Hi guys,
I have 4 servers 2 domain controllers and 2 mail/proxy servers and a realy weird problem.
On the first servers eg: domainc01 and mailsrv01 my ntp works like a charm:
ntpq -p ->
root@mailsrv01:/etc# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
172.20.12.44 172.21.2.17 5 u 4 64 37 8.729 2805.14 0.352
root@domainc01:/etc# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
172.20.12.44 172.21.2.17 5 u 3 64 377 7.155 28.538 8.480
*LOCAL(0) .LOCL. 12 l 26 64 377 0.000 0.000 0.001
My ntp.conf files are identical, same network same configurations.
On the second servers ntpq -p says this:
root@mailsrv02:/etc# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
172.20.12.44 .INIT. 16 u - 64 0 0.000 0.000 0.000
Which is not good
tcpdump shows a weird thing:
14:39:29.111660 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 76)
mailsrv02.zirc.tak.lan.ntp > 172.20.12.44.ntp: [bad udp cksum 0xd352 -> 0x6056!] NTPv4, length 48
Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 6s, precision -20
Root Delay: 0.000000, Root dispersion: 0.004821, Reference-ID: (unspec)
Reference Timestamp: 0.000000000
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3585472769.111639149 (2013/08/14 14:39:29)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3585472769.111639149 (2013/08/14 14:39:29)
Instead of getting time from 172.20.12.44 as "first servers:
14:40:43.255954 IP (tos 0x0, ttl 124, id 27761, offset 0, flags [none], proto UDP (17), length 76)
172.20.12.44.ntp > mailsrv01.zirc.tak.lan.ntp: [udp sum ok] NTPv3, length 48
Server, Leap indicator: (0), Stratum 5 (secondary reference), poll 6s, precision -6
Root Delay: 0.000000, Root dispersion: 10.113723, Reference-ID: 172.21.2.17
Reference Timestamp: 3585464371.040125001 (2013/08/14 12:19:31)
Originator Timestamp: 3585472843.246003597 (2013/08/14 14:40:43)
Receive Timestamp: 3585472846.071125000 (2013/08/14 14:40:46)
Transmit Timestamp: 3585472846.071125000 (2013/08/14 14:40:46)
Originator - Receive Timestamp: +2.825121402
Originator - Transmit Timestamp: +2.825121402
My ntp.conf:
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
####SAMBA4 CONF###
ntpsigndsocket /opt/samba4/var/lib/ntp_signd/
restrict default mssntp
logfile /var/log/ntp.log
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# Specify one or more NTP servers.
# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See
http://www.pool.ntp.org/join.html for
# more information.
server 172.20.12.44 iburst prefer
#server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
# Use Ubuntu's ntp server as a fallback.
#server ntp.ubuntu.com
#server time.takinfo.hu
server 127.127.1.0
fudge 127.127.1.0 stratum 12
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 10.48.0.0 mask 255.255.0.0
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
ntpdate 172.20.12.44 is working perfectly on the "first" servers but on the second ones it couldnt syncronize the clock, just with the -u option.
Any idea, help would be nice, this driving me crazy...