[ntp:questions] ntpd not responding on localhost
Nick Bright
nick.bright at terraworld.net
Tue Feb 12 06:06:15 UTC 2008
The resolution ended up being to comment out:
restrict default ignore
from the default ntpd.conf
After I commented out that line, I was able to get updates from the
servers I had configured, as well as provide updates to client devices.
For those coming upon this in a search engine result, please be advised
that this may have security implications that I don't know about... For
my application, the server is behind a hardware firewall in a fairly
controlled network, so I'm not too concerned; but if you're running an
internet server find out the proper command syntax for the most secure
operation!
Nick Bright wrote:
> I've installed and configured NTP on a RHEL 3 machine, and configured it
> to query the US pool servers.
>
> Unfortunately, because the firewall administrator this machine is behind
> hasn't yet set up the firewall rules the time can't sync. At least I
> assume that he hasn't done it, because the time isn't syncing.
>
> ntpq> pe
> remote refid st t when poll reach delay offset jitter
> ========================================================================
> 217.160.254.116 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 75.144.70.35 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 72.232.254.202 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
> 208.75.88.4 0.0.0.0 16 u - 128 0 0.000 0.000 4000.00
>
> However, if I execute "ntpdate -u localhost" it replies with:
>
> ntpdate[8246]: no server suitable for synchronization found
>
> I did verify that I can sync with an external source, though:
>
> ntpdate -u 217.160.254.116
> 8 Feb 19:04:00 ntpdate[8247]: adjust time server 217.160.254.116
> offset -0.302278 sec
>
> So my questions are:
>
> If the NTPD isn't synchronized with external servers, will it simply
> ignore clients?
>
> If it doesn't ignore clients, why would my ntpdate command run on the
> local machine not be able to query the server? It can't be the firewall,
> because iptables is completely disabled.
>
> Thanks,
>
More information about the questions
mailing list