LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Unable to sync time NTP server (https://www.linuxquestions.org/questions/linux-newbie-8/unable-to-sync-time-ntp-server-938908/)

Rohit_4739 04-09-2012 11:12 AM
Unable to sync time NTP server
 
Hello Everyone,

I am having bit of trouble in syncing the time with public ntp serves. Let me explain the environment i am in because that might help you in identifying the issue. I am running RHEL6 on a virtual box VM and i am under a corporate network.

I installed ntpd and modified the /etc/ntp.conf with the necessary details and then started the service. However when i run the ntpq -np commmand to check the status it always shows the wrong stats. Here is the output from ntpq -np
Quote:

ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
125.62.193.121 .INIT. 16 u - 64 0 0.000 0.000 0.000
220.130.158.71 .INIT. 16 u - 64 0 0.000 0.000 0.000
61.110.197.50 .INIT. 16 u - 64 0 0.000 0.000 0.000
72.29.161.5 .INIT. 16 u - 64 0 0.000 0.000 0.000
64.113.32.5 .INIT. 16 u - 64 0 0.000 0.000 0.000
169.229.70.183 .INIT. 16 u - 64 0 0.000 0.000 0.000
Running ntpdate -u 0.in.pool.ntp.org shows the result as "no suitable server for syncronization found". here is the ntpdate output

Quote:

[root@localhost ~]# ntpdate -u 125.62.193.121
9 Apr 12:08:57 ntpdate[5837]: no server suitable for synchronization found
However i am able to ping the server

[root@localhost ~]# ping -c 3 125.62.193.121
PING 125.62.193.121 (125.62.193.121) 56(84) bytes of data.
64 bytes from 125.62.193.121: icmp_seq=1 ttl=46 time=107 ms
64 bytes from 125.62.193.121: icmp_seq=2 ttl=46 time=109 ms
64 bytes from 125.62.193.121: icmp_seq=3 ttl=46 time=107 ms

--- 125.62.193.121 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2111ms
rtt min/avg/max/mdev = 107.668/108.164/109.081/0.702 ms


So what could be the problem, firewall has port 123(UDP) opened. Here is the ntp.conf file for further reference

Quote:

[root@localhost ~]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default kod nomodify notrap nopeer noquery
#restrict -6 default kod nomodify notrap nopeer noquery

restirct default ignore

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.10.0 mask 255.255.255.0

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
restrict 0.asia.pool.ntp.org mask 255.255.255.255 notrap nomidfy noquery
restrict 3.asia.pool.ntp.org mask 255.255.255.255 notrap nomidfy noquery
restrict 0.in.pool.ntp.org mask 255.255.255.255 notrap nomidfy noquery
restrict 1.pool.ntp.org mask 255.255.255.255 notrap nomidfy noquery
restrict 2.pool.ntp.org mask 255.255.255.255 notrap nomidfy noquery
restrict 3.pool.ntp.org mask 255.255.255.255 notrap nomidfy noquery
server 0.in.pool.ntp.org
server 0.asia.pool.ntp.org
server 3.asia.pool.ntp.org
server 3.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
#server 0.rhel.pool.ntp.org
#server 1.rhel.pool.ntp.org
#server 2.rhel.pool.ntp.org

#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.

#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

Thanks.

repo 04-09-2012 11:23 AM
Corporate firewall?

Kind regards

Rohit_4739 04-09-2012 12:35 PM
Quote:
Originally Posted by repo (Post 4648439)
Corporate firewall?

Kind regards
Yeah it could be but would that be stopping me from communicating on port 123 ?

Kustom42 04-09-2012 03:05 PM
Install telnet or use nmap to scan that host and see if the port is open. If you do nmap start with your gateway and work your way out of your network until you reach the host and verify the port is open along the way.

NOTE: Firewalls may still be listening on the port but still dropping the connection with the firewall rules set so nmap may not give you what you are looking for, use telnet and see if you can figure out where the connection on port 123 is dropping.

Satyaveer Arya 04-09-2012 03:35 PM
It could be because of selinux. What's the status of ntpd_disable_trans in selinux?
Set it to
Code:
# setsebool -P ntpd_disable_trans 1
And execute the command 'ntpq -p' in order to verify the NTP server with external NTP servers.

Rohit_4739 04-10-2012 08:44 AM
Hello Everyone,

Thanks for all your replies, it was a firewall issue which was running at my corporate network. I tried running ntpd on my personal internet connection and it worked successfully.

Thanks a lot for taking time from your schedule to respond.

Rohit


All times are GMT -5. The time now is 11:40 AM.