LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-15-2007, 05:10 AM   #16
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49

Quote:
Originally Posted by coal-fire-ice
basically all the servers are publicly available for for http service and a couple of others, but other than that the firewall to the external world doesnt let anything in or out. all the servers respond on their public ip addresses. all the servers internal firewalls (iptables) are not set to block anything at this time. i am 100% confident that there is no firewall issue.
my problem is i cant use external ntp servers because the firewall betweeen all the servers and the external world will not let ntp through, and i dont intend to let it. i just want to synchronize all the servers within my firewall so that the logs on the servers can be compared accurately, because its awkward when one has lost 20 minutes and im getting confused over what happened when.
I just don't understand why you don't want to sync with time servers. If you are running commercial servers and allowing connections on port 80 why not add udp connections on port 123. I run http, email and a time server for uk.pool.ntp.org and have done so for a couple of years and never had a problem with port 123. If you are going to have security problems then they are likely on port 80 where crackers can get at the system via the tcp stack.

As regards your current problem - there is something more fundamentally wrong with your network comms than the config of the time server. The time server will provide some kind of time whether it is incorrect or not. Your problem seems to be that the other systems are unable to get responses to requests. This can be due to the following causes;

1. the time server is not running and therefore not responding;
2. your time server is not allowing incoming requests;
3. the requesting systems are not configured to request time from the correct server.

I am sure you have a network communication problem and without full details of how the network is configured and how the boxes communicate with each other it is difficult to help. To summarise what I have said before; If the boxes are on the same lan and inside a designated firewall which allows communications (all ports open) between the boxes then you should have no problems. If this is not the case and there are firewalls in place that exclude port 123 then the boxes will not be able to get responses to requests and the system will not work.

Last edited by TigerOC; 07-15-2007 at 05:12 AM.
 
Old 07-16-2007, 09:11 AM   #17
coal-fire-ice
Member
 
Registered: Nov 2004
Location: SE England
Distribution: Debian, SUSE, Ubuntu, Slackware
Posts: 147

Original Poster
Rep: Reputation: 15
the only reason i am not using external ntp servers is because i am not allowed to open any ports in our external firewall. i cannot change any configuration settings on the external firewall at all.

internally, between the servers themselves there are no firewalls at all.

its like:

........... firewall
.............. |
............. hub -----------------------------------------
.............. | ......... | ......... | ............ |
........ ntp server .. server 1 .. server 2 ........ etc


(using . for spacing)

Last edited by coal-fire-ice; 07-16-2007 at 09:21 AM.
 
Old 07-16-2007, 09:37 AM   #18
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
I have re-read your posts and the only thing I can see that might cause a problem was the broadcast address that you used in the ntp server config file. The broadcast address should end with 255. If you have no reference time server then read up the ntp documentation on using fudge. From the network setup you have in the diagram there is no reason why this should not work.
 
Old 07-16-2007, 09:47 AM   #19
coal-fire-ice
Member
 
Registered: Nov 2004
Location: SE England
Distribution: Debian, SUSE, Ubuntu, Slackware
Posts: 147

Original Poster
Rep: Reputation: 15
ok, changed the broadcast numbers to see if that helped, and didnt seem to.
i presume this fudge thing will stop it working at all unless its set right, is that so?

thanks
 
Old 07-16-2007, 10:03 AM   #20
coal-fire-ice
Member
 
Registered: Nov 2004
Location: SE England
Distribution: Debian, SUSE, Ubuntu, Slackware
Posts: 147

Original Poster
Rep: Reputation: 15
I've now tried this in the conf file on my ntp server:


Quote:
# /etc/ntp.conf, configuration for ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).

server 127.0.0.1
fudge 127.0.0.1 stratum 14
server 200.38.88.253
fudge 200.38.88.253 stratum 14

# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1 nomodify

# Clients from this (example!) subnet have unlimited access,
restrict 213.38.88.0 mask 255.255.255.0
restrict 194.176.128.0 mask 255.255.255.0

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 213.38.88.255
broadcast 194.176.128.255

# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth
#broadcastclient
i also tried setting both stratums to 1 and 10 aswell as 14, but each time i get a response of:


Quote:
root@darkstar:~# ntpdate -d kingpin.mydomain.com
16 Jul 15:53:18 ntpdate[12231]: ntpdate 4.2.2p4@1.1585-o Wed Mar 7 20:43:31 UTC 2007 (1)
transmit(200.38.88.253)
receive(200.38.88.253)
transmit(200.38.88.253)
receive(200.38.88.253)
transmit(200.38.88.253)
receive(200.38.88.253)
transmit(200.38.88.253)
receive(200.38.88.253)
transmit(200.38.88.253)
200.38.88.253: Server dropped: strata too high
server 200.38.88.253, port 123
stratum 16, precision -20, leap 11, trust 000
refid [200.38.88.253], delay 0.02579, dispersion 0.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
originate timestamp: ca45f7b8.5fb2c5ad Mon, Jul 16 2007 14:57:12.373
transmit timestamp: ca4604de.93689ca1 Mon, Jul 16 2007 15:53:18.575
filter delay: 0.02583 0.02580 0.02580 0.02579
0.00000 0.00000 0.00000 0.00000
filter offset: -3366.20 -3366.20 -3366.20 -3366.20
0.000000 0.000000 0.000000 0.000000
delay 0.02579, dispersion 0.00000
offset -3366.202114

