NTP Autokey configuration
Hi, I have a two servers both of which are not public, I want to configure one of them as a server and the other as a client for ntpd. What is the exact configuration required in both client and servers to get the autokey protocol working? I shall be thankful if you could send a ntp.conf file which works for a scenario described above. Arindam ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Autokey configuration
On 27/02/2012 14:18, Misra, Arindam wrote: Hi, I have a two servers both of which are not public, I want to configure one of them as a server and the other as a client for ntpd. What is the exact configuration required in both client and servers to get the autokey protocol working? I shall be thankful if you could send a ntp.conf file which works for a scenario described above. Arindam i presume you've tried: http://support.ntp.org/bin/view/Support/ConfiguringAutokey#Section_6.7.2.2. (you'll likely need to use 'freeBSD' paths for /etc/ i.e /usr/local/etc/ if installed from ports). I particulalrly liked *6.7.1 (How to use this guide*) 1. Perform the server set-up before performing the client set-up 2. Follow each step in this guide ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- - Paul Macdonald IFDNRG Ltd Web and video hosting - t: 0131 5548070 m: 07970339546PLEASE NOTE NEW MOBILE e: p...@ifdnrg.com w: http://www.ifdnrg.com - IFDNRG 40 Maritime Street Edinburgh EH6 6SA - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Autokey configuration
Hi, A good start is the manpage of ntp.conf http://www.freebsd.org/cgi/man.cgi?query=ntp.confapropos=0sektion=0manpath=FreeBSD+9.0-RELEASE+and+Portsarch=defaultformat=html The authentification support is described. You have the handbook page for the basics : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-ntp.html Regards, Alexandre On Mon, Feb 27, 2012 at 3:18 PM, Misra, Arindam arindam.mi...@netapp.comwrote: Hi, I have a two servers both of which are not public, I want to configure one of them as a server and the other as a client for ntpd. What is the exact configuration required in both client and servers to get the autokey protocol working? I shall be thankful if you could send a ntp.conf file which works for a scenario described above. Arindam ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
How to confirm/deny ntp is working?
Hi folks, I've read several different sources on setting up ntp on FreeBSD (I'm using 8.1), and they seem to vary a little, so I'm confused about how DO you set this up, and how do you confirm/deny that it's working? I've modified my /etc/ntp.conf file by commenting out: #server 0.freebsd.pool.ntp.org iburst maxpoll 9 #server 1.freebsd.pool.ntp.org iburst maxpoll 9 #server 2.freebsd.pool.ntp.org iburst maxpoll 9 #server 3.freebsd.pool.ntp.org iburst maxpoll 9 and changing them to read (I'm in the U.S.): server 0.US.pool.ntp.org iburst maxpoll 9 server 1.US.pool.ntp.org iburst maxpoll 9 server 2.US.pool.ntp.org iburst maxpoll 9 I have confirmed that I can ping these servers. I've added ntpd_enable=YES and ntpd_sync_on_start=YES to /etc/rc.conf and rebooted the server. 1.) Do I need to manually create the driftfile (/var/db/ntpd.drift)? 2.) Do I need to manually create the logfile (/var/log/ntp.log)? 3.) How do you confirm that FreeeBSD is, in fact, keeping time? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
02.08.2010 23:23, Ed Flecko wrote: 1.) Do I need to manually create the driftfile (/var/db/ntpd.drift)? Nope. 2.) Do I need to manually create the logfile (/var/log/ntp.log)? Nope. 3.) How do you confirm that FreeeBSD is, in fact, keeping time? pgrep ntp ntpq -p echo daily_status_ntpd_enable=yes /etc/periodic.conf -- Sphinx of black quartz judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
you may want add to your ntpd.conf: driftfile /your/drift logfile /your/log to confirm, you can change your system date, and see wether it comes back to normal Samuel Martín Moro {EPITECH.} tek4 CamTrace S.A.S (+033) 1 41 38 37 60 1 Allée de la Venelle 92150 Suresnes FRANCE Nobody wants to say how this works. Maybe nobody knows ... Xorg.conf(5) On Mon, Aug 2, 2010 at 10:23 PM, Ed Flecko edfle...@gmail.com wrote: Hi folks, I've read several different sources on setting up ntp on FreeBSD (I'm using 8.1), and they seem to vary a little, so I'm confused about how DO you set this up, and how do you confirm/deny that it's working? I've modified my /etc/ntp.conf file by commenting out: #server 0.freebsd.pool.ntp.org iburst maxpoll 9 #server 1.freebsd.pool.ntp.org iburst maxpoll 9 #server 2.freebsd.pool.ntp.org iburst maxpoll 9 #server 3.freebsd.pool.ntp.org iburst maxpoll 9 and changing them to read (I'm in the U.S.): server 0.US.pool.ntp.org iburst maxpoll 9 server 1.US.pool.ntp.org iburst maxpoll 9 server 2.US.pool.ntp.org iburst maxpoll 9 I have confirmed that I can ping these servers. I've added ntpd_enable=YES and ntpd_sync_on_start=YES to /etc/rc.conf and rebooted the server. 1.) Do I need to manually create the driftfile (/var/db/ntpd.drift)? 2.) Do I need to manually create the logfile (/var/log/ntp.log)? 3.) How do you confirm that FreeeBSD is, in fact, keeping time? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
