List Info

Thread: NTP unable to set clock
NTP unable to set clock
country flaguser name
United Kingdom		 2007-06-22 05:41:06 
Hi I wonder if anyone can help me. I have just installed NTP
on our
Linux (Fedora) server but I can't get ntp to update the
system clock.
This is the error log:

[rootmail ~]# ntpd -q -d -l /root/ntp.log
addto_syslog: logging to file /root/ntp.log
ntpd 4.2.0a1.1196-r Thu May 11 09:19:35 EDT 2006 (1)
addto_syslog: logging to file /root/ntp.log

addto_syslog: ntpd 4.2.0a1.1196-r Thu May 11
09:19:35 EDT 2006 (1)

addto_syslog: precision = 3.000 usec

create_sockets(123)
bind() fd 3, family 2, port 123, addr 0.0.0.0, flags=8
addto_syslog: Listening on interface wildcard, 0.0.0.0#123

bind() fd 6, family 10, port 123, addr ::, flags=0
addto_syslog: Listening on interface wildcard, ::#123

bind() fd 7, family 2, port 123, addr 127.0.0.1, flags=0
addto_syslog: Listening on interface lo, 127.0.0.1#123

bind() fd 8, family 2, port 123, addr 192.168.33.179,
flags=8
addto_syslog: Listening on interface eth0,
192.168.33.179#123

init_io: maxactivefd 8
local_clock: time 0 clock 0.000000 offset 0.000000 freq
0.000 state 0
key_expire: at 0
peer_clear: at 0 assoc ID 35532 refid INIT
newpeer: 192.168.33.179->194.25.115.122 mode 3 vers 4
poll 6 10 flags
0x201 0x1 ttl 0 key 00000000
key_expire: at 0
peer_clear: at 0 assoc ID 35533 refid INIT
newpeer: 192.168.33.179->193.2.10.101 mode 3 vers 4 poll
6 10 flags
0x201 0x1 ttl 0 key 00000000
resolving 2.europe.pool.net.org
report_event: system event 'event_restart' (0x01) status
'sync_alarm,
sync_unspec, 1 event, event_unspec' (0xc010)
transmit: at 1 192.168.33.179->194.25.115.122 mode 3
auth_agekeys: at 1 keys 1 expired 0
timer: refresh ts 0
transmit: at 2 192.168.33.179->193.2.10.101 mode 3
transmit: at 3 192.168.33.179->194.25.115.122 mode 3
transmit: at 4 192.168.33.179->193.2.10.101 mode 3
transmit: at 5 192.168.33.179->194.25.115.122 mode 3
transmit: at 6 192.168.33.179->193.2.10.101 mode 3
transmit: at 7 192.168.33.179->194.25.115.122 mode 3
transmit: at 8 192.168.33.179->193.2.10.101 mode 3
transmit: at 9 192.168.33.179->194.25.115.122 mode 3
transmit: at 10 192.168.33.179->193.2.10.101 mode 3
transmit: at 11 192.168.33.179->194.25.115.122 mode 3
transmit: at 12 192.168.33.179->193.2.10.101 mode 3
transmit: at 13 192.168.33.179->194.25.115.122 mode 3
transmit: at 14 192.168.33.179->193.2.10.101 mode 3
transmit: at 15 192.168.33.179->194.25.115.122 mode 3
transmit: at 16 192.168.33.179->193.2.10.101 mode 3
addto_syslog: no reply; clock not set

This is the /etc/ntp.conf:

# Permit time synchronization with our time source, but do
not
# permit the source to query or modify the service on this
system.
#restrict default kod nomodify notrap nopeer noquery
restrict default ignore

# Permit all access over the loopback interface.  This
could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1

# -- CLIENT NETWORK -------
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# --- OUR TIMESERVERS -----
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/

join.html).
#server 0.fedora.pool.ntp.org
#server 1.fedora.pool.ntp.org
#server 2.fedora.pool.ntp.org
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.net.org

# --- NTP MULTICASTCLIENT ---
#multicastclient			# listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Undisciplined Local Clock. This is a fake driver intended
for backup
# and when no outside source of synchronized time is
available.
#server	127.127.1.0	# local clock
#fudge	127.127.1.0 stratum 10

# Drift file.  Put this in a directory which the daemon can
write to.
# No symbolic links allowed, either, since the daemon
updates the file
# by creating a temporary in the same directory and then
rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift

# Keys file.  If you want to diddle your server at run time,
make a
# keys file (mode 600 for sure) and define the key number to
be
# used for making requests.
keys /etc/ntp/keys

I'm able to ping europe.pool.ntp.org without any problems,
but I can't
traceroute to that address.

