ntp server configuration

**demian** · 03-04-2003, 10:21 AM

Hi everyone.

I'm trying to set up a time server for our LAN. I managed to sync the local server with an internet time server and now I want the clients in the LAN to use the local server for syncing.

The local server has IP 192.168.1.4 and in ntp.conf I've got the line

restrict default ignore
restrict 192.168.1.0 mask 255.255.255.0

On the client side doing an ntpdate 192.168.1.4 results in:

4 Mar 12:16:54 ntpdate[674]: no server suitable for synchronization found

Anybody got any ideas what I'm missing?

Cheers,
demian

**elovkoff** · 03-04-2003, 01:22 PM

So you say when you issue 'ntpq -p' you see that your box is synched with internet server and you see '*' in fornt of the internet server.....
The only thing I could think is that it is normal sometimes for NTP server to start servicing clients after 5-10 minutes delay after you start NTPD.
Can you post your ntp.conf?

**elovkoff** · 03-04-2003, 01:41 PM

Quick comment: I guest this is not the firewall issue, where 192 sergment is for DMZ and 10.0 segment is for LAN....

**demian** · 03-04-2003, 02:32 PM

[quote author=elovkoff link=board=4;threadid=6500;start=0#61256 date=1046787728]
So you say when you issue 'ntpq -p' you see that your box is synched with internet server and you see '*' in fornt of the internet server.....
The only thing I could think is that it is normal sometimes for NTP server to start servicing clients after 5-10 minutes delay after you start NTPD.
Can you post your ntp.conf?
[/quote]

Thanks for replying. The box on the LAN that's supposed to be the local time server (192.168.1.4) is synced with ntp1.ptb.de. That worked well enough. I can't give you the output of ntpq -p right now, as I'm not at work anymore. However, I know for sure the sync worked.

What I can't get to work is the clients in the LAN syncing with the local server. When I try ntpdate 192.168.1.4 from another box I get the error I quoted above. It's not a firewall issue either as the gateway allows traffic on any port (tcp and udp) for the 192.168.1.0/24 network.

From the How-Tos I read it seems to be sufficient to include the line

restrict 192.168.1.0 mask 255.255.255.0

in the server's ntp.conf file. I then want to sync the clients using ntpdate 192.168.1.4 in a cron job. However this command results in the "no server suitable for synchronization found" message.

**elovkoff** · 03-04-2003, 03:11 PM

Here are the assumtions that we make here:
1. It is not the firewall problem
2. ntpq -p shows correct synch status with * in front of the server (if you see offset 0 and jitters 4000 in ntpq -p output it means your ntp canot get time from external source)

Then the only thing left is problems with ntp.conf entries.
Try to use the following in ntp.conf:
- comment out server 127.127.1.0
- comment out fudge 127.127.1.0 stratum 10
- comment out default restrict ignore
- comment out any restrict statements
- restart ntpd

Tryu to see if it works now for clients. If it it works then I guess there is something with your restric statements.

**10Dedfish** · 03-04-2003, 03:33 PM

Could you use ethereal or tcpdump to verify whether the ntp server is actually trying to distribute the network time? Also, could you please verify that the asterix is indeed beside the network time server or the internet time server. Which ever one has the asterix is the master time server.
I dont know if I can help very much but I have had several issues with time sync in the past.

10Ded

**demian** · 03-06-2003, 09:29 AM

[quote author=elovkoff link=board=4;threadid=6500;start=0#61256 date=1046787728]
So you say when you issue 'ntpq -p' you see that your box is synched with internet server and you see '*' in fornt of the internet server.....[/quote]

Code:

ntpq -p:

     remote           refid      st t when poll reach   delay   offset  jitter
=====================================================
 ntp1.ptb.de     .PTB.            1 u   30  18h    1   20.664  -43.480   0.008
 ntp2.ptb.de     .PTB.            1 -   19  18h    1   16.817  -47.937   0.008

Hmmm. No asterix... However, the time definietely changed on my box. It was ten minutes off and adjusted when I started the ntpd.

One thing I don't understand: When ntpd is running on my box shouldn't it broadcast the time regardless of whether the server itself is sync'ed with an internet server? That's what seems to not happen: I can't run ntpdate on any other computer on the network. They don't find a server...

My ntp.conf file on the server:

Code:

# /etc/ntp.conf, configuration for ntpd

# ntpd will use syslog() if logfile is not defined
logfile /var/log/ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

server ptbtime1.ptb.de version 3 minpoll 16 maxpoll 17
server ptbtime2.ptb.de version 3 minpoll 16 maxpoll 17

#restrict default ignore
#restrict 192.168.1.0   mask 255.255.255.0
#restrict 127.0.0.1     mask 255.255.255.255

I tried it with the restrict lines (un)commented. No change.

**elovkoff** · 03-06-2003, 09:27 PM

Just wonder...were you able to do ntpdate -b from the server and request the time? If you're successfull 5 attempts out of 10, or not successfull at all then it cn be a hide NAT issue.