Ed == Ed Flecko edfle...@gmail.com writes: Ed and changing them to read (I'm in the U.S.): Ed server 0.US.pool.ntp.org iburst maxpoll 9 Ed server 1.US.pool.ntp.org iburst maxpoll 9 Ed server 2.US.pool.ntp.org iburst maxpoll 9 I believe this is no longer necessary, and in fact, discouraged. The pool.ntp.org servers have some geolocation built in, so the stock version will automatically find and balance load on the existing NTP servers. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
On Mon, August 2, 2010 1:23 pm, Ed Flecko wrote: 3.) How do you confirm that FreeeBSD is, in fact, keeping time? Run ntpq, then type peers at the prompt. You should see some peers listed. If ntp's been running for a while, one of them should have an asterisk next to it (this is the one with which the system is currently synchronizing) and the offset column should show a fairly small number, usually within +/- 100 ms. For example, here's the output from my machine: remote refid st t when poll reach delay offset jitter == +cheezum.mattnor 24.56.178.1402 u 803 1024 377 79.195 -39.637 7.575 *dione.cbane.org 66.220.9.122 2 u 844 1024 377 34.034 -41.063 8.513 LOCAL(0).LOCL. 10 l 45 64 3770.0000.000 0.004 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
Randal L. Schwartz wrote: Ed == Ed Flecko edfle...@gmail.com writes: Ed and changing them to read (I'm in the U.S.): Ed server 0.US.pool.ntp.org iburst maxpoll 9 Ed server 1.US.pool.ntp.org iburst maxpoll 9 Ed server 2.US.pool.ntp.org iburst maxpoll 9 I believe this is no longer necessary, and in fact, discouraged. The pool.ntp.org servers have some geolocation built in, so the stock version will automatically find and balance load on the existing NTP servers. Do we need to ping someone @freebsd.org about it then, say, kensm...@? Just c'suped to 8 recently; mergemaster gave me a new ntp.conf and this is the exact stuff in there ;-) Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
Kevin == Kevin Kinsey k...@daleco.biz writes: Kevin Do we need to ping someone @freebsd.org about it then, say, kensm...@? Kevin Just c'suped to 8 recently; mergemaster gave me a new ntp.conf and Kevin this is the exact stuff in there ;-) Uh, why. Looks like the Right Thing is already in there: server 0.freebsd.pool.ntp.org iburst maxpoll 9 server 1.freebsd.pool.ntp.org iburst maxpoll 9 server 2.freebsd.pool.ntp.org iburst maxpoll 9 #server 3.freebsd.pool.ntp.org iburst maxpoll 9 This conforms with: http://www.pool.ntp.org/en/vendors.html specifically: Get your vendor zone To allow you to use the pool as the default time service in your application, we will set you up with special hostnames, for example 1.vendor.pool.ntp.org, 2.vendor.pool.ntp.org and 3.vendor.pool.ntp.org. You must absolutely not use the default pool.ntp.org zone names as the default configuration in your application or appliance. You can apply for a vendor zone here on the site. So the problem is that the original poster changed it *away* from the freebsd subdomains to the *us* subdomains. This is neither necessary nor advised. That's what I was complaining about. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
On Mon, 2 Aug 2010 22:33:16 +0200 Samuel Martín Moro faus...@gmail.com wrote: you may want add to your ntpd.conf: driftfile /your/drift logfile /your/log They have perfectly good defaults. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
On 2010-08-02 22:31, Volodymyr Kostyrko wrote: 02.08.2010 23:23, Ed Flecko wrote: 1.) Do I need to manually create the driftfile (/var/db/ntpd.drift)? Nope. 2.) Do I need to manually create the logfile (/var/log/ntp.log)? Nope. 3.) How do you confirm that FreeeBSD is, in fact, keeping time? pgrep ntp ntpq -p echo daily_status_ntpd_enable=yes /etc/periodic.conf Shouoldn't it be YES and so that it do not overwrite your present file? echo daily_status_ntpd_enable=YES /etc/periodic.conf /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: How to confirm/deny ntp is working?
