On 2010-10-22, Florin Andrei <[email protected]> wrote: > Config file:
The real issue is the last line in your configuration file... > server 10.10.16.65 iburst > server 10.10.16.64 iburst > server 127.127.1.0 # local clock > fudge 127.127.1.0 stratum 10 The Undisciplined Local Clock driver (127.127.1.x) is not a backup. It merely allows ntpd to claim to be synced to a time source when it is actually free-wheeling. In most cases the Undisciplined Local Clock should only be used by an ntpd which must serve time to others even when no time sources are reachable (or available). > driftfile /etc/ntp/drift It is usually considered bad form to allow daemons to write to the /etc directory. A better place for the drift file is somewhere under /var. > restrict 127.0.0.0 mask 255.0.0.0 > restrict 192.168.3.0 mask 255.255.255.0 nomodify notrap nomodify == "Do not allow this host/subnet to modify the ntpd settings even if they have the correct keys." By default ntpd requires authentication with symmetric keys for modifications made with ntpdc. So if you don't configure symmetric keys for your ntpd, or keep them properly safeguarded, you don't need to use 'nomodify' unless you are concerned that the NTP authentication scheme might be compromised or that someone might start ntpd with -A." notrap == "Do not allow this host/subnet to request a monitoring trap (similar to an SNMP trap)." > restrict default ignore Your default restriction line is telling ntpd to ignore all NTP packets. This includes your remote time servers. The only NTP packets which are being allowed in/out are for 127.0.0.1 and 192.168.3.0/24. This is why these three systems won't sync. At a minimum you should add a restrict line for each of your time servers which sets "relaxed" restrictions. e.g. restrict 10.10.16.64 noquery restrict 10.10.16.65 noquery You could also set a reasonable default restriction which allows only global time service. Then relax the restrictions for localhost and your LAN. You may wish to review http://support.ntp.org/bin/view/Support/AccessRestrictions -- Steve Kostecke <[email protected]> NTP Public Services Project - http://support.ntp.org/ _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
