|
NTP configuration in client to synchronize with NTP server.
Hi,
I had configured NTP before. I remember I don't need to do lots of configurations. I am not sure, why my servers are not getting synchronize with NTP server which is in our Headquater. I am at branch site. Previously we have our own NTP server now we are changing our NTP configuration to NTP server at Headquarter. Below is my configurations- cat /etc/ntp.conf restrict 127.0.0.1 server lin1.timeserver.com iburst maxpoll 6 server lin2.timeserver.com iburst maxpoll 6 server lin3.timeserver.com iburst maxpoll 6 server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift keys /etc/ntp/keys After ntpd service restart, if I check the status, My server synchronize Locally instead of lin1 server- [root@Myserver]# ntpstat synchronised to local net at stratum 11 time correct to within 12 ms polling server every 1024 s If I query the tcpdump, I am receiving packets- [root@Myserver ~]# tcpdump udp port 123 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 13:12:05.057082 IP Myserver.engineering.com.ntp > 10.10.1.5.ntp: NTPv4, Client, length 48 13:12:05.125619 IP 10.10.1.5.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48 13:12:24.056917 IP Myserver.engineering.com.ntp > 10.30.1.2.ntp: NTPv4, Client, length 48 13:12:24.085534 IP 10.30.1.2.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48 4 packets captured 4 packets received by filter 0 packets dropped by kernel Questions- I don't have an access to the server, neither I know the configuration of the server. Do we need to add my network (10.70.0.0/16) in NTP server? What is <restrict> in NTP server?Is it the low restrict to the specific networks?eg- in ntp.conf file-- restrict 127.0.0.1 Thanks in |
Do you connect to the headquarter over the internet?
|
Quote:
No, we are connected over intranet. But the intranet is provided by ISP. |
Try this:
restrict default noquery nomodify restrict 127.0.0.1 restrict 10.70.0.0 mask 255.255.0.0 fudge 127.127.1.0 stratum 10 server 127.127.1.0 # local clock server lin1.timeserver.com iburst maxpoll 6 server lin2.timeserver.com iburst maxpoll 6 server lin3.timeserver.com iburst maxpoll 6 driftfile /var/lib/ntp/drift keys /etc/ntp/keys Note that, depending on circumstances, it can take as much as 5 minutes or more before it actually locks onto a server and quits the local clock. Another potential problem is the keys. You are using a secured ntp server and the keys will be different than they were with the old server. Make sure you have new keys generated for the headquarters server. |
Quote:
Yes, it take around 5 minutes but still it is synchronize locally, But if I tcpdump and query the packets, it is sending and receiving packets to timeserver- [root@Myserver ~]# tcpdump udp port 123 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 10:51:21.413150 IP Myserver.engineering.com.ntp > 10.30.1.2.ntp: NTP v4, Client, length 48 10:51:21.492043 IP 10.30.1.2.ntp > Myserver.engineering.com.ntp: NTP v3, Server, length 48 10:51:22.413869 IP Myserver.engineering.com.ntp > 10.10.1.5.ntp: NTP v4, Client, length 48 10:51:22.450006 IP 10.10.1.5.ntp > Myserver.engineering.com.ntp: NTP v3, Server, length 48 10:52:20.413794 IP Myserver.engineering.com.ntp > 10.30.1.1.ntp: NTP v4, Client, length 48 10:52:20.429561 IP 10.30.1.1.ntp > Myserver.engineering.com.ntp: NTP v3, Server, length 48 10:52:25.412996 IP Myserver.engineering.com.ntp > 10.10.1.5.ntp: NTPv4, Client, length 48 10:52:25.691622 IP 10.10.1.5.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48 10:52:26.412392 IP Myserver.engineering.com.ntp > 10.30.1.2.ntp: NTPv4, Client, length 48 10:52:26.680315 IP 10.30.1.2.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48 where- 10.30.1.1 is lin1 timeserver. But if I query the satus- [root@Myserver ~]# ntpstat synchronised to local net at stratum 6 time correct to within 74 ms polling server every 64 s I checked in NTP, there was nothing, neither before nor after changing the configuration-- [root@Myserver ~]# cat /etc/ntp/keys # # PLEASE DO NOT USE THE DEFAULT VALUES HERE. # #65535 M akey #1 M pass Thanks. |
And what about the security keys? Did you check with HQ and get the keys?
|
Quote:
|
Post the output of the command:
ntpq -pn Are other clients able to synch time with the server? |
Quote:
remote refid st t when poll reach delay offset jitter ============================================================================== 10.30.1.1 .LOCL. 1 u 55 64 17 15.030 5167.30 172.344 *LOCAL(0) .LOCL. 10 l 51 64 17 0.000 0.000 0.001 [root@Myserver ~]# ntpstat synchronised to local net at stratum 11 time correct to within 949 ms polling server every 64 s Where 10.30.1.1 is the Time server which is located at headquarter. Other clients are not able to synch time with the server too. |
Since the offset is to high the client will not sync with the server. Do you have any idea how the new time server was configured?
What linux distribution / version runs on the clients? Here is some useful information: http://www.eecis.udel.edu/~mills/ntp/html/debug.html |
Quote:
|
Can we sync our CentOS server to Windows time server?
|
net time set -I ipaddressofyouradserver
http://www.tutorialspoint.com/unix_commands/net.htm Did you ever find out how the server was configured? Is it a virtual machine? |
| All times are GMT -5. The time now is 09:00 AM. |