NTP problems--REPOST

• Previous message: Ed McCorduck: "RE: pop won't authenticate my password"
• Next in thread: Rodolfo J. Paiz: "Re: NTP problems--REPOST"
• Maybe reply: Rodolfo J. Paiz: "Re: NTP problems--REPOST"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "'taroon-list@redhat.com'" <taroon-list@redhat.com>, "'redhat-list@redhat.com'" <redhat-list@redhat.com>
Date: Wed, 4 Feb 2004 09:04:36 -0400

I've been struggling with getting NTP working on Linux off-and-on for over a year.

Finally, a week or so ago, I pinpointed the problem to tcp_wrappers, and the brief
details are farther below. I have tcp_w configured to only allow telnet and ftp
from a few management hosts.

I can reproduce the problem everytime, as opposed to what I said below. I just
need to login, add the "ALL:ALL" rule to tcp_w, *logout, and log back in*, and
suddenly ntpdate now works. If I remove the "ALL:ALL" rule, logout, and log back
in, ntpdate no longer works anymore. As if there's some kind of session state that
goes along with logging in.

I've been able to reproduce this on different RedHat Linux versions (7.2 and 2.1AS
with various kernels, and different versions of ntp, yet have not tried a different
version of tcp_w), and have found a few on the 'net with the same/similar problem,
but no solution.

I thought I was on the right track when I found that tcp_w was/seemed to be an issue,
but then did a sniffer trace when ntpdate worked and didn't, and couldn't find any
kind of abnormal traffic that would be blocked.

Tcp_w causing problems just doesn't make any sense... Especially more so when NTP is
using UDP.

Thoughts?

Marco

> -----Original Message-----
> From: Shaw, Marco
> Sent: Sunday, January 25, 2004 8:45 AM
> To: 'taroon-list@redhat.com'; 'redhat-list@redhat.com'
> Subject: RE: NTP problems--UPDATE 2
>
>
> > > > > NTP: I couldn't get it working with 7.2 with various
> > > > kernels, and various NTP packages, and now still can't get it
> > > > working with 2.1AS...
> > > > >
> > > > > ipchains allows all eth0 traffic through (trusted
> > > > interface), yet I cannot get ntp to work.
> > > > >
> > > > > All I get is this, but absolutely *nothing* in tcpdump:
> > > > > # ntpdate -d IP_address_hidden
> > > > > 15 Jan 10:05:59 ntpdate[22868]: ntpdate 4.1.2@1.892 Tue Dec
> > > > 9 11:52:07 EST 2003
> > > > > (1)
> > > > > 15 Jan 10:06:59 ntpdate[22868]: poll(): nfound = 0,
> > error: Success
> > ....
> >
> > OK, a little bit of progress maybe. Whenver ntp fails, lsof
> > prints out
> > the last line below:
> >
> > [root@www-nb03m0 fs]# lsof|grep ntpdate
> > ntpdate 461 root cwd DIR 8,7 4096
> > 144002 /root
> > ntpdate 461 root rtd DIR 8,7 4096 2 /
> > ntpdate 461 root txt REG 8,5 40460
> > 128472 /usr/sbin/ntp
> > date
> > ntpdate 461 root mem REG 8,7 464409
> > 65742 /lib/ld-2.2.4
> > .so
> > ntpdate 461 root mem REG 8,5 44851
> > 64355 /usr/lib/libc
> > ap.so.1.10
> > ntpdate 461 root mem REG 8,7 5737154
> > 64013 /lib/libc-2.2
> > .4.so
> > ntpdate 461 root 0u CHR 136,3
> > 5 /dev/pts/3
> > ntpdate 461 root 1u CHR 136,3
> > 5 /dev/pts/3
> > ntpdate 461 root 2u CHR 136,3
> > 5 /dev/pts/3
> > ntpdate 461 root 3u sock 0,0
> > 175748304 can't identif
> > y protocol
>
> I played with things a bit more, and it seems that
> tcp_wrappers is the problem.
> Unless, I add an "ALL:ALL" line in hosts.allow, I am not able
> to run ntpdate
> As indicated above. Even adding "ALL:NTP Server IP" does not
> help (where "NTP
> Server IP" is the host I'm trying to run ntpdate against).
>
> I'm confused... Tcp_wrappers is for TCP connections, and
> should affect only
> Incoming connections, but tcp_w is even causing problems for
> outgoing packets.
>
> I don't see any DNS traffic at the time that ntpdate is run,
> in case this is
> a resolution problem. I've added the host I'm trying to run
> ntpdate against
> in my /etc/hosts, since I've got a multi-home hosts that uses
> public DNS servers
> yet, my NTP source is inside a/my private network.
>
> Any ideas what tcp_w is doing wrong here?
>
> Marco
>

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

• Previous message: Ed McCorduck: "RE: pop won't authenticate my password"
• Next in thread: Rodolfo J. Paiz: "Re: NTP problems--REPOST"
• Maybe reply: Rodolfo J. Paiz: "Re: NTP problems--REPOST"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Time server...how to set it up on FC1? ... >>The new ntpdate will no longer make the brutal abrupt time adjustment ... > on the evils of ntpdate. ... Protocol (NTP) daemon page. ... Connection closed by foreign host. ... (Fedora) Re: ntp support installation ... Don't bother install NTP ... support if you don't want to keep a local time server. ... If you choose to install NTP support, ... however ntpdate ntp.ubuntu.com syncs to a single UK based ... (Ubuntu) Re: Time change in Linux OS ... ntpdate is a poor poor cousin of ntp. ... Just run ntp. ... ]ntpdate whenever I go online over my dial-up. ... (comp.os.linux.misc) Re: ntp support installation ... Don't bother install NTP ... support if you don't want to keep a local time server. ... If you choose to install NTP support, ... however ntpdate ntp.ubuntu.com syncs to a single UK based ... (Ubuntu) Re: Monitoring the leap second tonight ... While the kernel does step the clock backward, the clock reading routine should remember the last reading and not allow a backward adjustment, unless more than two seconds. ... As for the leap itself, all the radios, FreeBSDs, Solariba, Ultrax and Alphae leaped the leap correctly. ... The CDMA receiver with embedded Linux went bonkers; it took the leap 24 hours ago and stayed that way until after the leap tonight. ... I'm not sure what this means; the CDMA takes its cue from GPS and the CDMA receiver hands off to NTP. ... (comp.protocols.time.ntp)