03.08.2010 07:28, Leslie Jensen wrote: Shouoldn't it be YES and so that it do not overwrite your present file? echo daily_status_ntpd_enable=YES /etc/periodic.conf Really it doesn't matter about quotes or letter case since this is just simple shell file. But yes, sorry for incorrect redirect. -- Sphinx of black quartz judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Stratum
Jon Radel wrote: DAve wrote: Afternoon from Blizzard central in Indiana, I have three DNS servers across the state that I have installed and configured ntpd on. They seem to be working well except they are announcing themselves as Stratum 0 servers. As many times as I have read the man pages I can't seem to figure out how I *should* set them to announce themselves at a lower stratum. Not enough information about what you're trying to do: Are these synchronized against an outside source of time? Are you using a local source of time such as a GPS receiver? Or are your servers sitting there with nothing but the undisciplined local clock and something like: server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 0 in the config file? What's ntpq -c peers showing? I am syncing with three server from N.us.pool.ntp.org. I have no fudge configured. ]# ntpq -c peers remote refid st t when poll reach delay offset jitter == ns-01.tls.net .INIT. 16 u- 102400.0000.000 4000.00 +www.broadbandja 66.250.45.2 3 u 510 1024 377 61.9443.528 0.230 *point2.adamants 128.138.140.44 2 u 447 1024 377 59.3600.863 0.154 +66.36.239.104 69.64.37.141 3 u 507 1024 377 28.7632.623 1.182 I am pretty sure I am just reading the man pages incorrectly, but then others things seem confusing as well. As a general sort of rule, if you're synchronized to some trusted time from somewhere, your stratum is going to be one higher than the stratum of the server you're synchronized against, and you rather have to go out of your way to override that. Uhhh, the confusing part. Dennis Glatting wrote: If you have them sync'd to external servers your servers will assume a stratum lower than those. I vote for higher, I have no fudge configured and my servers are claiming to be stratum 0 when I check them from outside. But!! Never trusting my observations until checking again, I see when I tested that my clocks were off. So if I cannot sync, my server continues to answer time queries but claims to be stratum 0. I am thinking I am getting closer to grasping this. DAve -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Adams http://appleseedinfo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Stratum
On Feb 8, 2010, at 6:16 AM, DAve wrote: I am syncing with three server from N.us.pool.ntp.org. I have no fudge configured. ]# ntpq -c peers remote refid st t when poll reach delay offset jitter == ns-01.tls.net .INIT. 16 u- 102400.0000.000 4000.00 +www.broadbandja 66.250.45.2 3 u 510 1024 377 61.9443.528 0.230 *point2.adamants 128.138.140.44 2 u 447 1024 377 59.3600.863 0.154 +66.36.239.104 69.64.37.141 3 u 507 1024 377 28.7632.623 1.182 I am pretty sure I am just reading the man pages incorrectly, but then others things seem confusing as well. A stratum-0 timesource is a reference clock like a GPS signal, atomic clock, or other very-high-quality timesource. A computer running ntpd can sync time to such a device, and will thus be a stratum-1 timeserver. Seeing NTP packets claiming to be stratum-0 is a sure indication that the ntpd thinks it is not properly synchronized, and NTP clients should ignore this timesource as a consequence. See: http://www.ntp.org/ntpfaq/NTP-s-algo.htm#Q-ALGO-BASIC-STRATUM The stratum is a measure for synchronization distance. Opposed to jitter or delay the stratum is a more static measure. Basically (and from the perspective from a client) it is the number of servers to a reference clock. So a reference clock itself appears at stratum 0, while the closest servers are at stratum 1. On the network there is no valid NTP message with stratum 0. [ ... ] I vote for higher, I have no fudge configured and my servers are claiming to be stratum 0 when I check them from outside. But!! Never trusting my observations until checking again, I see when I tested that my clocks were off. So if I cannot sync, my server continues to answer time queries but claims to be stratum 0. I am thinking I am getting closer to grasping this. That's correct. If you run something like: # ntpq -pc rv localhost assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg, version=ntpd 4.2.4p5-a Tue Jan 12 18:52:12 EST 2010 (1), processor=i386, system=FreeBSD/6.4-STABLE, leap=00, stratum=2, precision=-19, rootdelay=33.115, rootdispersion=28.426, peer=51948, refid=18.26.4.105, reftime=cf1b25fa.21d555c1 Mon, Feb 8 2010 19:08:26.132, poll=9, clock=cf1b2a9f.c570e0a6 Mon, Feb 8 2010 19:28:15.771, state=4, offset=-0.042, frequency=19.313, jitter=1.902, noise=0.625, stability=0.001, tai=0 remote refid st t when poll reach delay offset jitter == +ntp.pbx.org 192.5.41.40 2 u 477 512 377 30.7441.763 0.702 *bonehed.lcs.mit .GPS.1 u 165 512 377 33.115 -0.495 0.157 -hickory.cc.colu 128.59.39.48 2 u 482 512 377 30.9433.618 0.468 +time1.apple.com 17.72.133.55 2 u 465 512 377 54.5721.374 8.022 rrcs-24-103-228 18.26.4.105 2 u 505 512 377 34.623 -11.983 1.139 rrcs-24-103-228 .INIT. 16 u- 51200.0000.000 0.000 ...pay attention to the status in the first line, which in the above case reads sync_ntp. I bet you're getting sync_unspec for your status. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NTP Stratum
Afternoon from Blizzard central in Indiana, I have three DNS servers across the state that I have installed and configured ntpd on. They seem to be working well except they are announcing themselves as Stratum 0 servers. As many times as I have read the man pages I can't seem to figure out how I *should* set them to announce themselves at a lower stratum. Anyone got a heads up for me? Thanks, DAve -- Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it. John Adams http://appleseedinfo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Stratum
DAve wrote: Afternoon from Blizzard central in Indiana, I have three DNS servers across the state that I have installed and configured ntpd on. They seem to be working well except they are announcing themselves as Stratum 0 servers. As many times as I have read the man pages I can't seem to figure out how I *should* set them to announce themselves at a lower stratum. Not enough information about what you're trying to do: Are these synchronized against an outside source of time? Are you using a local source of time such as a GPS receiver? Or are your servers sitting there with nothing but the undisciplined local clock and something like: server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 0 in the config file? What's ntpq -c peers showing? As a general sort of rule, if you're synchronized to some trusted time from somewhere, your stratum is going to be one higher than the stratum of the server you're synchronized against, and you rather have to go out of your way to override that. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Replacing base NTP with ports NTP
Greetings all and sundry About 3 months ago I built myself a time server using 8.0-RC3, IIRC, and I upgraded to 8.0-RELEASE (and now -p2). Naturally, as I want this server to provide time services, I've installed the net/ntp port, among others. Recently, for reasons that have become lost in the mists of time, I noticed that I wasn't running the port version of NTP (/usr/local/sbin/ntpd), but the version installed with the base system (/usr/sbin/ntpd). For the immediate term, I've renamed the base versions of the files in /usr/sbin, and then symlinked to the port version (in /usr/local) - ntpd is now the ports version, as are most of the tools. This does, however, seem like a rather silly way of getting the most current NTPd running. I cannot, for the life of me, figure out how to get the Ports version of NTP to overwrite the base system's NTP. Yet I'm sure (since there *is* a port of NTP) there must be a better way to do this. Can anyone point me in the direction of some documentation? Dave. -- David Rawling PD Consulting And Security Mob: +61 412 135 513 Email: d...@pdconsec.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Replacing base NTP with ports NTP
On Sat, Jan 30, 2010 at 8:06 AM, David Rawling d...@pdconsec.net wrote: About 3 months ago I built myself a time server using 8.0-RC3, IIRC, and I upgraded to 8.0-RELEASE (and now -p2). Naturally, as I want this server to provide time services, I've installed the net/ntp port, among others. Recently, for reasons that have become lost in the mists of time, I noticed that I wasn't running the port version of NTP (/usr/local/sbin/ntpd), but the version installed with the base system (/usr/sbin/ntpd). For the immediate term, I've renamed the base versions of the files in /usr/sbin, and then symlinked to the port version (in /usr/local) - ntpd is now the ports version, as are most of the tools. This does, however, seem like a rather silly way of getting the most current NTPd running. I cannot, for the life of me, figure out how to get the Ports version of NTP to overwrite the base system's NTP. Yet I'm sure (since there *is* a port of NTP) there must be a better way to do this. Can anyone point me in the direction of some documentation? David- I'm not going to claim that this is the best way either, but if you're doing source installs you could just set WITHOUT_NTP=true in /etc/src.conf to disable the installation of the system one. You can use man src.conf to find out more about this. I stop installations of a bunch of standard services this way -- lpr, bind, nis, sendmail, etc. make delete-old from your source build will clean up those files that are no longer used. Hope this helps, Ben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Replacing base NTP with ports NTP
On Saturday 30 January 2010, David Rawling d...@pdconsec.net wrote: Greetings all and sundry Hello David, About 3 months ago I built myself a time server using 8.0-RC3, IIRC, and I upgraded to 8.0-RELEASE (and now -p2). Naturally, as I want this server to provide time services, I've installed the net/ntp port, among others. Recently, for reasons that have become lost in the mists of time, I noticed that I wasn't running the port version of NTP (/usr/local/sbin/ntpd), but the version installed with the base system (/usr/sbin/ntpd). OK, rc.conf(5) does the trick. Look here for an overview of rc.conf: http://www.freebsd.org/doc/handbook/configtuning-rcd.html And try the next command to gather information about rc.conf(5): man 5 rc.conf Possibly you are looking for the /ntpd_program/ variable (from the manual page): -8--8--8- ntpd_program (str) Path to ntpd(8) (default /usr/sbin/ntpd). -8--8--8- For the immediate term, I've renamed the base versions of the files in /usr/sbin, and then symlinked to the port version (in /usr/local) - ntpd is now the ports version, as are most of the tools. This does, however, seem like a rather silly way of getting the most current NTPd running. Bad practice... ;) I cannot, for the life of me, figure out how to get the Ports version of NTP to overwrite the base system's NTP. Yet I'm sure (since there *is* a port of NTP) there must be a better way to do this. No problem, just try the configuration above. Also, you do not need to restart the complete system, just proceed as follows: 1. As root stop ntpd: # /etc/rc.d/ntpd stop 2. Edit the /etc/rc.conf file... 3. Start ntpd: # /etc/rc.d/ntpd start Can anyone point me in the direction of some documentation? Dave. Best regards, -- | Daniel Molina dmw [at] coder [dot] cl | | IT Consulting Software Development| | Phone: +56 2 9790277 | http://coder.cl/ | signature.asc Description: This is a digitally signed message part.
