Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Time synchronization with ntp daemon.
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3, 4, 5  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
kortec
n00b
n00b


Joined: 20 Dec 2004
Posts: 68

PostPosted: Sun May 01, 2005 6:42 pm    Post subject: Reply with quote

i just finished setting up the whole NTP sub system on my box (AMD64, 2005.0 profile, with in a few days of totally up to date) but i was wondering something that hopefully someone will have the answer for. With the current ebuild, i get ntp-client and ntpd in /etc/init.d/ .. it seems to me that ntpd would turn my box in to a server, like if i wanted to set the time for my LAN, which i'm not particularly interested in doing. So can i get away with just running ntp-client on boot to sync and not have ntpd run at all?
Back to top
View user's profile Send private message
danorris
Tux's lil' helper
Tux's lil' helper


Joined: 04 Dec 2004
Posts: 108

PostPosted: Sun May 01, 2005 8:34 pm    Post subject: Reply with quote

I was originally confused by this, too.

ntp-client queries the public servers to get the current time, and then sets your system clock to that time. This happens instantaneously, so your clock "jumps" to the correct time. And it only does this once, when you run /etc/init.d/ntp-client start (which normally happens at boot).

ntpd keeps a running tally of the public servers' time. If your local clock drifts out of sync for any reason, it sill "slew" your clock toward the correct time. Unlike ntp-client, this is done smoothly; there are no instantaneous clock jumps, which is generally a good thing. Also, ntpd does this continuously, keeping your system clock locked with the correct time as long as ntpd is running. ntpd can also act as a time server for other machines, but it doesn't have to -- this is what the "restrict 127.0.0.1" line at the top of /etc/ntp.conf does, meaning the local machine is the only one that can access the "server".

So the bottom line is, you probably want them both. Just make sure you have "restrict 127.0.0.1" in your /etc/ntp.conf. You CAN do without ntpd if you really want to, but then your clock might drift out of sync if you start accumulating lots of uptime. ntpd won't hurt anything and will make sure you're always in sync, not just in sync at boot.
Back to top
View user's profile Send private message
kortec
n00b
n00b


Joined: 20 Dec 2004
Posts: 68

PostPosted: Wed May 04, 2005 1:36 pm    Post subject: Reply with quote

ah. makes perfect sense... thanks very much. =)
Back to top
View user's profile Send private message
scharkalvin
Guru
Guru


Joined: 31 Jan 2004
Posts: 331
Location: south florida

PostPosted: Fri Jun 17, 2005 3:23 pm    Post subject: Reply with quote

I've looked though this thread, but I don't think I
see an answer to my problem.

My pc is behind a firewall that ONLY allows access to the
internet via a proxy on port 8080 (http)
(I have to specify my user name, password, and IP address of the
proxy)
I can use wget and web browsers to use the proxy,
can I somehow configure an ntp client to do so?
(how?)
Back to top
View user's profile Send private message
danorris
Tux's lil' helper
Tux's lil' helper


Joined: 04 Dec 2004
Posts: 108

PostPosted: Fri Jun 17, 2005 4:08 pm    Post subject: Reply with quote

I don't think it's really possible to run NTP over a proxy. Standard proxies don't handle UDP at all. There are some UDP proxies out there (see Google), but your network administrator would have to install them. And I think even doing that is iffy -- you'd be introducing extra, fake latency, and it might throw off the NTP algorithms. They're pretty robust, and very stable against normal network issues, but NTP just was not designed to be proxied.

This is why proxies are evil. The best solution is to ask your network administrators to open TCP and UDP on port 123. If they won't do that, then they should be willing to run a master NTP server on the intranet and allow you to synchronize against that server from inside the private net. If they won't do that either, then they're just as evil as proxies. I work behind one of the strictest, lamest firewalls ever (at an Army Corps of Engineers facility) and even they allow outbound NTP.
Back to top
View user's profile Send private message
scharkalvin
Guru
Guru


Joined: 31 Jan 2004
Posts: 331
Location: south florida

PostPosted: Sat Jun 18, 2005 1:23 pm    Post subject: Reply with quote

Actually we MAY have an internal NTP server. Our desktop computers
are windows xp, but our servers run RHEL (actually whitebox ...) and
I think our computers get time synchronized to the server. (Does
a 'nix ntp server work with windows clients or does it have to
go through samba first?) Anyway that would probably be my
best bet. Have to ask the server guru for the internal ip address
of the server's ntp daemon.
Back to top
View user's profile Send private message
platojones
Veteran
Veteran


Joined: 23 Oct 2002
Posts: 1595
Location: Just over the horizon

PostPosted: Sat Jun 18, 2005 2:40 pm    Post subject: Reply with quote

Quote:

I think our computers get time synchronized to the server. (Does
a 'nix ntp server work with windows clients or does it have to
go through samba first?)

