[ntp:questions] Not able to connect

terrypearl fastsnip-bcard at yahoo.com
Thu Nov 16 22:20:41 UTC 2006

Steve - I thank you for your time in replying. Hopefully I can get this 

The ntp.conf file I appended was installed by the Fedora Core 5 
installation except for the NIST servers which were added by the system 
date/time s/w under Fedora Core 5.  I have refrained from editing the 
file, since I know nothing about it. I will edit it as per your comments.

I got the port 13 from the NIST site ( excerpt from their site):

The port number on your system is arbitrary, and is usually chosen at 
random by your system each time the client program prepares to make a 
request for the time. Therefore, it is likely to vary from one request 
to another. However, the NIST time servers will only listen for and 
respond to requests addressed to a few specific port numbers and 
protocols. These combinations are:

     * udp port 123, which is used by the network time protocol and the 
simple network time protocol. The NIST client software can be configured 
to use this port, but does not use it by default.

     * tcp port 13, which is used by the NIST client software by default 
and by other programs that use the “daytime” protocol.

     * tcp port 37 and udp port 37, which are used by DATE, RDATE, SDATE 
and by other programs that use the “time” protocol.

following the above, I assumed that TCP port 13 would be the port to 
use. I will correct that. Thanks.

The NIST site indicated that users (all?) were encouraged to use their 
servers to synch the computer clocks. Is that wrong? They even give away 
s/w to do the synching. I will edit them out until I learn otherwise.

> I see nothing in here that would prevent ntpd from working once you have
> the correct port open.

I can do

/usr/sbin/ntpdate -du 0.pool.ntp.org

from the command line and it works. However, if I do:

/usr/sbin/ntpq -p

I get:

      remote           refid      st t when poll reach   delay   offset 
==============================================================================  .PPS.            1 u   76 1024    1  123.394  8246.05 
  gatling.ikk.szt   2 u  105 1024    1  120.227  8239.82 
  raptor.tera-byt    2 u   88 1024    1   87.253  8238.11 
  time-a.nist.gov .ACTS.           1 u   87 1024    1  158.194  8318.57 
  time-b.nist.gov .ACTS.           1 u   83 1024    1  125.022  8299.00 

which doesn't show a default with an asterisk which somebody said would 
indicate the system used by ntpd to set the time automatically and keep 
it synched. Is this true? How can I tell if ntpd is working and keeping 
the clock synched?

The system s/w reports that ntpd is running, but if I run

/sbin/service ntpd status

The output is:

ntpd dead but pid file exists

which contradicts the system s/w.

>> restrict default nomodify notrap noquery
> This restriction line applies to all of your ntpd's "clients" and
> "servers". There is no need to specify explicit per host / subnet
> restrict lines unless you wish to modify this restriction.
> http://ntp.isc.org/Support/AccessRestrictions contains information about
> setting your ntpd restrictions.
>> restrict
>> # --- OUR TIMESERVERS -----
>> server 0.pool.ntp.org
>> server 1.pool.ntp.org
>> server 2.pool.ntp.org
> If you append 'iburst' to these server lines you will speed up ntpd's
> initial synchronization from ~8 minutes to ~20 seconds.

Done - thanks

> These pool server hostnames can resolve to serves located anywhere in
> the world. You may wish to restrict the pool to your geographic area.
> Please see http://ntp.isc.org/pool for more information.
>> fudge stratum 10

Commented out above

>> driftfile /var/lib/ntp/drift
>> broadcastdelay 0.008
Commented out above

>> keys /etc/ntp/keys
Commented out above

>> restrict 0.pool.ntp.org mask nomodify notrap noquery
>> restrict 1.pool.ntp.org mask nomodify notrap noquery
>> restrict 2.pool.ntp.org mask nomodify notrap noquery
Commented out above

>> server time
>> restrict time mask nomodify notrap noquery
>> server time
>> restrict time mask nomodify notrap noquery
> What's the point of the previous 4 lines? Do you have access to an NTP
> server named 'time.your.domain' ?

Commented out above - those lines came with the file - don't know who 
put them in the file shipped with FC 5.

>> server time-a.nist.gov
>> restrict time-a.nist.gov mask nomodify notrap noquery
>> server time-b.nist.gov
>> restrict time-b.nist.gov mask nomodify notrap noquery
> These are Stratum-1 servers. Please check the the Rules of Engagement
> (http://ntp.isc.org/rules) and make sure that you meet the criteria for
> the direct use of Stratum-1 time servers. Unless you are supporting a
> large number of client systems you should be using Stratum-2 servers
> (http://ntp.isc.org/s2) and/or the NTP Pool (http://ntp.isc.org/pool).

Will comment them out. As I said above they were added by the system s/w 
when I added NIST to the servers following the NIST web site 
encouragement to do so.

> The comment about redundant restrictions also applies here.

Still not sure that ntpd is working and keeping the clock synched. As I 
asked above - how do I tell????

Thanks for your advice - it is much appreciated.


If you are always rushing towards the future,
Then you never have any past.

Terry Boldt
Paraphrasing Ben Franklin:

Those who sacrifice freedom for safety, have neither.

The exact quote:

They that can give up essential liberty to obtain a little
temporary safety deserve neither liberty nor safety.
   Benjamin Franklin (1706 - 1790),
   US author, diplomat, inventor, physicist, politician, & printer
   Historical Review of Pennsylvania, 1759


More information about the questions mailing list