Re: Replacing base NTP with ports NTP
On Sun, 31 Jan 2010 02:06:53 +1100 David Rawling d...@pdconsec.net articulated: Greetings all and sundry About 3 months ago I built myself a time server using 8.0-RC3, IIRC, and I upgraded to 8.0-RELEASE (and now -p2). Naturally, as I want this server to provide time services, I've installed the net/ntp port, among others. Recently, for reasons that have become lost in the mists of time, I noticed that I wasn't running the port version of NTP (/usr/local/sbin/ntpd), but the version installed with the base system (/usr/sbin/ntpd). For the immediate term, I've renamed the base versions of the files in /usr/sbin, and then symlinked to the port version (in /usr/local) - ntpd is now the ports version, as are most of the tools. This does, however, seem like a rather silly way of getting the most current NTPd running. I cannot, for the life of me, figure out how to get the Ports version of NTP to overwrite the base system's NTP. Yet I'm sure (since there *is* a port of NTP) there must be a better way to do this. Can anyone point me in the direction of some documentation? Dave. From the /etc/defaults/rc.conf file: ntpdate_enable=NO # Run ntpdate to sync time on boot (or NO). ntpdate_program=/usr/sbin/ntpdate # path to ntpdate, if you want a different one. ntpdate_flags=-b # Flags to ntpdate (if enabled). ntpdate_config=/etc/ntp.conf # ntpdate(8) configuration file ntpdate_hosts=# Whitespace-separated list of ntpdate(8) servers. ntpd_enable=NO# Run ntpd Network Time Protocol (or NO). ntpd_program=/usr/sbin/ntpd # path to ntpd, if you want a different one. ntpd_config=/etc/ntp.conf # ntpd(8) configuration file ntpd_sync_on_start=NO # Sync time on ntpd startup, even if offset is high ntpd_flags=-p /var/run/ntpd.pid -f /var/db/ntpd.drift # Flags to ntpd (if enabled). Enter the appropriate line(s) into your /etc/rc.conf file. DO NOT modify the /etc/defaults/rc.conf file. -- Jerry ges...@yahoo.com |=== |=== |=== |=== | You will soon meet a person who will play an important role in your life. signature.asc Description: PGP signature
ntp
this is my ntp.conf su-3.2# cat /usr/local/etc/ntp.conf server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org server 3.us.pool.ntp.org su-3.2# ntpq -p remote refid st t when poll reach delay offset jitter == mx .RMOT. 16 u- 102400.0000.000 0.000 su-3.2# this isn't the first time, but after a while my ntp stops working :( i dont know what to do... any suggestions? -- http://alexus.org/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ntp
alexus wrote: this is my ntp.conf su-3.2# cat /usr/local/etc/ntp.conf server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org server 3.us.pool.ntp.org su-3.2# ntpq -p remote refid st t when poll reach delay offset jitter == mx .RMOT. 16 u- 102400.0000.000 0.000 su-3.2# this isn't the first time, but after a while my ntp stops working :( i dont know what to do... any suggestions? It's /etc/ntp.conf if you're using the ntpd that comes with the base system in FreeBSD. Unless you're running you own PPS clock or engaged in developing NTP, there's much point in installing the ports version. Even so, it seems you have a problem connecting to a remote NTP server. Can you do the following: First, choose one of the IPs returned from one of those pool.ntp.org addresses: % host 0.us.pool.ntp.org 0.us.pool.ntp.org has address 216.45.57.38 0.us.pool.ntp.org has address 64.22.86.210 0.us.pool.ntp.org has address 69.36.241.112 0.us.pool.ntp.org has address 69.56.251.238 0.us.pool.ntp.org has address 169.229.70.201 Then test that you can get NTP packets to and from between that machine and your own by using ntpq(8): % ntpq -p 216.45.57.38 remote refid st t when poll reach delay offset jitter == +clock.via.net .GPS.1 u 698 1024 3778.8320.232 0.125 -timekeeper.isi. .GPS.1 u 1915 1024 3767.5090.416 18.394 +clock.sjc.he.ne .CDMA. 1 u 109 1024 377 10.0850.262 0.066 -nist1.symmetric .ACTS. 1 u 73 1024 377 13.380 -0.470 0.172 -rrcs-64-183-55- .GPS.1 u 645 1024 377 25.310 -3.634 2.929 -rrcs-64-183-56- .GPS.1 u 625 1024 377 13.364 -3.183 1.270 -nist1.aol-ca.tr .ACTS. 1 u 947 1024 3779.8603.786 0.029 -clock.isc.org .GPS.1 u 98 1024 377 10.025 -6.679 0.005 -gps.layer42.net .GPS.1 u 113 1024 377 12.3150.042 0.388 -gatekeeper.no-s .PPS.1 u 662 1024 377 27.1653.409 78.001 -nist1-sj.witime .ACTS. 1 u 675 1024 3779.2045.834 0.780 *clepsydra.dec.c .GPS.1 u 867 1024 3779.9880.283 0.123 -time.nist.gov .ACTS. 1 u 933 1024 377 33.453 -1.888 1.615 ntp2.lax-noc.co 204.123.2.5 2 u 935 1024 3770.1220.467 0.015 LOCAL(0).LOCL. 9 l 23 64 3770.0000.000 0.002 If you don't get output like this showing a list of reference servers from any of the available addresses, then I'd suspect something like over restrictive firewall rules blocking the traffic. If you do get a response then the problem is localised on your machine. In which case, try stripping out and NTP related ports you've installed, configure the base system ntpd(8) and see if that works better for you. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: NTP Client synchronization with a Windows 2003/2008
On Wednesday 14 October 2009 18:04:41 Jacques Henry wrote: Alternatively, from the commandline try ntpd -g -q -c /etc/ntp.conf The -g flag allows ntpd to set the clock once regardless of the offset and the -q causes it to quit after setting the time. I tried this command without success... I can see the NTP packets (client and server) but the clock is never set Are you running with an elevated securelevel? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
