ntpd doesn't seem to sync at all
It appears you are inside network which limits access to ntp servers. Of the six time servers you have specified you are only getting time from one. However, all is not lost.
Try using local time sources. I find reliable NTP sources are common. Often your router and DNS servers will provide a reliable time source. If an dedicated ntp server is available, it is often called ntp
or ntp1
. If the local domain is example.com
then you would find it as ntp.example.com
.
For your master server consider using its clock as a time source. Setting is stratum in the range 8 to 12 makes it a useful backup but won't override real sources. This may not be an accurate time source, but can be used as common fallback time source for all your systems. Even if you can't get a good time source, you can at least sync all your systems to the same time source.
# ... and use the local system clock as a reference if all else fails
server 127.127.1.0
fudge 127.127.1.0 stratum 8
It is also possible to use some GPS units as a time source. One of my time sources claims gps as its time source. You can start with the NTP Reference Clocks documentation if you need to use this approach.
Use the command ntpq -p
or ntpdc -c peers
to check the reliability of your time sources. You can add a hostname to query your peers, although they may be configured not to respond.
You can use ntpdate
in debug mode to scan the local network for ntp
servers. However, you may find some rouge servers which are highly inaccurate. (One network scan I did found many srtatum 0 servers with clocks that were a day or more off the current date.) Look for a moderately low stratum (2 to 4) with an accurate time. Checking the peers of server at stratums above 3 may help you discover accessible time sources.
CppLearner
Updated on September 18, 2022Comments
-
CppLearner over 1 year
I am following this tutorial It's 2008, so I am very careful using its advice. I need to make this machine the master, and let all other machines use it to sync the time. They are all out of sync by 20-30s...
By default the conf file has this:
# Specify one or more NTP servers. # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for # more information. server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org # Use Ubuntu's ntp server as a fallback. server ntp.ubuntu.com
I just made a slight change and now it becomes
server 0.ubuntu.pool.ntp.org iburst
.Restart, and monitor the log
tail -f /var/log/syslog Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen and drop on 1 v6wildcard :: UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen normally on 2 lo 127.0.0.1 UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen normally on 3 eth0 134.74.77.21 UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen normally on 4 eth1 10.10.0.57 UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen normally on 5 eth1 fe80::5652:ff:fe5a:f89f UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen normally on 6 eth0 fe80::5652:ff:fe01:1aee UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listen normally on 7 lo ::1 UDP 123 Jun 14 16:17:12 ghive-ldap ntpd[16721]: peers refreshed Jun 14 16:17:12 ghive-ldap ntpd[16721]: Listening on routing socket on fd #24 for interface updates
It has been 20 minutes and nothing seems to be coming up.... I added other servers but none seems to be working...
ping 0.ubuntu.pool.ntp.org PING 0.ubuntu.pool.ntp.org (50.7.247.114) 56(84) bytes of data. From 172.17.200.3 icmp_seq=1 Packet filtered From 172.17.200.3 icmp_seq=6 Packet filtered
Sounds bad. How about the closest? I am in NY, based on this list of servers
server nist1-ny.ustiming.org iburst
Ping that, also gives me packed filtered.
So what's going on here? Any idea? Thanks.
Here is the actual conf if you need to look at: http://dpaste.org/wDMxO/
root@ghive-ldap:~# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== nist1-ny.ustimi .INIT. 16 u - 64 0 0.000 0.000 0.000 name1.glorb.com 128.252.19.1 2 u - 64 1 32.783 -7.453 0.000 ns1.oninit.com .INIT. 16 u - 64 0 0.000 0.000 0.000 ns1.your-site.c .INIT. 16 u - 64 0 0.000 0.000 0.000 triangle.kansas .INIT. 16 u - 64 0 0.000 0.000 0.000 europium.canoni .INIT. 16 u - 64 0 0.000 0.000 0.000
-
Zoredache almost 12 yearssystems in pool.ntp.org are not required to have ICMP open, only NTP. NTP could be working for that host, but simply not be responding to ICMP. What is the output of
ntpq -p
? -
CppLearner almost 12 years@Zoredache Thanks. I just included the log for that. Please take a look? Thanks!
-
Zoredache almost 12 yearsGiven your current ntpq output I suspect something about your firewall/network is not permitting NTP traffic out to the internet. Are you sure your firewall/routers are allowing the ports udp/123 and tcp/123?
-
CppLearner almost 12 years@Zoredache I suspect no. This is a University server, so it is very likely they block them. Is there a way to change the port? Or is it wise to do so? I can manually do
ntpdate
, but might worth a while to dig down and setup the automated process... thanks for the help so far. -
Zoredache almost 12 yearsntpdate uses the exact same port and protocol. Unfortunately the problem is your local firewal not allowing outgoing traffic. The ports that would need to be changed are the people you are connecting too. But they have no reason to change, since that is the standard NTP port. Basically you are screwed. You might try contacting someone in your tech deptartment. If they are blocking NTP, surely they must have some internal NTP server that you can use.
-