[ntp:questions] ntpd just not working
david at ex.djwhome.demon.co.uk.invalid
Sun Oct 7 17:15:22 UTC 2007
In article <20071007115739.00185a93.ioplex at gmail.com>,
Michael B Allen <ioplex at gmail.com> wrote:
> No firewalls. From the capture I can clearly see only a request and
> reply. There's no attempt to communicate with the time server at all.
The last two sentences contradict each other. A request is an attempt to
communicate. In addition, a reply means that the other side also
cooperated in the communication. A firewall might eliminate either the
request or reply, but this might be downstream of where you are
If you have captured the attempt and the response, could we please see
copies of them?
If you are running a Red Hat derived Linux distribution, and probably several
others that are not on a direct line from Red Hat, you will have a firewall and it will be active.
> Sounds to me like the config is simply blocking things. I tried reading
> the man page but why does this have to be so hard? I just want to
There is no official man page for ntpd; the official documentation is in
> setup a simple ntpd for the local machine.
It is not hard to set up a simple configuration; a file just consisting
of one server line will work. Most newbie problems are the result of:
- a firewall that they never even realised was there;
- trying to use restrict before they have the basic service working
(including using restrict with domain names on multi-homed servers);
- using a Windows w32tm machine as a time server;
- unnecessary use of the local clock driver; or
- not having any reference clocks in the system at all.
However, if you have correctly described your setup, I'm a little concerned
that there are no associations shown. I'm fairly sure that associations are
set up when the outbound request is made. As you've used an IP address, so
there should be no issue to do with name resolution, the only reasons I can
think of for not seeing any associations are:
- the configuration file you are editing is not the one it is using (but
then relaxing the restricts wouldn't work either);
- you are failing to bind a socket to the server address because there is
no route to the server;
- maybe the association is built after sending and the firewall is failing the
send, but I'm not at all sure that Linux or ntpd work that way.
If you are failing to bind sockets or send, I would expect there to be
syslog messages relating to those problems.
> Is there a tutorial out there with some example configs for standard
A leaf node needs one, basic, server line and nothing else. However, there are
advantages in having four independent servers and a drift file, and there
is also an advantage in having iburst on the server lines. A leaf node
never needs the local clock. Restricting diagnostic is arguably desirable.
More information about the questions