Thanks

Toby

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United States		 2007-06-22 06:25:11 
On 2007-06-22, toby <speedbird5918googlemail.com> wrote:

> Hi I wonder if anyone can help me. I have just
installed NTP on our
> Linux (Fedora) server but I can't get ntp to update the
system clock.

<snip>

> This is the /etc/ntp.conf:

Thanks for posting your ntp.conf; this makes it easier to
solve your
problem. There is no need, however, to include the comment
lines (i.e.
those beginning with '#').

> # Permit time synchronization with our time source, but
do not
> # permit the source to query or modify the service on
this system.
> #restrict default kod nomodify notrap nopeer noquery
> restrict default ignore

That restrict line is your problem. It tells ntpd to ignore
all NTP
packets from all addresses; this includes the NTP packets
from the
servers listed further on.

The short solution is to use "restrict default kod
nomodify notrap
nopeer noquery" instead of "restrict default
ignore".

A longer solution is to read
htt
p://support.ntp.org/Support/AccessRestrictions and
choose your own
default restriction based on your application

If you wish to consult the Distribution Documentation please
read:
ht
tp://www.ee.udel.edu/~mills/ntp/html/accopt.html

> # --- OUR TIMESERVERS -----
> server 0.europe.pool.ntp.org
> server 1.europe.pool.ntp.org
> server 2.europe.pool.net.org

Appending 'iburst' to these server lines will speed up the
initial
syncronization of ntpd from ~5 minutes to ~20 seconds.

> keys /etc/ntp/keys

You are not using symmetric keys anywhere in your ntp.conf,
so that
'keys ...' line does nothing for you.

-- 
Steve Kostecke <kosteckentp.org>
NTP Public Services Project - http://support.ntp.org/

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United States		 2007-06-22 06:58:37 
In addition to what Steve mentioned ...

toby <speedbird5918googlemail.com> wrote:

> # Permit all access over the loopback interface.  This
could
> # be tightened as well, but to do so would effect some
of
> # the administrative functions.
> #restrict 127.0.0.1

You probably want to uncomment that restrict.

> server 2.europe.pool.net.org

Typo: 2.europe.pool.ntp.org

-- 
Ronan Flood <usenetumbral.org.uk>

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United States		 2007-06-22 07:52:17 
toby wrote:
> Hi I wonder if anyone can help me. I have just
installed NTP on our
> Linux (Fedora) server but I can't get ntp to update the
system clock.
> This is the error log:
> 
> [rootmail ~]# ntpd -q -d -l /root/ntp.log
> addto_syslog: logging to file /root/ntp.log
> ntpd 4.2.0a1.1196-r Thu May 11 09:19:35 EDT 2006 (1)
> addto_syslog: logging to file /root/ntp.log
> 
> addto_syslog: ntpd 4.2.0a1.1196-r Thu May 11
09:19:35 EDT 2006 (1)
> 
> addto_syslog: precision = 3.000 usec
> 
> create_sockets(123)
> bind() fd 3, family 2, port 123, addr 0.0.0.0, flags=8
> addto_syslog: Listening on interface wildcard,
0.0.0.0#123
> 
> bind() fd 6, family 10, port 123, addr ::, flags=0
> addto_syslog: Listening on interface wildcard, ::#123
> 
> bind() fd 7, family 2, port 123, addr 127.0.0.1,
flags=0
> addto_syslog: Listening on interface lo, 127.0.0.1#123
> 
> bind() fd 8, family 2, port 123, addr 192.168.33.179,
flags=8
> addto_syslog: Listening on interface eth0,
192.168.33.179#123
> 
> init_io: maxactivefd 8
> local_clock: time 0 clock 0.000000 offset 0.000000 freq
0.000 state 0
> key_expire: at 0
> peer_clear: at 0 assoc ID 35532 refid INIT
> newpeer: 192.168.33.179->194.25.115.122 mode 3 vers
4 poll 6 10 flags
> 0x201 0x1 ttl 0 key 00000000
> key_expire: at 0
> peer_clear: at 0 assoc ID 35533 refid INIT
> newpeer: 192.168.33.179->193.2.10.101 mode 3 vers 4
poll 6 10 flags
> 0x201 0x1 ttl 0 key 00000000
> resolving 2.europe.pool.net.org
> report_event: system event 'event_restart' (0x01)
status 'sync_alarm,
> sync_unspec, 1 event, event_unspec' (0xc010)
> transmit: at 1 192.168.33.179->194.25.115.122 mode
3
> auth_agekeys: at 1 keys 1 expired 0
> timer: refresh ts 0
> transmit: at 2 192.168.33.179->193.2.10.101 mode 3
> transmit: at 3 192.168.33.179->194.25.115.122 mode
3
> transmit: at 4 192.168.33.179->193.2.10.101 mode 3
> transmit: at 5 192.168.33.179->194.25.115.122 mode
3
> transmit: at 6 192.168.33.179->193.2.10.101 mode 3
> transmit: at 7 192.168.33.179->194.25.115.122 mode
3
> transmit: at 8 192.168.33.179->193.2.10.101 mode 3
> transmit: at 9 192.168.33.179->194.25.115.122 mode
3
> transmit: at 10 192.168.33.179->193.2.10.101 mode 3
> transmit: at 11 192.168.33.179->194.25.115.122 mode
3
> transmit: at 12 192.168.33.179->193.2.10.101 mode 3
> transmit: at 13 192.168.33.179->194.25.115.122 mode
3
> transmit: at 14 192.168.33.179->193.2.10.101 mode 3
> transmit: at 15 192.168.33.179->194.25.115.122 mode
3
> transmit: at 16 192.168.33.179->193.2.10.101 mode 3
> addto_syslog: no reply; clock not set
> 
> This is the /etc/ntp.conf:
> 
> # Permit time synchronization with our time source, but
do not
> # permit the source to query or modify the service on
this system.
> #restrict default kod nomodify notrap nopeer noquery
> restrict default ignore
> 
> # Permit all access over the loopback interface.  This
could
> # be tightened as well, but to do so would effect some
of
> # the administrative functions.
> #restrict 127.0.0.1
> 
> # -- CLIENT NETWORK -------
> # restrict 192.168.1.0 mask 255.255.255.0 nomodify
notrap
> 
> # --- OUR TIMESERVERS -----
> # Use public servers from the pool.ntp.org project.
> # Please consider joining the pool (http://www.pool.ntp.org/

> join.html).
> #server 0.fedora.pool.ntp.org
> #server 1.fedora.pool.ntp.org
> #server 2.fedora.pool.ntp.org
> server 0.europe.pool.ntp.org
> server 1.europe.pool.ntp.org
> server 2.europe.pool.net.org
> 
> # --- NTP MULTICASTCLIENT ---
> #multicastclient			# listen on default 224.0.1.1
> # restrict 224.0.1.1 mask 255.255.255.255 nomodify
notrap
> # restrict 192.168.1.0 mask 255.255.255.0 nomodify
notrap
> 
> # Undisciplined Local Clock. This is a fake driver
intended for backup
> # and when no outside source of synchronized time is
available.
> #server	127.127.1.0	# local clock
> #fudge	127.127.1.0 stratum 10
> 
> # Drift file.  Put this in a directory which the daemon
can write to.
> # No symbolic links allowed, either, since the daemon
updates the file
> # by creating a temporary in the same directory and
then rename()'ing
> # it to the file.
> driftfile /var/lib/ntp/drift
> 
> # Keys file.  If you want to diddle your server at run
time, make a
> # keys file (mode 600 for sure) and define the key
number to be
> # used for making requests.
> keys /etc/ntp/keys
> 
> I'm able to ping europe.pool.ntp.org without any
problems, but I can't
> traceroute to that address.
> 
> Thanks
> 
> Toby
> 

Lose the restrict statements!