Yes it does. My I have a dual-boot XP/Gentoo box hooked to my Gentoo gateway box which runs an ntpd client/server. The XP box ntp client has no problems sync'ing with the ntp server on my Gentoo gateway box. Samba is not necessary and in fact has no role to play at all.
Back to top
View user's profile Send private message
danorris
Tux's lil' helper
Tux's lil' helper


Joined: 04 Dec 2004
Posts: 108

PostPosted: Sat Jun 18, 2005 3:15 pm    Post subject: Reply with quote

Correct, NTP is an Internet standard (RFC 958). It's one of the few things Microsoft has not "innovated" to the point of incompatibility. So you should be fine ;-)
Back to top
View user's profile Send private message
mightybyte
n00b
n00b


Joined: 27 Jun 2005
Posts: 7

PostPosted: Mon Jun 27, 2005 6:32 pm    Post subject: IPTables Rules Reply with quote

I used the Gentoo Home Router Guide to configure my router/firewall and ntp. Due to ignorance of iptables, I was not able to get ntp working until I found the following in this thread.

Garth wrote:

So, without further ado, a few rules from my iptables script:
Code:
# NTP section
# eth0 is local network, eth1 is internet
# Allow questions to be asked to the time server from the local network.
iptables -A INPUT -i eth0 -p udp --dport ntp --sport ntp -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport ntp --sport ntp -j ACCEPT

# Disallow requests asking questions from the internet.
iptables -A INPUT -i eth1 -p udp --dport ntp --sport ntp -m state --state NEW -j DROP
# Allow questions to be asked to to the internet time servers.
iptables -A INPUT -i eth1 -p udp --dport ntp --sport ntp -j ACCEPT
iptables -A OUTPUT -o eth1 -p udp --dport ntp --sport ntp -j ACCEPT



I would like to suggest that these rules be put somewhere in the Home Router Guide so that other people who might not be familiar with iptables can get ntp working. The guide does say that you have to open the port for ntp, but it does not tell how to do so. This addition would be very helpful.
Back to top
View user's profile Send private message
sarnold
Developer
Developer


Joined: 28 Nov 2002
Posts: 115
Location: California

PostPosted: Mon Jul 04, 2005 6:22 pm    Post subject: almost... Reply with quote

danorris wrote:

[snip]

So the bottom line is, you probably want them both. Just make sure you have "restrict 127.0.0.1" in your /etc/ntp.conf. You CAN do without ntpd if you really want to, but then your clock might drift out of sync if you start accumulating lots of uptime. ntpd won't hurt anything and will make sure you're always in sync, not just in sync at boot.


Not exactly; the ntpd daemon does more than just "keep a running tally" of server time; the drift file is specific to your machine's hardware clock, so it would be much more desirable to use ntpd (and not ntp_client) and enable the hardware clock option in /etc/conf.d/clock (set CLOCK_SYSTOHC="yes"). This should provide the most stable time for a system that shuts down regularly, as well as one that runs for long periods.

To set a system clock initially, or after something like a battery replacement, either set your BIOS clock manually to the correct time (most likely GMT) or run ntp-client once to set the clock after boot up (however, the latter will cause a jump in the times in log files and file time-stamps; a forward jump isn't as a bad as a large backward jump). About the only reason to even do that much is because if the time is off by more than a certain amount (nominally 1000 seconds) when ntpd starts, it will just die.

