On 2006-06-14, Emilio Muno <[EMAIL PROTECTED]> wrote: > When I try to run ntpdate in a workstation in my network, my server > fails to send the answer.
> # ntpq -pcrv > > remote refid st t when poll reach delay offset disp >=============================================================== > ntp-nasa.arc.na .INIT. 16 u 201 256 0 0.00 0.000 15937.5 > titan.cais.rnp. .RMOT. 16 u 188 256 0 0.00 0.000 15937.5 > ntp.pucpr.br .INIT. 16 u 194 256 0 0.00 0.000 15937.5 > clock1.redhat.c .INIT. 16 u 213 256 0 0.00 0.000 15937.5 > ntp1.pop-df.rnp .INIT. 16 u - 256 0 0.00 0.000 15937.5 > zibbi.meraka.cs .INIT. 16 u 221 256 0 0.00 0.000 15937.5 > ntp1.us.grundcl .INIT. 16 u 212 256 0 0.00 0.000 15937.5 > ima.cipsga.org. .INIT. 16 u 236 256 0 0.00 0.000 15937.5 > goat.de.20six.n .INIT. 16 u 228 256 0 0.00 0.000 15937.5 > trubadurix.chow .INIT. 16 u 232 256 0 0.00 0.000 15937.5 Your ntpd has not synced established associations with any of these servers. > logfile /var/log/ntpd > logconfig =all > driftfile /etc/ntp/ntp.drift daemons should not be writing in /etc; a directory in /var is a better, and safer, choice. Something like: driftfile /var/lib/ntp/ntp.drift > statsdir /etc/ntp/ statsdir /var/log/ntpstats/ > statistics loopstats peerstats clockstats > filegen loopstats file loopstats type day enable > filegen peerstats file peerstats type day enable > filegen clockstats file clockstats type day enable > > #Lista de servidores > server ntp.nasa.gov prefer > server ntp.cais.rnp.br > server ntp1.pucpr.br > server clock.redhat.com > server titan.cais.rnp.br > server ntp1.rnp.br > server ntp1.icomtek.csir.co.za If you append 'iburst' to your server lines the initial synchronization time can be as low as 15-30 seconds. Without 'iburst' initial synchronization can take ~ 8 minutes. This assumes that you clear up the restriction problem shown below. > #Se todo mundo falhar o proprio servidor vira ntp principal > fudge 127.127.1.0 stratum 10 > broadcastdelay 0.008 You don't need the preceeding two lines. > restrict default notrust nomodify 'notrust' tells ntpd to ignore all NTP packets that are not cryptographicly authenticated. Placing this restriction on your default line causes ntpd all unauthenticated NTP packets from ALL addresses. This is why your ntpd is not listening to the remote time servers. And why ntpdate from another system fails. > #restrict 200.220.0.0 mask 255.255.255.0 nomodify > restrict 200.220.0.0 mask 255.255.128.0 nomodify > #restrict 200.220.0.0 mask 255.255.0.0 nomodify > #restrict 200.220.64.0 mask 255.255.255.0 nomodify > #restrict 200.220.81.0 mask 255.255.255.0 nomodify > #restrict 200.220.74.0 mask 255.255.255.0 nomodify > #restrict 200.220.5.0 mask 255.255.255.0 nomodify > #restrict 200.220.6.10 mask 255.255.255.255 nomodify > #restrict 200.220.13.0 mask 255.255.255.0 nomodify > #restrict 200.220.14.0 mask 255.255.255.0 nomodify > #restrict 200.220.31.0 mask 255.255.255.0 nomodify > #restrict 200.220.0.0 mask 255.255.255.0 nomodify > restrict 129.222.50.21 mask 255.255.255.255 nomodify > restrict 129.222.43.21 mask 255.255.255.255 nomodify > #restrict 200.220.104.0 mask 255.255.255.240 nomodify > restrict 127.0.0.1 nomodify What are all these restrict lines for? http://ntp.isc.org/Support/AccessRestrictions contains a step-by-step guide for setting up your ntpd restrictions. > #Desabilita a autenticaĆ§Ć£o pra rede local > disable auth > broadcastclient You don't need the preceeding two lines. -- Steve Kostecke <[EMAIL PROTECTED]> NTP Public Services Project - http://ntp.isc.org/ _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