There is no way that you can unrestrict the pool servers!!!!
 To 
unrestrict a server you must know its numeric IP address but
the pool 
servers are assigned dynamically!

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United States		 2007-06-22 08:02:38 
On 2007-06-22, Richard B. Gilbert <rgilbert88comcast.net> wrote:

> toby wrote:
>
>> [---=| Quote block shrinked by t-prot: 103 lines
snipped |=---]
>
> Lose the restrict statements!

Trim the quoted material in your article!

-- 
Steve Kostecke <kosteckentp.org>
NTP Public Services Project - http://support.ntp.org/

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United Kingdom		 2007-06-23 07:02:58 
Thanks for your help, I have tried changing the restrict
statements
but I still get the same error. Here is the new conf file,
without
comments 

restrict default kod nomodify notrap nopeer noquery

restrict 127.0.0.1

server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburst

driftfile /var/lib/ntp/drift

and again, here is the log:

[rootmail ~]# ntpd -d -q
ntpd 4.2.0a1.1196-r Thu May 11 09:19:35 EDT 2006 (1)
addto_syslog: ntpd 4.2.0a1.1196-r Thu May 11
09:19:35 EDT 2006 (1)
addto_syslog: precision = 3.000 usec
create_sockets(123)
bind() fd 4, family 2, port 123, addr 0.0.0.0, flags=8
addto_syslog: Listening on interface wildcard, 0.0.0.0#123
bind() fd 5, family 10, port 123, addr ::, flags=0
addto_syslog: Listening on interface wildcard, ::#123
bind() fd 6, family 2, port 123, addr 127.0.0.1, flags=0
addto_syslog: Listening on interface lo, 127.0.0.1#123
bind() fd 7, family 2, port 123, addr 192.168.33.179,
flags=8
addto_syslog: Listening on interface eth0,
192.168.33.179#123
init_io: maxactivefd 7
local_clock: time 0 clock 0.000000 offset 0.000000 freq
0.000 state 0
key_expire: at 0
peer_clear: at 0 assoc ID 30868 refid INIT
newpeer: 192.168.33.179->192.87.106.3 mode 3 vers 4 poll
6 10 flags
0x201 0x1 ttl 0 key 00000000
key_expire: at 0
peer_clear: at 0 assoc ID 30869 refid INIT
newpeer: 192.168.33.179->193.218.127.251 mode 3 vers 4
poll 6 10 flags
0x201 0x1 ttl 0 key 00000000
key_expire: at 0
peer_clear: at 0 assoc ID 30870 refid INIT
newpeer: 192.168.33.179->193.226.140.53 mode 3 vers 4
poll 6 10 flags
0x201 0x1 ttl 0 key 00000000
report_event: system event 'event_restart' (0x01) status
'sync_alarm,
sync_unspec, 1 event, event_unspec' (0xc010)
transmit: at 1 192.168.33.179->192.87.106.3 mode 3
auth_agekeys: at 1 keys 1 expired 0
timer: refresh ts 0
transmit: at 2 192.168.33.179->193.218.127.251 mode 3
transmit: at 3 192.168.33.179->193.226.140.53 mode 3
transmit: at 3 192.168.33.179->192.87.106.3 mode 3
transmit: at 4 192.168.33.179->193.218.127.251 mode 3
transmit: at 5 192.168.33.179->193.226.140.53 mode 3
transmit: at 5 192.168.33.179->192.87.106.3 mode 3
transmit: at 6 192.168.33.179->193.218.127.251 mode 3
transmit: at 7 192.168.33.179->193.226.140.53 mode 3
transmit: at 7 192.168.33.179->192.87.106.3 mode 3
transmit: at 8 192.168.33.179->193.218.127.251 mode 3
transmit: at 9 192.168.33.179->193.226.140.53 mode 3
transmit: at 9 192.168.33.179->192.87.106.3 mode 3
transmit: at 10 192.168.33.179->193.218.127.251 mode 3
transmit: at 11 192.168.33.179->193.226.140.53 mode 3
transmit: at 11 192.168.33.179->192.87.106.3 mode 3
transmit: at 12 192.168.33.179->193.218.127.251 mode 3
transmit: at 13 192.168.33.179->193.226.140.53 mode 3
transmit: at 13 192.168.33.179->192.87.106.3 mode 3
transmit: at 14 192.168.33.179->193.218.127.251 mode 3
transmit: at 15 192.168.33.179->193.226.140.53 mode 3
transmit: at 15 192.168.33.179->192.87.106.3 mode 3
transmit: at 16 192.168.33.179->193.218.127.251 mode 3
transmit: at 17 192.168.33.179->193.226.140.53 mode 3
addto_syslog: no reply; clock not set

Any more suggestions?

