[ntp:questions] Re: ntp on linux (RH9) configuration problem
Andrew
andrew at arda.homeunix.net
Fri Dec 19 13:48:44 UTC 2003
Paolo Airaldi wrote:
>
> restrict default ignore
> restrict 127.0.0.1
> restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
> restrict ntp1.ien.it mask 255.255.255.255 nomodify notrap noquery
> server ntp1.ien.it
> restrict ntps.net4u.it mask 255.255.255.255 nomodify notrap noquery
> server ntps.net4u.it
> driftfile /etc/ntp/drift
> broadcastdelay 0.008
> authenticate yes
> keys /etc/ntp/keys
> statsdir /var/log/ntpstats
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
>
I thought the notrust flag told ntpd to refuse time service to clients
not using authentication. Are your client machines able to sync time
with your server?
The noquery flag encompasses the nomodify flag. If you use noquery, you
don't need nomodify.
You don't need to set a mask when specifying an individual machine. In
fact, I seem to recall trying to set a hostname in a restrict statement
and it didn't work. That's why I use the subnet of the public server
along with a mask in my setup. Maybe this is why you can't sync time to
public servers. It would also explain why removing 'restrict default
ignore' makes everything work. You can still use a hostname in the
server statement.
You don't see the authenticate option anymore in the documentation so I
think it's deprecated. You don't have any keys defined so you have
nothing to authenticate with anyway.
Andrew
More information about the questions
mailing list