So, most people will want to 1) set the clock once, either manually or with ntp-client, and 2) after that run only ntpd (and not ntp-client) on most machines. The only alternative that makes sense is to use ntp-client at each boot and let the system clock run free while the system is running, but this introduces varying degrees of time jumps in the logs and filesystem, depending on how long the machine is powered off and how bad the hardware clock itself drifts. This just doesn't seem like a very good alternative to me, but it may suffice for some people. And using both ntp-client and ntpd together is sort of the worst of both worlds...
Back to top
View user's profile Send private message
Bigun
Advocate
Advocate


Joined: 21 Sep 2003
Posts: 2153

PostPosted: Fri Jul 08, 2005 7:16 pm    Post subject: Reply with quote

*bookmarked*
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim
Back to top
View user's profile Send private message
hayalci
n00b
n00b


Joined: 18 Jul 2004
Posts: 44

PostPosted: Fri Sep 16, 2005 12:07 pm    Post subject: Re: IPTables Rules Reply with quote

I have spent *LOTS* of time reading ntp documentation and gentoo forums. I think it should be written in all capitals somewhere. Probably here.

NTP NEEDS OUTGOING UDP NTP PORT(123) OPENED ON YOUR FIREWALL, which sits between you and the ntp server and blocks all your sync requests, making you look at the "ntpq -p" outputs saying refid as .INIT. like this
Code:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
20six.fr        .INIT.          16 u    -  128    0    0.000    0.000 4000.00


I should go and have our port 123/udp opened on the firewall.

mightybyte wrote:
I used the Gentoo Home Router Guide to configure my router/firewall and ntp. Due to ignorance of iptables, I was not able to get ntp working until I found the following in this thread.

Garth wrote:

So, without further ado, a few rules from my iptables script:
Code:
# NTP section
# eth0 is local network, eth1 is internet
# Allow questions to be asked to the time server from the local network.
iptables -A INPUT -i eth0 -p udp --dport ntp --sport ntp -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp --dport ntp --sport ntp -j ACCEPT

# Disallow requests asking questions from the internet.
iptables -A INPUT -i eth1 -p udp --dport ntp --sport ntp -m state --state NEW -j DROP
# Allow questions to be asked to to the internet time servers.
iptables -A INPUT -i eth1 -p udp --dport ntp --sport ntp -j ACCEPT
iptables -A OUTPUT -o eth1 -p udp --dport ntp --sport ntp -j ACCEPT



I would like to suggest that these rules be put somewhere in the Home Router Guide so that other people who might not be familiar with iptables can get ntp working. The guide does say that you have to open the port for ntp, but it does not tell how to do so. This addition would be very helpful.
Back to top
View user's profile Send private message
hayalci
n00b
n00b


Joined: 18 Jul 2004
Posts: 44

PostPosted: Sat Oct 08, 2005 9:51 pm    Post subject: Reply with quote

The most painless solution is openntpd.
I wanted to sync my servers' time because their clock was not reliable (old hardware :wink: ), and I did not have to cope with net-misc/ntp configuration or firewall ports. And no need to serve time (only two machines)

openntpd solves it all, works behind a firewall.

Easy steps:
1. If you want to keep net-misc/ntp along with openntp, add the following line to /etc/portage/package.use an reemerge, openntp should be installed along.
Code:
net-misc/ntp openntpd

Otherwise unmerge net-misc/ntp and emerge net-misc/openntpd

2. etc-update or dispatch-conf, update init script and config file

3. "usermod -d /var/empty ntp", bacues openntpd looks at the ntp user's home directory.

4. /etc/init.d/ntpd start

And here you go, syncing your clock, all in 3 minutes. :D

You may have a look at /etc/ntpd.conf and change servers there. Try to use servers that are close to you, and have low network latency.
Back to top
View user's profile Send private message
the_enigma
Apprentice
Apprentice


Joined: 23 Aug 2004
Posts: 210
Location: Brisbane, Aus

PostPosted: Sun Nov 06, 2005 1:29 pm    Post subject: Reply with quote

I was just curious as to how long ntp (regular, not openntpd) would take before it started taking some action. I did have openntpd set up, but it didn't like the drift on my machine (60-90 seconds over 3 minutes, somehow 8O ). Currently, my ntp server for the network is still synchronising, stratum 16 and all that. It's got as its server a stratum-2 from a nearby university. Also my laptop is synching to the same server. Below is the output from 'ntpq -c pe'. "games" is my local server that is still synchronising at this point.
Code:
delta ntp # ntpq -c pe
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 games           .INIT.          16 u   10   64    0    0.000    0.000 4000.00
*b.pool.ntp.uq.e 130.102.152.7    2 u   14   64  377   19.665   66.735   4.843

Anyway, the "offset" has gone up by 6 (so 6ms I assume) in about 5 minutes. Does this mean my clock is slowly getting worse off? Is it just because ntp has to ensure it is synchronised before playing with stuff?
My ntp server, "games", is doing the same thing too.
Although, what does that asterisk mean next to the "b.pool.ntp.uq.e". That is only present on this laptop.