2009/10/15 Chris Hill ch...@monochrome.org On Wed, 14 Oct 2009, Jacques Henry wrote: The 19 minutes between when I sent my suggestions and you responded is hardly enough time to see if ntpd was slewing the time. Slewing 587 seconds takes days. The thing is that ntpd is not slewing the time at all, even after several hours!! If I may pipe up... Can you not set the clock manually, then let ntpd take it from there? Seems like your clock would become synced a lot faster if it started out close. Sorry if I'm being naive, but this seemed like the obvious thing to do. -- Chris Hill ch...@monochrome.org ** [ Busy Expunging | ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org sometimes the crude and simple methods are the best 8) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
If I may pipe up... Can you not set the clock manually, then let ntpd take it from there? Seems like your clock would become synced a lot faster if it started out close. Sorry if I'm being naive, but this seemed like the obvious thing to do. Don't apologize! Any input is valuable! But I don't quite understand what you meant about let ntpd take it from here or if it started out close... (I am French and maybe you're using a figure of language I don't understand...) Are you running with an elevated securelevel? No the Secure Level is -1... But I've found the beginning of a solution... It doesn't come from ntpd but from the Windows Time Server. When configured to sync with its internal clock, the NTP Server IP packets that goes to the client contain strange values (rootdispersion, etc.) that are higher than expected. Thus, ntpd doesn't consider the Windows Server as a reliable source. But once the windows server configured to sync with an external source, it works! The IP packets generated from the windows server begin to look like real and reliable answer to ntpd... I'm working now on a correct configuration of the Windows Server. Thanks again to all! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
On Tuesday 13 October 2009 18:44:57 Jon Radel wrote: Jacques Henry wrote: I commented the commands involved and nothing changed... (with only 10 minutes of time difference) The 19 minutes between when I sent my suggestions and you responded is hardly enough time to see if ntpd was slewing the time. Slewing 587 seconds takes days. I even tried to force the sync: U450XA0A0800650nstop ntp U450XA0A0800650ntpd -x -n -q -c /var/ntp.conf U450XA0A0800650nstart ntp Are you sure that -x in there, telling ntpd to not step unless the offset is over 600 sec, doesn't override what you're trying to do with the -q? How about you try simple: ntpdate the_windows_server and see what that does? After that look in /var/log/messages. In fact I am still quite convinced that the MS implementation isn't totally compliant with the client... Could be, but ntpq was showing that your ntpd was accepting time data from the Windows server at least on some level. Alternatively, from the commandline try ntpd -g -q -c /etc/ntp.conf The -g flag allows ntpd to set the clock once regardless of the offset and the -q causes it to quit after setting the time. In /etc/rc.conf, all you should need is ntpd_enable=YES ntpd_sync_on_start=YES The second option adds -g to the ntpd flags, allowing it to set the clock at startup and continue running. Jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
The 19 minutes between when I sent my suggestions and you responded is hardly enough time to see if ntpd was slewing the time. Slewing 587 seconds takes days. The thing is that ntpd is not slewing the time at all, even after several hours!! Are you sure that -x in there, telling ntpd to not step unless the offset is over 600 sec, doesn't override what you're trying to do with the -q? How about you try simple: ntpdate the_windows_server and see what that does? After that look in /var/log/messages. I don't have that command on my system... Alternatively, from the commandline try ntpd -g -q -c /etc/ntp.conf The -g flag allows ntpd to set the clock once regardless of the offset and the -q causes it to quit after setting the time. I tried this command without success... I can see the NTP packets (client and server) but the clock is never set with the debugging option enabled (-D 3), at the end I get: ... ... poll_update: at 15 172.30.1.5 flags 0201 poll 6 burst 1 last 1 next 17 read_network_packet: fd=22 length 48 from ac1e0105 172.30.1.5 receive: at 15 172.30.1.250-172.30.1.5 flags 19 restrict 080 receive: at 15 172.30.1.250-172.30.1.5 mode 4 code 1 auth 0 packet: flash header 0040 addto_syslog: no reply; clock not set ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
On Wed, 14 Oct 2009, Jacques Henry wrote: The 19 minutes between when I sent my suggestions and you responded is hardly enough time to see if ntpd was slewing the time. Slewing 587 seconds takes days. The thing is that ntpd is not slewing the time at all, even after several hours!! If I may pipe up... Can you not set the clock manually, then let ntpd take it from there? Seems like your clock would become synced a lot faster if it started out close. Sorry if I'm being naive, but this seemed like the obvious thing to do. -- Chris Hill ch...@monochrome.org ** [ Busy Expunging | ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NTP Client synchronization with a Windows 2003/2008
