In article <[EMAIL PROTECTED]>, Michael B Allen <[EMAIL PROTECTED]> wrote:
> No firewalls. From the capture I can clearly see only a request and > reply. There's no attempt to communicate with the time server at all. The last two sentences contradict each other. A request is an attempt to communicate. In addition, a reply means that the other side also cooperated in the communication. A firewall might eliminate either the request or reply, but this might be downstream of where you are capturing them. If you have captured the attempt and the response, could we please see copies of them? If you are running a Red Hat derived Linux distribution, and probably several others that are not on a direct line from Red Hat, you will have a firewall and it will be active. > Sounds to me like the config is simply blocking things. I tried reading > the man page but why does this have to be so hard? I just want to There is no official man page for ntpd; the official documentation is in HTML. > setup a simple ntpd for the local machine. It is not hard to set up a simple configuration; a file just consisting of one server line will work. Most newbie problems are the result of: - a firewall that they never even realised was there; - trying to use restrict before they have the basic service working (including using restrict with domain names on multi-homed servers); - using a Windows w32tm machine as a time server; - unnecessary use of the local clock driver; or - not having any reference clocks in the system at all. However, if you have correctly described your setup, I'm a little concerned that there are no associations shown. I'm fairly sure that associations are set up when the outbound request is made. As you've used an IP address, so there should be no issue to do with name resolution, the only reasons I can think of for not seeing any associations are: - the configuration file you are editing is not the one it is using (but then relaxing the restricts wouldn't work either); - you are failing to bind a socket to the server address because there is no route to the server; - maybe the association is built after sending and the firewall is failing the send, but I'm not at all sure that Linux or ntpd work that way. If you are failing to bind sockets or send, I would expect there to be syslog messages relating to those problems. > Is there a tutorial out there with some example configs for standard > setups? A leaf node needs one, basic, server line and nothing else. However, there are advantages in having four independent servers and a drift file, and there is also an advantage in having iburst on the server lines. A leaf node never needs the local clock. Restricting diagnostic is arguably desirable. _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