And also, when does a drift file get created/used. I assume this'll take a while to show up, as it calculates drift. I just want to make sure this all works
Anyway, there are some initial questions. I'm actually gonna get some shut-eye now, and then it's exam time tomorrow, so I'll be back in approximately 12-14 hours.


Edit: Ok, I just woke up. Stuff seems to be going good now. My own server has synchronised, and so has my laptop. My desktop, however, is different. It had the crazy clock drift, and is now ~368617ms off. That's about 6 minutes, roughly. This happened over about 7-8 hours I think. Originally it was only <1000ms off. Any ideas? My config for this PC is below:

Code:
enigma@enigmas /etc $ cat ntp.conf | grep -v '#'
server          games prefer
server          au.pool.ntp.org
driftfile       /var/lib/ntp/ntp.drift
logfile         /var/log/ntp/ntp.log
restrict default nomodify
restrict 127.0.0.1

Now this is exactly the same code that is in the config on the laptop too, which has synched successfully.
Back to top
View user's profile Send private message
the_enigma
Apprentice
Apprentice


Joined: 23 Aug 2004
Posts: 210
Location: Brisbane, Aus

PostPosted: Mon Nov 07, 2005 2:50 am    Post subject: Reply with quote

Bumping to hopefully get a response.
My machine which has crazy drift is still not being synced. I get the following after running ntpd for a few hours
Code:
enigma@enigmas ~ $ ntpq -c pe
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 games           130.102.2.123    3 u   29   64  377    0.172  -271096 4387.34
 cazza.aceonline 203.12.160.2     3 u   43   64  377   85.228  -269772 3487.90
enigma@enigmas ~ $

The offset just keeps increasing and increasing.
The config for this particular machine is as follows
Code:
enigma@enigmas /etc $ cat ntp.conf | grep -v '#'
server          192.168.0.20 prefer
server          au.pool.ntp.org
driftfile       /var/lib/ntp/ntp.drift
logfile         /var/log/ntp/ntp.log
restrict default nomodify
restrict 127.0.0.1
enigma@enigmas /etc $

Everything seems to work. Here's a chunk of output from "ntpd -n -d -d"
Code:
clock_filter: n 8 off -263.074389 del 0.085514 dsp 0.003012 jit 2.332493, age 257
auth_agekeys: at 21300 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=192.168.0.20, src=192.168.0.17, ttl=0, len=48)
transmit: at 21306 192.168.0.17->192.168.0.20 mode 3
poll_update: at 21306 192.168.0.20 flags 0081 poll 6 burst 0 last 21306 next 21371
receive: at 21306 192.168.0.17<-192.168.0.20 restrict 080
receive: at 21306 192.168.0.17<-192.168.0.20 mode 4 code 1
poll_update: at 21306 192.168.0.20 flags 0081 poll 6 burst 0 last 21306 next 21372
clock_filter: n 8 off -263.294801 del 0.000170 dsp 0.003381 jit 2.336228, age 254
        MCAST   *****sendpkt(fd=6 dst=202.0.185.154, src=192.168.0.17, ttl=0, len=48)
transmit: at 21353 192.168.0.17->202.0.185.154 mode 3
poll_update: at 21353 202.0.185.154 flags 0001 poll 6 burst 0 last 21353 next 21418
receive: at 21353 192.168.0.17<-202.0.185.154 restrict 080
receive: at 21353 192.168.0.17<-202.0.185.154 mode 4 code 1
poll_update: at 21353 202.0.185.154 flags 0001 poll 6 burst 0 last 21353 next 21418
clock_filter: n 8 off -263.074389 del 0.085514 dsp 0.003653 jit 2.363686, age 321
auth_agekeys: at 21360 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=192.168.0.20, src=192.168.0.17, ttl=0, len=48)
transmit: at 21372 192.168.0.17->192.168.0.20 mode 3
poll_update: at 21372 192.168.0.20 flags 0081 poll 6 burst 0 last 21372 next 21438
receive: at 21372 192.168.0.17<-192.168.0.20 restrict 080
receive: at 21372 192.168.0.17<-192.168.0.20 mode 4 code 1
poll_update: at 21372 192.168.0.20 flags 0081 poll 6 burst 0 last 21372 next 21435
clock_filter: n 8 off -263.294801 del 0.000170 dsp 0.004020 jit 2.385102, age 320
        MCAST   *****sendpkt(fd=6 dst=202.0.185.154, src=192.168.0.17, ttl=0, len=48)
transmit: at 21418 192.168.0.17->202.0.185.154 mode 3
poll_update: at 21418 202.0.185.154 flags 0001 poll 6 burst 0 last 21418 next 21483
receive: at 21418 192.168.0.17<-202.0.185.154 restrict 080
receive: at 21418 192.168.0.17<-202.0.185.154 mode 4 code 1
poll_update: at 21418 202.0.185.154 flags 0001 poll 6 burst 0 last 21418 next 21482
clock_filter: n 8 off -263.074389 del 0.085514 dsp 0.004293 jit 2.775450, age 386
auth_agekeys: at 21420 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=192.168.0.20, src=192.168.0.17, ttl=0, len=48)
transmit: at 21435 192.168.0.17->192.168.0.20 mode 3
poll_update: at 21435 192.168.0.20 flags 0081 poll 6 burst 0 last 21435 next 21500
receive: at 21435 192.168.0.17<-192.168.0.20 restrict 080
receive: at 21435 192.168.0.17<-192.168.0.20 mode 4 code 1
poll_update: at 21435 192.168.0.20 flags 0081 poll 6 burst 0 last 21435 next 21500
clock_filter: n 8 off -263.294801 del 0.000170 dsp 0.003601 jit 2.809811, age 383
auth_agekeys: at 21480 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=202.0.185.154, src=192.168.0.17, ttl=0, len=48)
transmit: at 21482 192.168.0.17->202.0.185.154 mode 3
poll_update: at 21482 202.0.185.154 flags 0001 poll 6 burst 0 last 21482 next 21545
receive: at 21482 192.168.0.17<-202.0.185.154 restrict 080
receive: at 21482 192.168.0.17<-202.0.185.154 mode 4 code 1
poll_update: at 21482 202.0.185.154 flags 0001 poll 6 burst 0 last 21482 next 21548
clock_filter: n 8 off -263.074389 del 0.085514 dsp 0.005189 jit 3.462808, age 450
        MCAST   *****sendpkt(fd=6 dst=192.168.0.20, src=192.168.0.17, ttl=0, len=48)
transmit: at 21500 192.168.0.17->192.168.0.20 mode 3
poll_update: at 21500 192.168.0.20 flags 0081 poll 6 burst 0 last 21500 next 21565
receive: at 21500 192.168.0.17<-192.168.0.20 restrict 080
receive: at 21500 192.168.0.17<-192.168.0.20 mode 4 code 1
poll_update: at 21500 192.168.0.20 flags 0081 poll 6 burst 0 last 21500 next 21563
clock_filter: n 8 off -263.294801 del 0.000170 dsp 0.003607 jit 3.497038, age 448
auth_agekeys: at 21540 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=202.0.185.154, src=192.168.0.17, ttl=0, len=48)
transmit: at 21548 192.168.0.17->202.0.185.154 mode 3
poll_update: at 21548 202.0.185.154 flags 0001 poll 6 burst 0 last 21548 next 21611
receive: at 21548 192.168.0.17<-202.0.185.154 restrict 080
receive: at 21548 192.168.0.17<-202.0.185.154 mode 4 code 1