Thaks

Toby


_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United States		 2007-06-23 08:50:15 
toby wrote:
> Thanks for your help, I have tried changing the
restrict statements
> but I still get the same error. Here is the new conf
file, without
> comments 
> 
> restrict default kod nomodify notrap nopeer noquery
> 
> restrict 127.0.0.1
> 
> server 0.europe.pool.ntp.org iburst
> server 1.europe.pool.ntp.org iburst
> server 2.europe.pool.ntp.org iburst
> 
> driftfile /var/lib/ntp/drift
> 
<snip>

Remove ALL the restrict statements.  ALL!

When and if you get it working THEN try playing with
restrict!

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United States		 2007-06-23 08:56:22 
On 2007-06-23, toby <speedbird5918googlemail.com> wrote:

> Thanks for your help, I have tried changing the
restrict statements
> but I still get the same error.

<snip: 'sort -u -k 5' to eliminate duplicate lines>

> transmit: at 3 192.168.33.179->192.87.106.3 mode 3
> transmit: at 2 192.168.33.179->193.218.127.251 mode
3
> transmit: at 3 192.168.33.179->193.226.140.53 mode
3

You should be receiving packets from these IP addresses.

It appears that something is blocking incoming packets on
port 123/UDP.

It make be a local firewall. Or it may be an upstream
firewall (e.g.
your ISP).

-- 
Steve Kostecke <kosteckentp.org>
NTP Public Services Project - http://support.ntp.org/

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United States		 2007-06-23 09:08:49 
On 2007-06-23, Richard B. Gilbert <rgilbert88comcast.net> wrote:

> toby wrote:
>
>> Thanks for your help, I have tried changing the
restrict statements
>> but I still get the same error. Here is the new
conf file, without
>> comments 
>>
>> restrict default kod nomodify notrap nopeer
noquery
>> restrict 127.0.0.1
>
> Remove ALL the restrict statements.  ALL!
>
> When and if you get it working THEN try playing with
restrict!

If you understood restrictions, which you obviously don't,
you would
know that "restrict default kod nomodify notrap nopeer
noquery" allows
time service.

-- 
Steve Kostecke <kosteckentp.org>
NTP Public Services Project - http://support.ntp.org/

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
Re: NTP unable to set clock
country flaguser name
United Kingdom		 2007-06-23 09:55:51 
On Jun 23, 2:56 pm, Steve Kostecke <koste...ntp.isc.org> wrote:
> On 2007-06-23, toby <speedbird5...googlemail.com> wrote:
>
> > Thanks for your help, I have tried changing the
restrict statements
> > but I still get the same error.
>
> <snip: 'sort -u -k 5' to eliminate duplicate
lines>
>
> > transmit: at 3 192.168.33.179->192.87.106.3
mode 3
> > transmit: at 2 192.168.33.179->193.218.127.251
mode 3
> > transmit: at 3 192.168.33.179->193.226.140.53
mode 3
>
> You should be receiving packets from these IP
addresses.
>
> It appears that something is blocking incoming packets
on port 123/UDP.
>
> It make be a local firewall. Or it may be an upstream
firewall (e.g.
> your ISP).
>
> --
> Steve Kostecke <koste...ntp.org>
> NTP Public Services Project -http://support.ntp.org/

Thanks Steve,

I think the problem must lie with a firewall at our ISP,
I'll have a
word with them about it

Thanks again

Toby

_______________________________________________
questions mailing list
questionslists.ntp.isc.org

https://lists.ntp.isc.org/mailman/listinfo/questions
[1-10]

about | contact  Other archives ( Real Estate discussion Medical topics )