| View previous topic :: View next topic |
| Author |
Message |
saffsd
Tux's lil' helper
Joined: 03 Mar 2006
Posts: 139
|
 Posted: Mon Jul 24, 2006 8:27 am Post subject: ntp-client: Failed to set clock (no server suitable...) |
 |
|
Hello all.
This seems to be a newbie problem but it's got me stumped so far:
| Code: |
# /etc/init.d/ntp-client start
* Caching service dependencies ... [ ok ]
* Setting clock via the NTP client 'ntpdate' ...
25 Jul 04:18:11 ntpdate[12953]: no server suitable for synchronization found
* Failed to set clock
|
Contents of /etc/conf.d/ntp-client:
| Code: |
# /etc/conf.d/ntp-client
# Command to run to set the clock initially
# Most people should just leave this line alone ...
# however, if you know what you're doing, and you
# want to use ntpd to set the clock, change this to 'ntpd'
NTPCLIENT_CMD="ntpdate"
# Options to pass to the above command
# This default setting should work fine but you should
# change the default 'pool.ntp.org' to something closer
# to your machine. See http://www.pool.ntp.org/ or
# try running `netselect -s 3 pool.ntp.org`.
NTPCLIENT_OPTS=" -b -u oceania.pool.ntp.org"
# How long to wait (in seconds) before giving up.
# Useful for when you boot and DNS/internet isn't
# really available but you have your net interface
# come up with say a static IP.
NTPCLIENT_TIMEOUT=30
|
and /etc/ntp.conf
| Code: |
# NOTES:
# - you should only have to update the server line below
# - if you start getting lines like 'restrict' and 'fudge'
# and you didnt add them, AND you run dhcpcd on your
# network interfaces, be sure to add '-Y -N' to the
# dhcpcd_ethX variables in /etc/conf.d/net
# Name of the servers ntpd should sync with
# Please respect the access policy as stated by the responsible person.
#server ntp.example.tld iburst
server 0.oceania.pool.ntp.org
##
# A list of available servers can be found here:
# http://www.pool.ntp.org/
# http://www.pool.ntp.org/#use
# A good way to get servers for your machine is:
# netselect -s 3 pool.ntp.org
##
# you should not need to modify the following paths
driftfile /var/lib/ntp/ntp.drift
#server ntplocal.example.com prefer
#server timeserver.example.org
# Warning: Using default NTP settings will leave your NTP
# server accessible to all hosts on the Internet.
# If you want to deny all machines (including your own)
# from accessing the NTP server, uncomment:
#restrict default ignore
# To deny other machines from changing the
# configuration but allow localhost:
restrict default nomodify nopeer
restrict 127.0.0.1
# To allow machines within your network to synchronize
# their clocks with your server, but ensure they are
# not allowed to configure the server or used as peers
# to synchronize against, uncomment this line.
#
#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
server 1.oceania.pool.ntp.org
server 2.oceania.pool.ntp.org
server time.esec.com.au
server ntp.adelaide.edu.au
|
I got [0,1,2].oceania.pool.ntp.org from www.pool.ntp.org.
Any ideas why this might not work? Or where to look for more detailed error output? Or, best of all, how to fix it?  Thanks! |
|
| Back to top |
|
 |
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Mon Jul 24, 2006 8:30 am Post subject: |
|
|
does ntpdate work when you run it by hand?
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
PaulBredbury
Watchman
Joined: 14 Jul 2005
Posts: 7310
|
| Posted: Mon Jul 24, 2006 9:23 am Post subject: |
|
|
The wiki contains debugging info, and the exact steps to follow. Pay attention to the "restrict" lines  |
|
| Back to top |
|
|
saffsd
Tux's lil' helper
Joined: 03 Mar 2006
Posts: 139
|
| Posted: Mon Jul 24, 2006 2:17 pm Post subject: |
|
|
Aha. thank you. fixed /etc/ntp.conf for reference:
| Code: |
# NOTES:
# - you should only have to update the server line below
# - if you start getting lines like 'restrict' and 'fudge'
# and you didnt add them, AND you run dhcpcd on your
# network interfaces, be sure to add '-Y -N' to the
# dhcpcd_ethX variables in /etc/conf.d/net
# Name of the servers ntpd should sync with
# Please respect the access policy as stated by the responsible person.
#server ntp.example.tld iburst
server au.pool.ntp.org
##
# A list of available servers can be found here:
# http://www.pool.ntp.org/
# http://www.pool.ntp.org/#use
# A good way to get servers for your machine is:
# netselect -s 3 pool.ntp.org
##
# you should not need to modify the following paths
driftfile /var/lib/ntp/ntp.drift
#server ntplocal.example.com prefer
#server timeserver.example.org
# Warning: Using default NTP settings will leave your NTP
# server accessible to all hosts on the Internet.
# If you want to deny all machines (including your own)
# from accessing the NTP server, uncomment:
#restrict default ignore
# To deny other machines from changing the
# configuration but allow localhost:
restrict default ignore
restrict au.pool.ntp.org nomodify notrap nopeer noquery
|
|
|
| Back to top |
|
|
truekaiser
l33t
Joined: 05 Mar 2004
Posts: 810
|
| Posted: Mon Jul 24, 2006 10:02 pm Post subject: |
|
|
| i am having the same problem here but the soultion you posted doesn't work. |
|
| Back to top |
|
|
evoweiss
Veteran
Joined: 07 Sep 2003
Posts: 1678
Location: Edinburgh, UK
|
| Posted: Wed Jan 10, 2007 11:53 pm Post subject: |
|
|
Hi all,
Sadly, I'm having the same damn problem with ntp-client, though, weirdly, it has worked in the past and I can't think of too much that I did that may have changed this happy state of affairs. I tried to run it with my router's firewall turned off and it worked. However, I don't see why that would be a problem as I specifically have set up my firewall to allow access to the right port.
My /etc/conf.d/ntp-client file is:
| Code: | # Allow ntp to automatically correct predictable clock drift
driftfile /var/lib/ntp/ntp.drift
# logfile defaults to /var/log/messages
logfile /var/log/ntp.log
# Un-comment the next line, to act as a time server to the local network
restrict 0.uk.pool.ntp.org nomodify notrap nopeer noquery
restrict 1.uk.pool.ntp.org nomodify notrap nopeer noquery
server 0.uk.pool.ntp.org
server 1.uk.pool.ntp.org |
and /etc/conf.d/ntp-client is:
| Code: |
# /etc/conf.d/ntp-client
# Command to run to set the clock initially
# Most people should just leave this line alone ...
# however, if you know what you're doing, and you
# want to use ntpd to set the clock, change this to 'ntpd'
NTPCLIENT_CMD="ntpdate"
# Options to pass to the above command
# This default setting should work fine but you should
# change the default 'pool.ntp.org' to something closer
# to your machine. See http://www.pool.ntp.org/ or
# try running `netselect -s 3 pool.ntp.org`.
NTPCLIENT_OPTS="-b -u 0.uk.pool.ntp.org 1.uk.pool.ntp.org"
# How long to wait (in seconds) before giving up.
# Useful for when you boot and DNS/internet isn't
# really available but you have your net interface
# come up with say a static IP.
NTPCLIENT_TIMEOUT=30
|
Also, in case there's any doubt that my router is set up properly, here's what it is showing:
| Code: |
Allow ntp WAN,* LAN,XXX.XXX.XXX.XXX TCP,1023
|
Also, under virtual server it shows:
| Code: | XXX.XXX.XXX.XXX TCP 123 / 123 always
|
I use this same stuff to open up ssh, etc. without problems.
Alex |
|
| Back to top |
|
|
TinheadNed
Guru
Joined: 05 Apr 2003
Posts: 339
Location: Farnborough, UK
|
| Posted: Mon Jan 22, 2007 9:02 pm Post subject: |
|
|
| I've been banging my head against a similar problem. It turns out that ntp-4.2.4 at the very least is not backwards compatible. I've had all my machines complaining, and a swift upgrade of the slaves is sorting the problem out. |
|
| Back to top |
|
|
herda0505
n00b
Joined: 04 Nov 2004
Posts: 13
|
| Posted: Sun Jan 28, 2007 10:12 pm Post subject: Finally worked |
|
|
I've been working through ntp problems since I've installed it, but I've seemed to resolve them. I think it was something bad in the config. I followed the wiki page. I verified that UDP port 123 was open in my firewall, and went through to make sure that my config file was clear except for what was needed.
| Code: | # NOTES:
# - you should only have to update the server line below
# - if you start getting lines like 'restrict' and 'fudge'
# and you didnt add them, AND you run dhcpcd on your
# network interfaces, be sure to add '-Y -N' to the
# dhcpcd_ethX variables in /etc/conf.d/net
# Name of the servers ntpd should sync with
# Please respect the access policy as stated by the responsible person.
#server ntp.example.tld iburst
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
##
# A list of available servers can be found here:
# http://www.pool.ntp.org/
# http://www.pool.ntp.org/#use
# A good way to get servers for your machine is:
# netselect -s 3 pool.ntp.org
##
# you should not need to modify the following paths
driftfile /var/lib/ntp/ntp.drift
#server ntplocal.example.com prefer
#server timeserver.example.org
# Warning: Using default NTP settings will leave your NTP
# server accessible to all hosts on the Internet.
# If you want to deny all machines (including your own)
# from accessing the NTP server, uncomment:
#restrict default ignore
# To deny other machines from changing the
# configuration but allow localhost:
restrict default nomodify nopeer
restrict 127.0.0.1
# To allow machines within your network to synchronize
# their clocks with your server, but ensure they are
# not allowed to configure the server or used as peers
# to synchronize against, uncomment this line.
#
#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap |
Then I started ntp-client:
| Code: | torwin linux # /etc/init.d/ntp-client start
* Setting clock via the NTP client 'ntpdate' ... [ ok ] |
Then verified the date and started ntpd:
| Code: | torwin linux # date
Sun Jan 28 12:51:43 PST 2007
torwin linux # /etc/init.d/ntpd start
* Starting ntpd ... [ ok ] |
To verify I then ran ntpq:
| Code: | torwin linux # ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
192.52.107.241 47.23.55.84 3 u 4 64 1 273.220 -111.12 0.001
64.81.87.189 17.254.0.28 3 u 3 64 1 62.246 6.787 0.001
|
If the jitter is 4000 then it is not connecting to the time server. You can run ntpq -p directly against a server to see if you get an accurate result:
| Code: | torwin linux # ntpq -p 2.us.pool.ntp.org
remote refid st t when poll reach delay offset jitter
==============================================================================
*time2.apple.com 17.254.0.49 2 u 706 1024 377 25.383 -1.002 0.348
|
I'm not an expert, but from what I can figure out, if you're getting a response back from ntpq -p but you still get a jitter of 4000 using the same pool of servers, then check your config. If you get no result from the ntpq -p then I would check my firewall or network configuration. You can use tcpdump to check if there is communication across port 123 on your firewall. You should see the connection every 64 seconds:
| Code: | [root@osiligarth ~]# tcpdump udp port 123
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:34:21.676388 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > mail.pengdows.com.ntp: NTPv4, Client, length 48
12:34:21.785863 IP mail.pengdows.com.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:34:22.677189 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > crush.brunom.net.ntp: NTPv4, Client, length 48
12:34:22.841309 IP crush.brunom.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:34:23.678051 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > 110.Red-80-33-107.staticIP.rima-tde.net.ntp: NTPv4, Client, length 48
12:34:23.913512 IP 110.Red-80-33-107.staticIP.rima-tde.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:35:25.730574 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > mail.pengdows.com.ntp: NTPv4, Client, length 48
12:35:25.730780 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > crush.brunom.net.ntp: NTPv4, Client, length 48
12:35:25.835370 IP mail.pengdows.com.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:35:25.896840 IP crush.brunom.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:35:29.734040 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > 110.Red-80-33-107.staticIP.rima-tde.net.ntp: NTPv4, Client, length 48
12:35:29.990572 IP 110.Red-80-33-107.staticIP.rima-tde.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:36:28.784038 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > mail.pengdows.com.ntp: NTPv4, Client, length 48
12:36:28.784286 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > crush.brunom.net.ntp: NTPv4, Client, length 48
12:36:28.885014 IP mail.pengdows.com.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:36:28.950428 IP crush.brunom.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
12:36:32.787402 IP c-24-21-131-20.hsd1.or.comcast.net.ntp > 110.Red-80-33-107.staticIP.rima-tde.net.ntp: NTPv4, Client, length 48
12:36:33.022744 IP 110.Red-80-33-107.staticIP.rima-tde.net.ntp > c-24-21-131-20.hsd1.or.comcast.net.ntp: NTPv4, Server, length 48
|
After you get the jitter to a value that's reasonable (i.e. below 4000, I've usually seen some two digit number followed by decimals, like 70.042) you can check syslog to make sure ntpd is working:
| Code: | torwin linux # cat /var/log/everything/current | grep ntpd
Jan 28 12:51:47 [ntpdate] step time server 64.81.199.165 offset 0.041971 sec
Jan 28 12:52:00 [ntpd] ntpd 4.2.2p3@1.1577-o Sun Jan 28 19:40:54 UTC 2007 (1)
Jan 28 12:52:00 [ntpd] precision = 1.000 usec
Jan 28 12:52:00 [ntpd] Listening on interface wildcard, 0.0.0.0#123 Disabled
Jan 28 12:52:00 [ntpd] Listening on interface lo, 127.0.0.1#123 Enabled
Jan 28 12:52:00 [ntpd] Listening on interface eth0, 192.168.2.20#123 Enabled
Jan 28 12:52:00 [ntpd] kernel time sync status 0040
Jan 28 12:56:21 [ntpd] synchronized to 64.81.87.189, stratum 3
Jan 28 13:15:45 [ntpd] kernel time sync enabled 0001
|
I was then able to copy this same config and use it on my ClarkConnect box which is acting as my gateway/firewall, and after a restart ntpd took the config and synced up without a problem.
Dan H. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
