[ale] ntp config?

Michael H. Warfield mhw at wittsend.com
Sun Oct 31 09:04:48 EST 1999 

On Sat, Oct 30, 1999 at 09:22:13PM -0600, Robert L. Harris wrote:

> I'm trying to sync to tock.usno.navy.mil.  I just want it to service
> my single subnet right now.  I want them to sync when the clients
> do an "rdate -s <my_server>".

	Much of the rest of this is assuming that you are using RedHat
and have installed the RedHat xntp package.

	Can you run the command "/usr/sbin/ntpdate tock.usno.navy.mil"
and get to the chimer you are trying to reach in your ntp.conf file?
Note: xntpd must NOT be running to run this command.  If you get the
error "Socket in use" or somethig similar, run the command
"/etc/rc.d/init.d/xntpd stop" and try it again.

	If you can reach the chimer with ntpdate, have you added
"tock.usno.navy.mil" to the /etc/ntp/step-tickers file?  The startup
script /etc/rc.d/init.d/xntpd uses that file to tell ntpdate what
servers to use.  The script call ntpdate just prior to starting up
xntpd so that the time is already synchronized and xntpd can keep
it there (rather than having to try and slowly drift the systems
into sync over time).

> Here's my ntp.conf:

> ----------------------------------------------------
> server  192.5.41.41 prefer #tock.usno.navy.mil
> server  127.0.0.1       # local clock

	Why are you using addresses and not symbolic names?  That is the
correct address for tock, but are you having problems resolving the
dns names?  If you are having problems with dns I would not be surprised
if you were having problems with ntp (they're bot UDP services).

	Is there a firewall between you and the outside chimers?  Most
firewalls block UDP and ntp is a UDP service.  You would have to make
sure any firewalls are configured to pass ntp.  The firewall must
be configured to pass to and from port 123 on the outside.  I actually
think that this is one of those services that uses the same port on
both ends of the connection (you wouldn't use more than one socket between
the same two servers) so the firewall can be configured more restrictive
to allow packets when both the source port and the destination port are
both 123.  If you have a really paranoid sysadmin, he can put in rules
that allow only specific stratum one chimers and nothing else out in the
big bad internet.  :-)

	You should also be using multiple servers.  I've seen it where one
or more have been down or been unreachable.  Here's what I have in my
ntp.conf for servers:

server clock.llnl.gov
server ntp.css.gov
server tick.usno.navy.mil
server tock.usno.navy.mil
server tycho.usno.navy.mil
server  127.0.0.1     # local clock

	[...]

> ---------------------------------------------------------------------------
> Robert L. Harris                |   "A person is smart;
> Senior System Engineer          |        People are dumb, panicky
>   R&D Consulting.               \_            dangerous animals"  - Agent K  


> http://www.orci.com/~nomad

> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.

> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

More information about the Ale mailing list