NTPD catches in RHEL Server 5?

Stephen John Smoogen smooge at gmail.com
Sun Jul 20 04:35:05 UTC 2008 

2008/7/19 schilling <schilling2006 at gmail.com>:
>
> Hi,
>
> I was trying to upgrade my ntp server from AS 3 w/ ntp-4.1.2-5.el3 to RHEL
> server 5 w/ntp-4.2.2p1-8.el5, I copied the /etc/ntp.conf and iptables to the
> new installation. But now
> the RHEL5 will not providing the NTP services. Is there any cactch
> configuration for RHEL 5?

1. Check to see if the ntp server is running and that you can get the
data locally.

service ntp status


2. Check to see if the ntp server has sync'd up correctly. The newer
ntp server takes a while to get a proper 'chaos' field or something
ready before it will start serving time. It is a lot faster if you
have a GPS etc local to it, but if it is relying on other ntp's it
takes a while to give you the data.

ntpq -p

3. Check to see if the firewall allows for systems to connect to port
123 on your new server.

>
> My configuration is as follows:
>
> [test at dns1 ~]$ more /etc/ntp.conf
> # Prohibit general access to this service.
> #restrict default ignore
>
> # Permit all access over the loopback interface.  This could
> # be tightened as well, but to do so would effect some of
> # the administrative functions.
> restrict 127.0.0.1
>
> #On Campus Peers
> #peer 192.168.8.8
> peer 10.10.121.44
>
>
> # -- CLIENT NETWORK -------
> # Permit systems on this network to synchronize with this
> # time service.  Do not permit those systems to modify the
> # configuration of this service.  Also, do not use those
> # systems as peers for synchronization.
> restrict 192.168.0.0 mask 255.255.0.0 notrust nomodify notrap
> restrict 10.10.0.0 mask 255.255.0.0 notrust nomodify notrap
>
> # --- OUR TIMESERVERS -----
> # or remove the default restrict line
> # Permit time synchronization with our time source, but do not
> # permit the source to query or modify the service on this system.
>
> # restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap
> noquery
> # server mytrustedtimeserverip
>
> server 18.145.0.30      #NAVOBS1.MIT.EDU.
> server 128.118.25.12    #gps1.tns.its.psu.edu.
> server 192.5.41.209     #ntp2.usno.navy.mil.
> server 192.5.41.40      #tick.usno.navy.mil.
>
> restrict 18.145.0.30 mask 255.255.255.255 nomodify notrap noquery
> restrict 128.118.25.12 mask 255.255.255.255 nomodify notrap noquery
> restrict 192.5.41.209 mask 255.255.255.255 nomodify notrap noquery
> restrict 192.5.41.40 mask 255.255.255.255 nomodify notrap noquery
>
>
> # --- NTP MULTICASTCLIENT ---
> #multicastclient                        # listen on default 224.0.1.1
> # restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
> # restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
>
>
>
> # --- GENERAL CONFIGURATION ---
> #
> # Undisciplined Local Clock. This is a fake driver intended for backup
> # and when no outside source of synchronized time is available. The
> # default stratum is usually 3, but in this case we elect to use stratum
> # 0. Since the server line does not have the prefer keyword, this driver
> # is never used for synchronization, unless no other other
> # synchronization source is available. In case the local host is
> # controlled by some external source, such as an external oscillator or
> # another protocol, the prefer keyword would cause the local host to
> # disregard all other synchronization sources, unless the kernel
> # modifications are in use and declare an unsynchronized condition.
> #
> #server 127.127.1.0     # local clock
> #fudge  127.127.1.0 stratum 10
>
> #
> # Drift file.  Put this in a directory which the daemon can write to.
> # No symbolic links allowed, either, since the daemon updates the file
> # by creating a temporary in the same directory and then rename()'ing
> # it to the file.
> #
> driftfile /var/lib/ntp/drift
> broadcastdelay  0.008
>
> #
> # Authentication delay.  If you use, or plan to use someday, the
> # authentication facility you should make the programs in the auth_stuff
> # directory and figure out what this number should be on your machine.
> #
> #authenticate yes
>
> #
> # Keys file.  If you want to diddle your server at run time, make a
> # keys file (mode 600 for sure) and define the key number to be
> # used for making requests.
> #
> # PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
> # systems might be able to reset your clock at will. Note also that
> # ntpd is started with a -A flag, disabling authentication, that
> # will have to be removed as well.
> #
> keys            /etc/ntp/keys
>
> Thanks.
>
> Schilling
>
>
> --
> redhat-sysadmin-list mailing list
> redhat-sysadmin-list at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
>



-- 
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

More information about the redhat-sysadmin-list mailing list