poll_update: at 21548 202.0.185.154 flags 0001 poll 6 burst 0 last 21548 next 21614
clock_filter: n 8 off -269.772968 del 0.085228 dsp 0.002783 jit 4.293075, age 66
        MCAST   *****sendpkt(fd=6 dst=192.168.0.20, src=192.168.0.17, ttl=0, len=48)
transmit: at 21563 192.168.0.17->192.168.0.20 mode 3
poll_update: at 21563 192.168.0.20 flags 0081 poll 6 burst 0 last 21563 next 21629
receive: at 21563 192.168.0.17<-192.168.0.20 restrict 080
receive: at 21563 192.168.0.17<-192.168.0.20 mode 4 code 1
poll_update: at 21563 192.168.0.20 flags 0081 poll 6 burst 0 last 21563 next 21628
clock_filter: n 8 off -263.294801 del 0.000170 dsp 0.003935 jit 4.285838, age 0
receive: at 21570 127.0.0.1<-127.0.0.1 restrict 000
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=20)
receive: at 21570 127.0.0.1<-127.0.0.1 restrict 000
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=444)
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=220)
receive: at 21570 127.0.0.1<-127.0.0.1 restrict 000
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=444)
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=228)
auth_agekeys: at 21600 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=202.0.185.154, src=192.168.0.17, ttl=0, len=48)
transmit: at 21614 192.168.0.17->202.0.185.154 mode 3
poll_update: at 21614 202.0.185.154 flags 0001 poll 6 burst 0 last 21614 next 21679
receive: at 21614 192.168.0.17<-202.0.185.154 restrict 080
receive: at 21614 192.168.0.17<-202.0.185.154 mode 4 code 1
poll_update: at 21614 202.0.185.154 flags 0001 poll 6 burst 0 last 21614 next 21678
clock_filter: n 8 off -269.772968 del 0.085228 dsp 0.003038 jit 3.487901, age 132
        MCAST   *****sendpkt(fd=6 dst=192.168.0.20, src=192.168.0.17, ttl=0, len=48)
transmit: at 21628 192.168.0.17->192.168.0.20 mode 3
poll_update: at 21628 192.168.0.20 flags 0081 poll 6 burst 0 last 21628 next 21693
receive: at 21628 192.168.0.17<-192.168.0.20 restrict 080
receive: at 21628 192.168.0.17<-192.168.0.20 mode 4 code 1
poll_update: at 21628 192.168.0.20 flags 0081 poll 6 burst 0 last 21628 next 21694
clock_filter: n 8 off -271.096864 del 0.000172 dsp 0.001058 jit 4.387344, age 65
receive: at 21656 127.0.0.1<-127.0.0.1 restrict 000
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=20)
receive: at 21656 127.0.0.1<-127.0.0.1 restrict 000
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=444)
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=220)
receive: at 21656 127.0.0.1<-127.0.0.1 restrict 000
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=444)
sendpkt(fd=5 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=228)
auth_agekeys: at 21660 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=202.0.185.154, src=192.168.0.17, ttl=0, len=48)
transmit: at 21678 192.168.0.17->202.0.185.154 mode 3
poll_update: at 21678 202.0.185.154 flags 0001 poll 6 burst 0 last 21678 next 21741
receive: at 21678 192.168.0.17<-202.0.185.154 restrict 080
receive: at 21678 192.168.0.17<-202.0.185.154 mode 4 code 1
poll_update: at 21678 202.0.185.154 flags 0001 poll 6 burst 0 last 21678 next 21741
clock_filter: n 8 off -269.772968 del 0.085228 dsp 0.002056 jit 2.820879, age 196
        MCAST   *****sendpkt(fd=6 dst=192.168.0.20, src=192.168.0.17, ttl=0, len=48)
transmit: at 21694 192.168.0.17->192.168.0.20 mode 3
poll_update: at 21694 192.168.0.20 flags 0081 poll 6 burst 0 last 21694 next 21759
receive: at 21694 192.168.0.17<-192.168.0.20 restrict 080
receive: at 21694 192.168.0.17<-192.168.0.20 mode 4 code 1
poll_update: at 21694 192.168.0.20 flags 0081 poll 6 burst 0 last 21694 next 21758
clock_filter: n 8 off -271.096864 del 0.000172 dsp 0.001923 jit 3.580587, age 131
auth_agekeys: at 21720 keys 1 expired 0
        MCAST   *****sendpkt(fd=6 dst=202.0.185.154, src=192.168.0.17, ttl=0, len=48)
transmit: at 21741 192.168.0.17->202.0.185.154 mode 3
poll_update: at 21741 202.0.185.154 flags 0001 poll 6 burst 0 last 21741 next 21804
receive: at 21741 192.168.0.17<-202.0.185.154 restrict 080
receive: at 21741 192.168.0.17<-202.0.185.154 mode 4 code 1
poll_update: at 21741 202.0.185.154 flags 0001 poll 6 burst 0 last 21741 next 21805
clock_filter: n 8 off -269.772968 del 0.085228 dsp 0.002721 jit 2.458078, age 259


