[ntp:questions] systems won't synchronize no matter what
kostecke at ntp.org
Wed Oct 27 00:47:56 UTC 2010
On 2010-10-22, Florin Andrei <florin at andrei.myip.org> wrote:
> Config file:
The real issue is the last line in your configuration file...
> server 10.10.16.65 iburst
> server 10.10.16.64 iburst
> server 127.127.1.0 # local clock
> fudge 127.127.1.0 stratum 10
The Undisciplined Local Clock driver (127.127.1.x) is not a backup. It
merely allows ntpd to claim to be synced to a time source when it is
In most cases the Undisciplined Local Clock should only be used by an
ntpd which must serve time to others even when no time sources are
reachable (or available).
> driftfile /etc/ntp/drift
It is usually considered bad form to allow daemons to write to the /etc
directory. A better place for the drift file is somewhere under /var.
> restrict 127.0.0.0 mask 255.0.0.0
> restrict 192.168.3.0 mask 255.255.255.0 nomodify notrap
nomodify == "Do not allow this host/subnet to modify the ntpd settings
even if they have the correct keys." By default ntpd requires
authentication with symmetric keys for modifications made with ntpdc. So
if you don't configure symmetric keys for your ntpd, or keep them
properly safeguarded, you don't need to use 'nomodify' unless you are
concerned that the NTP authentication scheme might be compromised or
that someone might start ntpd with -A."
notrap == "Do not allow this host/subnet to request a monitoring trap
(similar to an SNMP trap)."
> restrict default ignore
Your default restriction line is telling ntpd to ignore all NTP packets.
This includes your remote time servers. The only NTP packets which are
being allowed in/out are for 127.0.0.1 and 192.168.3.0/24. This is why
these three systems won't sync.
At a minimum you should add a restrict line for each of your time
servers which sets "relaxed" restrictions. e.g.
restrict 10.10.16.64 noquery
restrict 10.10.16.65 noquery
You could also set a reasonable default restriction which allows only
global time service. Then relax the restrictions for localhost and your
You may wish to review
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/
More information about the questions