[ntp:questions] Re: synchronization failed

Steve Kostecke kostecke at ntp.isc.org
Mon Nov 1 20:40:23 UTC 2004

On 2004-11-01, Vincent Blondel <vincent.blondel at chello.be> wrote:

> FreeBSD (Public Server)
> /etc/ntp.conf
> server ntp1.belbone.be prefer
> server ntp2.belbone.be
> driftfile /var/db/ntp.drift
> restrict mask notrust nomodify notrap

notrust means "ignore packets which are not cryptographicly
authenticated" _and_ only applies to associations in which your ntpd is
the client. notrust is meaningless in this context.

You should add 'iburst' to your server lines so that you get faster

server ntp1.belbone.be iburst prefer
server ntp2.belbone.be iburst

Then start ntpd on this machine and 'watch ntpq -p' until you see a '*'
in the left column (that indicates which remote time server you are
synced to). If you see iburst you should see the '*' in ~15-30 seconds.

Once your public server is synced to a remote time server you are ready
to serve time to your corporate machines.

> Mandrake (Corporate Machine)
> /etc/ntp.conf
> restrict default noquery notrust nomodify

notrust is meaningless here because it applies only to the association
with 192,168.1.19, which you've exempted from the default restriction.

> restrict
> restrict mask
> restrict
> server
> driftfile /etc/ntp.drift
> logfile /var/log/ntp.log

> error messages on the console (when I run ntpdate)
> host found : sbegfxab
> 1 Nov 18:45:50 ntpdate[21606]: no server suitable for synchronization
> found

ntpdate is deprecated. Please consider starting ntpd with the '-g'
option instead.

If you must use ntpdate make sure that it is being invoked with a valid
time server hostname (e.g. 'ntpdate ntp1.belbone.be').

ntpd will abort if your system clock is more than 1000 seconds off
unless you use the '-g' option or sucessfully invoke ntpdate before
starting ntpd.

Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Support Project - http://ntp.isc.org/

More information about the questions mailing list