16 Jul 15:53:18 ntpdate[12231]: no server suitable for synchronization found
i can only presume from this that i am doing the fudge thing wrong. cos it still says stratum 16.

i shall continue to read about it, but if you spot a silly error, please let me know.

thanks
 
Old 07-16-2007, 12:00 PM   #21
coal-fire-ice
Member
 
Registered: Nov 2004
Location: SE England
Distribution: Debian, SUSE, Ubuntu, Slackware
Posts: 147

Original Poster
Rep: Reputation: 15
right

have updated my configuration file on my server like so:

Quote:
# /etc/ntp.conf, configuration for ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).

server 127.0.0.1
fudge 127.0.0.1 stratum 10 refid LCL

restrict default kod notrap nomodify nopeer noquery

restrict 213.38.88.0 mask 255.255.255.0
restrict 194.176.128.0 mask 255.255.255.0

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 213.38.88.255
broadcast 194.176.128.255
still says its a stratum 16 server from the ntpdate - whatever it was command

thanks again
 
Old 07-16-2007, 03:18 PM   #22
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
Quote:
Originally Posted by coal-fire-ice
still says its a stratum 16 server from the ntpdate - whatever it was command
That is correct. Stratum relates to the time source. A primary time server eg an device like an atomic clock or radio frequency clock is a stratum 1. If your system was using a stratum 1 server as a time source it would register as a stratum 2. Since you are using your local (fudge) system clock it registers as a stratum 16 because the clock is not a reliable source. In my ntp server I have 7 different time servers listed as source servers and if one is unreachable it defines it as stratum 16.

To check your local server use the command;
ntpq -p
 
Old 07-16-2007, 04:06 PM   #23
coal-fire-ice
Member
 
Registered: Nov 2004
Location: SE England
Distribution: Debian, SUSE, Ubuntu, Slackware
Posts: 147

Original Poster
Rep: Reputation: 15
what im after tho is a way of tricking the clients into thinking the ntp server is a lower stratum, even though it still running of the more unreliable hardware clock. either that or forcing the clients to sync with it even though its at stratum 16
 
Old 07-16-2007, 04:10 PM   #24
coal-fire-ice
Member
 
Registered: Nov 2004
Location: SE England
Distribution: Debian, SUSE, Ubuntu, Slackware
Posts: 147

Original Poster
Rep: Reputation: 15
heres another example of what i'm trying to achieve.

say i have 3 computers,
all running different flavours of linux.

they are all connected via an ethernet connection to a hub

the hub is not connected to anything else

no computer has internet access.

but i want one of the computers to keep the time, and the other two to follow suit.

so if the time on that one computer is adjusted forward 10 minutes, the time on the other two servers automatically adjusts forward 10 minutes (doesnt have to be simultaneous tho - within 4 or 5 hours for example)

----------------------

now i assumed that the ntpd could be used to achieve this, maybe i was wrong, but thats the general idea of what im trying to achieve, without all the complicated bits which i dont need to worry about.
 
Old 07-16-2007, 04:33 PM   #25
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
You cannot trick ntp. ntp rates the source based on certain parameters,such as offset, jitter etc. The ntp servers are not interested in how accurate the source time is. What ntp will do is calculate the drift of each system and then correct the system time for that drift and this can be as accurate as 1ms. Initially ntp sends requests every 64s then as ntp sets the drift it will stabilise at a request every 1024s. The clocks on all the systems should be within 100ms of each other if each is running ntp servers.
 
Old 07-16-2007, 05:20 PM   #26
coal-fire-ice
Member
 
Registered: Nov 2004
Location: SE England
Distribution: Debian, SUSE, Ubuntu, Slackware
Posts: 147

Original Poster
Rep: Reputation: 15
i think theres something im not getting here.

do all the computers need to be running an ntp server?

i thought i could run one ntp server and have all the rest being clients thereof
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Gnomad hangs in Ubuntu Fiesty lunarmelody Linux - Hardware 0 05-09-2007 09:15 PM
i cant install ubuntu fiesty fawn 7.04 beta umerkool Ubuntu 1 03-28-2007 06:25 PM
Setting Up NTP Client/Server kaplan71 SUSE / openSUSE 2 05-31-2006 04:38 PM
Setting up ntp server triley Linux - Networking 0 01-28-2004 01:06 PM
setting my time server (ntp) Moses420ca Linux - Newbie 9 08-28-2003 03:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration