[LON-CAPA-admin] ntp

Martin Siegert siegert at sfu.ca
Tue Mar 25 21:01:51 EST 2003 

Hi Hon-Kie,

On Tue, Mar 25, 2003 at 04:39:11PM -0500, H. K. Ng wrote:

> I used your configuration file, changing the time servers. It does not 
> solve the problem. I am puzzled why the same configuration works on (only) 
> one of the servers and not the rest. What does ntpd depends on? How should 
> the step-tickers file look like?

The step-tickers file should contain the hostname of your main ntp server
on campus. In our case that is

ntp.sfu.ca

(just a single line with that name). The host in the step-tickers file 
is only used once when you boot your machine: the ntpdate command is
used to set the clock initially before ntpd is started. If the ntpdate
command fails to contact that server your clock is not corrected at
boot time and in all likelyhood ntpd will not work: if your clock differs
by too much (I forget what that amount is) from the clock on the time
server ntpd will not correct your clock.

Try running

/etc/init.d/ntpd stop
/usr/sbin/ntpdate -b -u <hostname from step-tickers>
/etc/init.d/ntpd start

Here at SFU the second command (ntpdate) does not work because of the
-u option: our firewall is configured to let port 123/upp through from
ntp.sfu.ca, however, the -u option uses unpriviledged ports (> 1023)
which are not configure to get through the firewall.

Thus I edited the /etc/init.d/ntpd and deleted the -u option of the
ntpdate command:

/etc/init.d/ntpd stop
/usr/sbin/ntpdate -b <hostname from step-tickers>
/etc/init.d/ntpd start

works for me (the /etc/init.d/ntpd contains a few more options [namely
-s -p 8] which you can leave as is).

In short: ntp depends on
- your firewall letting ntp traffic through (port 123/udp on our systems)
- ntpdate being able to connect to a ntp server so that the clock is
  approximately set correctly when ntpd starts.

Do you find any error messages in /var/log/messages when you do
a "/etc/init.d/ntpd restart" ?
What is the output from "ntpq -p"?
If nothing helps you could run

tcpdump host <hostname from step-tickers>

in one window and then do 

/etc/init.d/ntpd restart

in another and see whether you have traffic between your host and the
ntp server at all.

Cheers,
Martin

More information about the LON-CAPA-admin mailing list