[ntp:questions] NTP on small 100% Linux LAN : reasonable access control policy ?

Richard B. Gilbert rgilbert88 at comcast.net
Sun Aug 1 17:31:26 UTC 2010


Niki Kovacs wrote:
> I experimented for a few hours with a local "sandbox" network, and 
> here's the configuration I finally found out.
> 
> Server (192.168.1.2 = bernadette):
> 
> --8<---- /etc/ntp.conf ----------------
> 
> driftfile /var/lib/ntp/drift
> logfile /var/log/ntp.log
> 
> server 0.fr.pool.ntp.org
> server 1.fr.pool.ntp.org
> server 2.fr.pool.ntp.org
> server 3.fr.pool.ntp.org
> 
> restrict default kod nomodify notrap nopeer
> restrict 127.0.0.1
> restrict 192.168.1.0 mask 255.255.255.0
> 
> --8<-----------------------------------
> 
> 
> Client (192.168.1.3 = raymonde):
> 
> --8<---- /etc/ntp.conf ----------------
> 
> driftfile /var/lib/ntp/drift
> logfile /var/log/ntp.log
> 
> server bernadette
> 
> restrict default ignore
> restrict 127.0.0.1
> restrict bernadette
> 
> --8<-----------------------------------
> 
> If I understand correctly, the whole setup works OK as soon as ntpq -p 
> shows me a list of servers, and at least one of them has a little * star 
> in front of the line (which can take a few minutes to appear).
> 
> I'm open for suggestions if there's something wrong with my setup.
> 
> Cheers from the sunny South of France,
> 
> Niki

Be prepared to wait as long as ten or twelve hours to get really close 
synchronization.  NTP was never intended for systems running only eight 
hours a day.  You can be "close" in thirty minutes or less but it takes 
many hours to get both close and stable.  It also helps to run your 
server in a controlled environment; temperature changes will affect your 
clock.




More information about the questions mailing list