Hello, I am using a System based on FreeBSD 6.3. On this System an automatically generated ntpd.conf file is generated in order to synchronize the System clock with a NTP Server. I want to use a Windows 2003 or 2008 Server to act as the NTP Server. On the Windows System the NTP Server (Windows Time Service) is *correctly* running. The thing is that even if there are NTP traffic between the client and the Server (NTP Client and Server IP packet), My FreeBSD is not synchronizing at all: freebsd-clientntpq -p 127.0.0.1 remote refid st t when poll reach delay offset jitter === NTP_server 192.168.10.6 2 u 103 102411.037 -587367 0.002 As you can see the offset is huge and never decreases as in a normal way... My ntpd.conf file looks like: --- # File is automatically generated # Do not edit tinker panic 1 tinker step 1 # ntp servers list server 172.30.1.5 # files informations driftfile /etc/ntp.drift # restriction informations restrict default ignore # do not allow request by default restrict 127.0.0.1 # allow localhost for debugging restrict 172.30.1.5 nomodify my ntp.drift file -101.101 I know that maybe the Microsoft NTP/SNTP implementation is not RFC-compliant, but is there a way to configure my NTP client in a more compatible (less strict) way to adjust its time with a Windows Server? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NTP Client synchronization with a Windows 2003/2008
Hello, I am using a System based on FreeBSD 6.3. On this System an automatically generated ntpd.conf file is generated in order to synchronize the System clock with a NTP Server. I want to use a Windows 2003 or 2008 Server to act as the NTP Server. On the Windows System the NTP Server (Windows Time Service) is *correctly* running. The thing is that even if there are NTP traffic between the client and the Server (NTP Client and Server IP packet), My FreeBSD is not synchronizing at all: freebsd-clientntpq -p 127.0.0.1 remote refid st t when poll reach delay offset jitter === NTP_server 192.168.10.6 2 u 103 102411.037 -587367 0.002 As you can see the offset is huge and never decreases as in a normal way... My ntpd.conf file looks like: --- # File is automatically generated # Do not edit tinker panic 1 tinker step 1 # ntp servers list server 172.30.1.5 # files informations driftfile /etc/ntp.drift # restriction informations restrict default ignore # do not allow request by default restrict 127.0.0.1 # allow localhost for debugging restrict 172.30.1.5 nomodify my ntp.drift file -101.101 I know that maybe the Microsoft NTP/SNTP implementation is not RFC-compliant, but is there a way to configure my NTP client in a more compatible (less strict) way to adjust its time with a Windows Server? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
On Tue, 13 Oct 2009 17:13:16 +0200 Jacques Henry (caramba...@googlemail.com) replied: Hello, I am using a System based on FreeBSD 6.3. On this System an automatically generated ntpd.conf file is generated in order to synchronize the System clock with a NTP Server. I want to use a Windows 2003 or 2008 Server to act as the NTP Server. On the Windows System the NTP Server (Windows Time Service) is *correctly* running. The thing is that even if there are NTP traffic between the client and the Server (NTP Client and Server IP packet), My FreeBSD is not synchronizing at all: freebsd-clientntpq -p 127.0.0.1 remote refid st t when poll reach delay offset jitter === NTP_server 192.168.10.6 2 u 103 102411.037 -587367 0.002 As you can see the offset is huge and never decreases as in a normal way... My ntpd.conf file looks like: --- # File is automatically generated # Do not edit tinker panic 1 tinker step 1 # ntp servers list server 172.30.1.5 # files informations driftfile /etc/ntp.drift # restriction informations restrict default ignore # do not allow request by default restrict 127.0.0.1 # allow localhost for debugging restrict 172.30.1.5 nomodify my ntp.drift file -101.101 I know that maybe the Microsoft NTP/SNTP implementation is not RFC-compliant, but is there a way to configure my NTP client in a more compatible (less strict) way to adjust its time with a Windows Server? You might want to check out these two URL's for starters: http://lists.ntp.isc.org/pipermail/questions/2007-January/012469.html http://msdn.microsoft.com/en-us/library/ms884917.aspx -- Jerry ges...@yahoo.com My folks didn't come over on the Mayflower, but they were there to meet the boat. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
Jacques Henry wrote: Hello, I am using a System based on FreeBSD 6.3. On this System an automatically generated ntpd.conf file is generated in order to synchronize the System clock with a NTP Server. I want to use a Windows 2003 or 2008 Server to act as the NTP Server. On the Windows System the NTP Server (Windows Time Service) is *correctly* running. The thing is that even if there are NTP traffic between the client and the Server (NTP Client and Server IP packet), My FreeBSD is not synchronizing at all: freebsd-clientntpq -p 127.0.0.1 remote refid st t when poll reach delay offset jitter === NTP_server 192.168.10.6 2 u 103 102411.037 -587367 0.002 As you can see the offset is huge and never decreases as in a normal way... My ntpd.conf file looks like: --- # File is automatically generated # Do not edit tinker panic 1 tinker step 1 My man page for ntp.conf clearly states in regards to the tinker command: The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. In general, they interact in intricate ways that are hard to predict and some combinations can result in some very nasty behavior. Very rarely is it necessary to change the default values; but, some folks cannot resist twisting the knobs anyway and this com- mand is for them. Emphasis added: twisters are on their own and can expect no help from the support group. so the very first thing you might want to try is to comment out the tinker commands, in particular the panic one. I'm not sure that after you set the panic threshold to 1 second you should expect your ntpd to pay any attention to servers with an offset of 587 seconds. If that fails, consider setting ntpdate_enable=YES ntpdate_hosts=NTP_server in your /etc/rc.conf and simply stepping to the correct time at boot time. In short, I don't think this has anything with a Windows server being involved, and everything to do with starting off almost 10 minutes off and a config file that says to never make a step correction larger than 1 second and to panic if you see an offset of over 1 second. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: NTP Client synchronization with a Windows 2003/2008
