Re: NTP weirdness

---

• From: Rick Thomas <rbthomas55@xxxxxxxxx>
• Date: Tue, 17 Oct 2006 17:10:25 -0400

---

On Oct 17, 2006, at 3:25 PM, Roberto C. Sanchez wrote:

On Mon, Oct 16, 2006 at 08:02:12PM -0300, Henrique de Moraes Holschuh wrote:

Any NTP drift above half a second means something is completely broken, so
*none* of your client machines are working fine. The two servers seem to
work right. Make sure to also configure the two servers to *peer* each
other, btw.

Do you mean to add them as servers that each queries. So, on server1, I
would put server2 as one of its servers and vice versa?

Not exactly... Let your two servers be "s1" and "s2". On "s1", replace "server s2" in the ntp.conf file, with "peer s2". And vice versa, in server "s2" put "peer s1".

That will cause each of them to treat each other symmetrically as coequals.

The details are all in /usr/share/doc/ntp-doc/html/ . In particular, look in "assoc.htl#symact" for a discussion of the difference between "peer" and "server".

Are your NTP servers configured to allow the other client machines (the two
desktops and the laptop) to establish a client relationship with them? What
does ntpq -p outputs on the client machines?

$ ntpq -p
remote refid st t when poll reach delay offset jitter
====================================================================== ========
yauco.connexer. .INIT. 16 u - 1024 0 0.000 0.000 4000.00
maracaibo.conne .INIT. 16 u - 1024 0 0.000 0.000 4000.00

Those are my two ntp server.

Your clients are not connecting with your servers. The "reach" column is an 8-bit map with a 1 bit for each successful transaction with that server (or peer), and a 0 bit for each unsuccessful attempt at a transaction. So "reach=0" means that the client has not yet succeeded in getting an answer from the server in the last eight trys. Do you have any "restrict" lines in your ntp.conf files (client or server)? If you do, make sure they are doing what you want them to do.

The details are all in /usr/share/doc/ntp-doc/html/ . In particular, read "accopt.html" for explanation of access control options.

Rick


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

---

• References:
  • NTP weirdness
    • From: Roberto C. Sanchez
  • Re: NTP weirdness
    • From: Henrique de Moraes Holschuh
  • Re: NTP weirdness
    • From: Roberto C. Sanchez

• Prev by Date: Re: mail not shown after several days, should I wait or resend?
• Next by Date: Re: Debian Weekly News?
• Previous by thread: SOLVED! Re: NTP weirdness
• Next by thread: Re: NTP weirdness
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: [fw-wiz] Defense in Depth to the Desktop ... > network hardware mechanisms. ... The Strong Internal Network Defense ... The client subnet and the server ... Servers are allowed to reply to clients, ... (Firewall-Wizards) [fw-wiz] Defense in Depth to the Desktop ... network hardware mechanisms. ... controls is highlighted when the internal network and systems suffer ... The client subnet and the server ... Servers are allowed to reply to clients, ... (Firewall-Wizards) Re: [fw-wiz] Defense in Depth to the Desktop ... Sounds a lot like Domain Based Security (not Windows 'domains', ... > network hardware mechanisms. ... The client subnet and the ... Servers are allowed to reply to clients, ... (Firewall-Wizards) Re: What doesnt lend itself to OO? ... objects need to be explicitly maintained....thus the rise of stateless ... of state largely the responsibility of the client. ... object only exists on 1 out of n servers the load balancer needs to ... (comp.object) Re: 1058 and 1030 errors revisited ... Are you sure about the symptoms ie when the11th or 12th user logs ... Does the issue occour only on some machines? ... We have four servers to ... There are about sixty client ... (microsoft.public.windows.group_policy)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)