I have no idea what makes this machine so special that it can't sync. Two other machines on the network use identical configs, and work fine. Any ideas?
Back to top
View user's profile Send private message
Andersson
Guru
Guru


Joined: 12 Jul 2003
Posts: 525
Location: Göteborg, Sweden

PostPosted: Wed Nov 09, 2005 2:29 am    Post subject: Reply with quote

It's been a while since I messed around with ntp, but perhaps I can give you some ideas.

First of all, are there any error messages in your logs?

It looks like you are syncing to au.pool.ntp.org as well as the other computers in your network. What are the other two computers syncing from? I don't think two computers should both listen to each other, but I'm sure you already thought of that. :P

Try syncing only to au.pool.ntp.org and not the others in your network. If that works, see if you can have only one of them sync to au.pool.ntp.org, and your other computers syncing only to this computer, to minimize the strain on the public servers.

What about firewalls, is the traffic allowed on all computers (udp port 123)? And the restrict line, if you are using one of your own computers as a server, do you have your network addresses after restrict?

And my last tip, if the above doesn't help: try openntpd! ;)
_________________
Must...resist...posting....
One...step...closer...to...getting...stupid...l33t...ranking...
Back to top
View user's profile Send private message
the_enigma
Apprentice
Apprentice


Joined: 23 Aug 2004
Posts: 210
Location: Brisbane, Aus

PostPosted: Wed Nov 09, 2005 4:41 am    Post subject: Reply with quote

Hi. The other two computers, one syncs just to au.pool.ntp.org. My laptop syncs to au.pool and to the previous machine, "games", which is set up to be a local server. The log file is basically empty, which is annoying.
I've set the dodgy machine to only sync to au.pool.ntp.org. It's been running for about an hour, and has gone from ontime (by using ntpdate) to having an offset of -47859. So 48 seconds off after an hour. And not synced, and it keeps drifting away.
All machines are behind the same firewall, and all machines were going to use the same config, which is why I'm confused. The same config file is on my laptop+desktop (same version of ntp too), yet the desktop won't sync.

Oh, and as to openntpd, it "works", but it doesn't allow for drifting, which is obviously what my clock is doing. So I'd get roughly a 60s clock change every 3 minutes. So ntp seems to be sort-of doing its job, maybe it's just taking ages to sync. I've only ever left it for around 12-14 hours.

I think that covers all the points you mentioned.
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Wed Nov 09, 2005 6:16 am    Post subject: Reply with quote

the_enigma wrote:
My machine which has crazy drift is still not being synced.

Have you configured the required "Default Linux Capabilities" kernel option, as per the howto?
_________________
Improve your font rendering and ALSA sound
Back to top
View user's profile Send private message
the_enigma
Apprentice
Apprentice


Joined: 23 Aug 2004
Posts: 210
Location: Brisbane, Aus

PostPosted: Wed Nov 09, 2005 7:37 am    Post subject: Reply with quote

I thought "If this option is not selected, the default Linux security model will be used." meant that if I had set that option to N, it would be the same thing. But I'll try enabling it anyway, see if it makes a difference. Oh, and none of the machines have that option enabled, and only this one machine has trouble with ntpd.
Back to top
View user's profile Send private message
Andersson
Guru
Guru


Joined: 12 Jul 2003
Posts: 525
Location: Göteborg, Sweden

PostPosted: Thu Nov 10, 2005 1:25 am    Post subject: Reply with quote

Is the clock drifting at the same rate if ntpd is not running?
_________________
Must...resist...posting....
One...step...closer...to...getting...stupid...l33t...ranking...
Back to top
View user's profile Send private message
the_enigma
Apprentice
Apprentice


Joined: 23 Aug 2004
Posts: 210
Location: Brisbane, Aus

PostPosted: Sat Nov 12, 2005 9:32 am    Post subject: Reply with quote

It seems to be faster with ntpd running. Which has got me confused. Without running ntpd or openntpd, it's vaguely ontime, losing a minute every week or two. With either one running, it goes nuts.
Oh, and after running ntpd for over a day, I eventually get
Code:
10 Nov 19:44:14 ntpd[2863]: synchronized to 202.55.152.4, stratum 3
10 Nov 19:44:14 ntpd[2863]: time correction of -1101 seconds exceeds sanity limit (1000); set clock manually to the correct UTC time.

Which sort of makes sense, I just don't know why it takes so long.
Oh, and I have tried deleting and recreating the drift file for ntpd, didn't change anything.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3, 4, 5
Page 5 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum