[ntp:questions] Re: cant connect to ntp server

Richard B. Gilbert rgilbert88 at comcast.net
Thu Jun 9 16:01:01 UTC 2005


Sachin Prasad wrote:

>1) I need help. Don't know what to do next. The ntp server does not connect to any servers.   
>
>I modified the checkpoint firewall to allow both tcp and udp port 123 for my machine. I then configured the ntp.conf file 
>
># Permit all access over the loopback interface.  This could
># be tightened as well, but to do so would effect some of
># the administrative functions.
>restrict 127.0.0.1
>
># -- CLIENT NETWORK -------
># Permit systems on this network to synchronize with this
># time service.  Do not permit those systems to modify the
># configuration of this service.  Also, do not use those
># systems as peers for synchronization.
>restrict 10.253.32.0 mask 255.255.255.0 notrust nomodify notrap
>
># --- OUR TIMESERVERS -----
>
># --- NTP MULTICASTCLIENT ---
>#multicastclient                        # listen on default 224.0.1.1
># restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
># restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
>
># --- GENERAL CONFIGURATION ---
>#server 127.127.1.0     # local clock
>server 66.187.224.4
>server time.nist.gov
>server clock.isc.org
>server clock.via.net
>server clock.redhat.com
>
>fudge   127.127.1.0 stratum 10
>
>driftfile /etc/ntp/drift
>broadcastdelay  0.008
>logfile /var/log/ntpd.conf
>
>authenticate yes
>keys            /etc/ntp/keys
>
>2)     I waited a day and i ran ntpq -np
>
>     remote           refid      st t when poll reach   delay   offset  jitter
>==============================================================================
> 66.187.224.4    0.0.0.0         16 u    - 1024    0    0.000    0.000 4000.00
> 192.43.244.18   0.0.0.0         16 u    - 1024    0    0.000    0.000 4000.00
> 204.152.184.72  0.0.0.0         16 u    - 1024    0    0.000    0.000 4000.00
> 209.81.9.7      0.0.0.0         16 u    - 1024    0    0.000    0.000 4000.00
> 209.132.176.4   0.0.0.0         16 u    - 1024    0    0.000    0.000 4000.00
>
>This is the messages from the /var/log/messages
>
>7 Jun 22:50:04 ntpd[31831]: signal_no_reset: signal 17 had flags 4000000
> 7 Jun 22:50:04 ntpd[31829]: running as uid(38)/gid(38) euid(38)/egid(38).
>
>3)     I checked the connectivity to clock.redhat.com.  My clock got synced to the redhat clock
>
>[root at fslinux01 root]# ntpdate clock.redhat.com
> 8 Jun 15:08:01 ntpdate[17153]: the NTP socket is in use, exiting
>[root at fslinux01 root]# date
>Wed Jun  8 15:08:04 PDT 2005
>[root at fslinux01 root]# /etc/rc.d/init.d/ntpd stop
>Shutting down ntpd:                                        [  OK  ]
>[root at fslinux01 root]# ntpdate clock.redhat.com
> 8 Jun 15:11:49 ntpdate[17174]: step time server 209.132.176.4 offset 183.711862 sec
>[root at fslinux01 root]# date
>Wed Jun  8 15:11:52 PDT 2005
>
>
>4) I restarted the service 
>
>ntpq> as
>ind assID status  conf reach auth condition  last_event cnt
>===========================================================
>  1 38916  8000   yes   yes  none    reject
>  2 38917  8000   yes   yes  none    reject
>  3 38918  8000   yes   yes  none    reject
>  4 38919  8000   yes   yes  none    reject
>  5 38920  8000   yes   yes  none    reject
>
>ntpq> rv 38916
>status=8000 unreach, conf, no events,
>srcadr=clock2.redhat.com, srcport=123, dstadr=10.253.32.1, dstport=123,
>leap=11, stratum=16, precision=-18, rootdelay=0.000,
>rootdispersion=0.000, refid=0.0.0.0, reach=000, unreach=2, hmode=3,
>pmode=0, hpoll=6, ppoll=10, flash=00 ok, keyid=0, offset=0.000,
>delay=0.000, dispersion=0.000, jitter=4000.000,
>reftime=00000000.00000000  Wed, Feb  6 2036 22:28:16.000,
>org=00000000.00000000  Wed, Feb  6 2036 22:28:16.000,
>rec=00000000.00000000  Wed, Feb  6 2036 22:28:16.000,
>xmt=c651f036.cf4c8ffb  Wed, Jun  8 2005 15:31:18.809,
>filtdelay=     0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00,
>filtoffset=    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00,
>filtdisp=   16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0
>ntpq>
>
>
>
>
>
>  
>
Try removing all those restrict statements.  If it works without them 
you got at least one of them wrong.

Also tell us what version of ntpd you are running; the semantics of 
restrict notrust changed between a couple or recent versions; an 
extremely poor move given the number of problems the change has caused!



More information about the questions mailing list