[ntp:questions] Synchronizing Linux clients with Windows Server 2003 NTP

george_joby kottayamachayen at gmail.com
Thu Jan 18 17:59:54 UTC 2007


Also the ntpq association show reject in condition

ntpq> associations

ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 41148  9014   yes   yes  none    reject   reachable  1
  2 41149  9614   yes   yes  none  sys.peer   reachable  1

Thanks
George

george_joby wrote:
> Our requirement is all our linux and nonstop systems synchronise to the
> Windows 2003 server. We do not want Windows to syncronise with an
> external clock and it should just synchronise with its internal clock.
>
> So what I am doing is just configuring with a client (Redhat Linux) and
> server (windows 2003) to check whether Linux gets synchronise with
> Windows server and that is not happening. Our customer need this setup.
>
> If i see the ntpq -pn in Linux it will show the correct offset and also
> ntpdate works fine. But Linux not ready to synchronise with Server.
>
> [root at txnaslload03 ~]# ntpq -pn
>      remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
>  16.74.32.162    .LOCL.           1 u  967 1024  377    0.355  -180.34
>  5.407
>
> Thanks
> George
>
> Ry wrote:
> > Richard B. Gilbert wrote:
> >
> > > Isn't port 123 UDP inbound required as well?
> >
> > Not on a stateful firewall, which are the most common type these days.
> > In most firewall configuration tools, "allow UDP port 123 outbound"
> > means that when a outbound packet is sent, the firewall will remember
> > seeing it (that's the *stateful* part) allow a return UDP packet(s)
> > from the destination IP and source port for a few seconds before
> > closing things off again.
> >
> > This assumes all he is doing is configuring his NTP to act as a client
> > to an internet-based NTP server. If he is going to be using
> > symmetric/active or another mode, that's going to require allowing UDP
> > port 123 inbound. But it doesn't seem to me that he would need to do
> > anything like that.




More information about the questions mailing list