FC4 NTPD problem

Vikram Goyal vikigoyal at gmail.com
Sat Sep 24 14:12:52 UTC 2005 

-----Original Message-----
From: jdow <jdow at earthlink.net>
Sent: Fri, Sep 23, 2005 at 10:06:54PM -0700
To For users of Fedora Core releases
Subject: Re: FC4 NTPD problem


> This proves nothing about the firewall. The way to prove that is to
> stop ntp and use "ntpdate -vs clock2.redhat.com". That way you will
> be using the normal ntp port. Also look at the syslog file to see if
> there are firewall reports of blockage.
>

No there are no messages from iptables. Whether firewall is up or down
the regular port does not get used.
See...
-----------------------------------------------------------------------
[root at fc4host ~]# service iptables stop
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: mangle nat filter         [  OK  ]
Unloading iptables modules:                                [  OK  ]
[root at fc4host ~]# iptables -L
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root at fc4host ~]# ntpdate -vs clock.redhat.com

SYSLOG...

Sep 24 19:02:48 fc4host kernel: ip_tables: (C) 2000-2002 Netfilter core team
Sep 24 19:02:50 fc4host ntpdate[4022]: ntpdate 4.2.0a at 1.1190-r Thu Apr 14 07:47:27 EDT 2005 (1)
Sep 24 19:02:54 fc4host ntpdate[4022]: no server suitable for synchronization found

-----------------------------------------------------------------------

> It should not be stopping. So there is something messed up somewhere.
> What does your "/etc/ntp.conf" file look like with the commented out
> items stripped out? There might be something interesting in that file.
> 

My ntp.conf
-----------
-----------------------------------------------------------------------
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.

restrict default nomodify notrap noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 


# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service.  Do not permit those systems to modify the
# configuration of this service.  Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap


# --- OUR TIMESERVERS ----- 
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org


# --- NTP MULTICASTCLIENT ---
#multicastclient			# listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap



# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server 127.127.1.0
fudge	127.127.1.0 stratum 10	

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay	0.008

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys		/etc/ntp/keys
restrict clock.redhat.com mask 255.255.255.255 nomodify notrap noquery
restrict clock2.redhat.com mask 255.255.255.255 nomodify notrap noquery
restrict 0.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 2.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
server clock.redhat.com
server clock2.redhat.com
-----------------------------------------------------------------------
is nothing but mundane:( I have done nothing exotic here.

Well, i have come to one conclusion that ntpdate will only work with
non-previliged port, so I edited /etc/ini.d/ntpd and inserted -u option
on line 84. Now ntpd daemon's working as usual.

Thanks!
-- 
vikram...
         ||||||||
         ||||||||
^^'''''^^||root||^^^'''''''^^
        // \\   ))
       //(( \\// \\
      // /\\ ||   \\
     || / )) ((    \\
-- 
Q:	What is the difference between Texas and yogurt?
A:	Yogurt has culture.
-- 
~|~
 =
Registered Linux User #285795

More information about the fedora-list mailing list