of information with "flash=400 peer_dist,"
-- in that version of ntpd, flash=400 is associated with the peer
distance test, which is looking at a peer_distance calculation based
on the rootdelay and rootdispersion peer variables, as well as the
additional delay and dispersion in the communication with that peer.
In the current code, the threshold peer_dist indicates has been
exceeded defaults to 1.5 (seconds) and can be modified in ntp.conf
with "tos maxdist 2.5" for example, though I would not advise it
except as a short-term diagnostic step.
More information about the questions