[ntp:questions] phantom server with MacOSX
cswiger at mac.com
Wed Aug 18 18:43:14 UTC 2010
On Aug 17, 2010, at 4:32 AM, ntpquestions at rfc1035.com wrote:
> I've stumbled on a weird problem with NTP 4.2.6 on MacOSX. I compiled
> and installed the code myself. The box is not running whatever NTP code
> is shipped with the OS. All is well (sort of). The server is chiming
> away quite happily.
You didn't mention which version of MacOS X you were running (uname -a or sw_vers). The default config under 10.6 looks something like:
% ps auxww | grep ntpd | grep -v grep
root 55 0.0 0.0 2435208 1144 ?? Ss 5Aug10 0:52.39 /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift
% cat /private/etc/ntp-restrict.conf
# Access restrictions documented in ntp.conf(5) and
# Limit network machines to time queries only
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# localhost is unrestricted
restrict -6 ::1
% cat /private/etc/ntp.conf
> However it's peering with an Apple NTP server that I didn't configure.
> Can anyone suggest what's caused that or how to fix it? This phantom NTP
> server persists across restarts of ntpd and reboots, even though it's
> not listed in /etc/ntp.conf. I have no idea where it's picking up the
> name of this server from => how to get rid of it.
Pay attention to the launch arguments of ntpd; make sure you are running the binary you expect and pointing to the config file you expect. If need be, run "ntpd -d", make sure it returns your 4.2.6 version rather than something like "ntpd 4.2.4p4 at 1.1520-o" which would be the base OS binary; and pay attention to newpeer events.
If that's still not enough, "dtruss /usr/sbin/ntpd -n -d" (or whatever the path to your binary is) should return output like:
write_nocancel(0x1, "addto_syslog: Listening on routing socket on fd #27 for interface updates\n\0", 0x4A) = 74 0
write_nocancel(0x1, "local_clock: time 0 offset 0.000000 freq 0.000 state 0\n\0", 0x37) = 55 0
open_nocancel("/etc/ntp.conf\0", 0x0, 0x1B6) = 3 0
fstat64(0x3, 0x7FFF5FBFED60, 0x7FFF5FBFEE2C) = 0 0
read_nocancel(0x3, "server time.apple.com\n\0", 0x1000) = 22 0
...and that will show you exactly which config file is being opened and what was read from it.
> Although this is no big deal, I am puzzled and a bit annoyed that Apple
> appear to be stamping over my NTP setup and not explaining how or why
> they do that. It's the thin edge of the wedge. If His Steveness doesn't
> like my NTP configuration, what else might he take exception to?
I admire the humor behind the notion that Steve would care about your NTP configuration; if the issue comes down to a user configuration issue, you'll hopefully retain this sense of humor. :-)
More information about the questions