NTP seems not work

sub320 · 03-11-2016, 04:07 AM

I have just config the NTP client ( 2 machinces ) , the config file is as below , and re-started the ntp service in these server , but I still find the time of these 2 machines are not the same ) , would advise what is wrong in my configuration ? when the server will start to sync the time with NTP server , do I need to schedule to run the sync function ( or by crontab ) ? Thanks

cat /etc/ntp.conf

Code:

driftfile /var/lib/ntp/drift

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1

server 10.168.222.31 iburst
server 10.168.222.32 iburst

includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys

tronayne · 03-11-2016, 08:12 AM

Maybe you might want to consider the /etc/ntp.conf file here (it works).

This assumes you have the NTP directory in /etc/ntp, it contains these files:

Code:

ls -al /etc/ntp
total 24
drwxr-xr-x   2 root root  4096 Mar 11 07:40 ./
drwxr-xr-x 103 root root 12288 Mar 11 07:13 ../
-rw-r--r--   1 root root     6 Mar 11 07:40 drift
-rw-------   1 root root    22 Feb 13  2014 ntp.keys
-rw-r--r--   1 root root     0 Feb 20 13:29 step-tickers

The /etc/ntp.conf file:

Code:

cat /etc/ntp.conf
# Sample /etc/ntp.conf:  Configuration file for ntpd.
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 10. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server	127.127.1.0	# local clock
fudge	127.127.1.0 stratum 10	

#
# NTP server (list one or more) to synchronize with:
#server pool.ntp.org iburst
server	0.us.pool.ntp.org
server	1.us.pool.ntp.org
server	2.us.pool.ntp.org

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift

#
# Uncomment to use a multicast NTP server on the local subnet:
#multicastclient 224.0.1.1		# listen on default 224.0.1.1
# Set an optional compensation for broadcast packet delay:
#broadcastdelay	0.008

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.
#
#keys		/etc/ntp/keys
#trustedkey	65535
#requestkey	65535
#controlkey	65535

#
# Don't serve time or stats to anyone else by default (more secure)
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Serve time to LAN; allow LAN machines to synchronize with us
restrict 192.168.1.0 mask 255.255.255.0 nomodify norap
restrict 192.168.2.0 mask 255.255.255.0 nomodify norap

#
# Disable the ntpdc -c monlist command, which is insecure and can be used
# to cause a denial of service attack (CVE-2013-5211). Future versions of
# NTP will remove this command.
disable monitor

#
# Trust ourselves.  :-)
restrict 127.0.0.1
restrict ::1

Notes

This configuration uses pool servers, unless you have a local time server, use the pool servers; you really don't need iburst.
You can put your drift file anywhere, but in /etc/ntp is a good place
You really don't need keys but they don't hurt if you really want them.
This server serves time to the LAN, don't need it, comment it out

I you use this configuration file, be sure to stop ntpd before you copy into /etc/ (and, of course, back up your existing ntp.conf).

This file may be used on every server (just comment out or delete the Serve time to LAN part).

You should get your system clock close to actual time (within 5 minutes or so) before you start the daemon (ntpd).

Start the daemon, wait about five minutes for it to synchronize with one of the pool servers and run

Code:

/usr/sbin/ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 127.127.1.0     .LOCL.          10 l   4d   64    0    0.000    0.000   0.000
*192.241.206.171 106.61.18.129    3 u   39 1024  377  605.381    1.324  40.834
+50.16.201.39    173.162.192.156  2 u  504 1024  377  640.545   -8.501  32.319
+173.44.32.10    128.138.140.44   2 u  754 1024  377  617.239    4.552  30.578

you should see something similar to this.

The asterisk indicates that you're synchronized with that time server, the plus signs indicate potential time servers to take over if the asterisk server goes away, gets noisy, whatever. NTP periodically evaluates the quality of the pool servers and will discard a bad one and add a new one.

Up at the top of the configuration file, be sure to read the reason for the Undisciplined Local Clock; don't discard the server and fudge lines, they work when your network connection goes away and keep you (pretty much) on time until the network comes back.

Hope this helps some.

sub320 · 03-13-2016, 08:55 PM

thanks reply ,

why I said , it seems not work , it is because I found two server have half minutes time difference .

May I ask my configuration is correct or not ?

thanks

tronayne · 03-14-2016, 07:50 AM

Half minutes? Do you mean 30 seconds (or so)?

Your configuration looks all right and, if you can see the display that indicates NTP has synchronized -- the one you see when you run ntpq -pn -- you're probably OK.

It takes a while, sometimes up to a couple or three days, for NTP to walk your clock into the correct time. The file /etc/ntp/step-tickers is used for that and you don't want to try to adjust the value in that file manually. NTP compares your system clock time with the time being served by the external source and gradually adjusts the value in /etc/ntp/step-tickers.

What it's adjusting is the system clock which is software; the system clock is run by the kernel and it can drift without something to keep it on-time and that's what NTP is for.

It looks like your time server is local? That is, you have a server that serves time to your LAN? I only ask because I can't ping those addresses and should be able to -- NTP servers are public and will respond to a ping (and maybe you just used arbitrary addresses in the post).

Can you post the output of ntpq -pn for both the servers you're concerned with?

Do you shut down your servers at night or do they continue to run 24/7? The normal thing that happens when you shut down a server is that the system time is written to the hardware clock (the one that is kept running by the CMOS battery on the motherboard). When the system is booted, the time is read from the hardware clock to set the system clock. Then NTP starts and begins synchronization. If you are shutting down and booting daily, you may have a weak or dead battery on the motherboard so that the clock chip is not running and, when the system is booted, NTP will attempt to do a large adjustment to the system clock and you'll have a time difference.

One way you can check the battery is to shut down the server then restart it into the BIOS. Look at the clock and see if it's running (the screen where you set the time). If it is, let it run for some length of time and see if it's reasonably accurate, if not, you'll need to adjust the hardware clock or, if it's not running, change the CMOS battery.

If the hardware clock is drifting more than 2 or three seconds over 15- 30 minutes it can be adjusted. Post that and we'll deal with it.

Hope this helps some.