[ntp:questions] Re: ntp on linux (RH9) configuration problem

Andrew andrew at arda.homeunix.net
Fri Dec 19 13:48:44 UTC 2003



Paolo Airaldi wrote:

> 
> restrict default ignore
> restrict 127.0.0.1
> restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
> restrict ntp1.ien.it mask 255.255.255.255 nomodify notrap noquery
> server ntp1.ien.it
> restrict ntps.net4u.it mask 255.255.255.255 nomodify notrap noquery
> server ntps.net4u.it
> driftfile /etc/ntp/drift
> broadcastdelay  0.008
> authenticate yes
> keys            /etc/ntp/keys
> statsdir /var/log/ntpstats
> statistics loopstats peerstats clockstats
> filegen loopstats file loopstats type day enable
> filegen peerstats file peerstats type day enable
> filegen clockstats file clockstats type day enable
> 

I thought the notrust flag told ntpd to refuse time service to clients 
not using authentication. Are your client machines able to sync time 
with your server?

The noquery flag encompasses the nomodify flag. If you use noquery, you 
don't need nomodify.

You don't need to set a mask when specifying an individual machine. In 
fact, I seem to recall trying to set a hostname in a restrict statement 
and it didn't work. That's why I use the subnet of the public server 
along with a mask in my setup. Maybe this is why you can't sync time to 
public servers. It would also explain why removing 'restrict default 
ignore' makes everything work. You can still use a hostname in the 
server statement.

You don't see the authenticate option anymore in the documentation so I 
think it's deprecated. You don't have any keys defined so you have 
nothing to authenticate with anyway.

Andrew




More information about the questions mailing list