2009/10/13 Jacques Henry caramba...@googlemail.com Hello, I am using a System based on FreeBSD 6.3. On this System an automatically generated ntpd.conf file is generated in order to synchronize the System clock with a NTP Server. I want to use a Windows 2003 or 2008 Server to act as the NTP Server. On the Windows System the NTP Server (Windows Time Service) is *correctly* running. The thing is that even if there are NTP traffic between the client and the Server (NTP Client and Server IP packet), My FreeBSD is not synchronizing at all: freebsd-clientntpq -p 127.0.0.1 remote refid st t when poll reach delay offset jitter === NTP_server 192.168.10.6 2 u 103 102411.037 -587367 0.002 As you can see the offset is huge and never decreases as in a normal way... My ntpd.conf file looks like: --- # File is automatically generated # Do not edit tinker panic 1 tinker step 1 # ntp servers list server 172.30.1.5 # files informations driftfile /etc/ntp.drift # restriction informations restrict default ignore # do not allow request by default restrict 127.0.0.1 # allow localhost for debugging restrict 172.30.1.5 nomodify my ntp.drift file -101.101 I know that maybe the Microsoft NTP/SNTP implementation is not RFC-compliant, but is there a way to configure my NTP client in a more compatible (less strict) way to adjust its time with a Windows Server? Thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ntpd wont resync if the time difference is to big, as it assumes something is wrong as you would have set the system clock roughly correct. To fix stop ntpd, then do an ntpdate against the server. This should set the time. Now run ntpd again also set the following variables to a server of your choosing to make sure ntpdate is run 1st on boot $ grep ntp /etc/rc.conf* /etc/rc.conf:ntpdate_flags=uk.pool.ntp.org /etc/rc.conf:ntpdate_enable=YES /etc/rc.conf:ntpd_enable=YES ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: NTP Client synchronization with a Windows 2003/2008
ntpd wont resync if the time difference is to big, as it assumes something is wrong as you would have set the system clock roughly correct. To fix stop ntpd, then do an ntpdate against the server. This should set the time. Now run ntpd again also set the following variables to a server of your choosing to make sure ntpdate is run 1st on boot $ grep ntp /etc/rc.conf* /etc/rc.conf:ntpdate_flags=uk.pool.ntp.org /etc/rc.conf:ntpdate_enable=YES /etc/rc.conf:ntpd_enable=YES I cannot do that because I have no Internet access... so the very first thing you might want to try is to comment out the tinker commands, in particular the panic one. I'm not sure that after you set the panic threshold to 1 second you should expect your ntpd to pay any attention to servers with an offset of 587 seconds. If that fails, consider setting ntpdate_enable=YES ntpdate_hosts=NTP_server in your /etc/rc.conf and simply stepping to the correct time at boot time. In short, I don't think this has anything with a Windows server being involved, and everything to do with starting off almost 10 minutes off and a config file that says to never make a step correction larger than 1 second and to panic if you see an offset of over 1 second. I commented the commands involved and nothing changed... (with only 10 minutes of time difference) I even tried to force the sync: U450XA0A0800650nstop ntp U450XA0A0800650ntpd -x -n -q -c /var/ntp.conf U450XA0A0800650nstart ntp In fact I am still quite convinced that the MS implementation isn't totally compliant with the client... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP Client synchronization with a Windows 2003/2008
Jacques Henry wrote: I commented the commands involved and nothing changed... (with only 10 minutes of time difference) The 19 minutes between when I sent my suggestions and you responded is hardly enough time to see if ntpd was slewing the time. Slewing 587 seconds takes days. I even tried to force the sync: U450XA0A0800650nstop ntp U450XA0A0800650ntpd -x -n -q -c /var/ntp.conf U450XA0A0800650nstart ntp Are you sure that -x in there, telling ntpd to not step unless the offset is over 600 sec, doesn't override what you're trying to do with the -q? How about you try simple: ntpdate the_windows_server and see what that does? After that look in /var/log/messages. In fact I am still quite convinced that the MS implementation isn't totally compliant with the client... Could be, but ntpq was showing that your ntpd was accepting time data from the Windows server at least on some level. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
using own ntp server
If I have understand ntp right it is possible to hook up my machines to the machine running the ntp server. nevertheless I am not able to find anywhere helping me with configuring these machines to connect to my server and I am still not bright enough to figure out the syntax myself. Does anyone know about a web page or anything that my Googling have missed ? Or perhaps I have gailed to grasp nto correct, and all machines must be configured like the handbook says to connect to external machines ? Blessed Be kenneth, Norway ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: using own ntp server
kenneth hatteland wrote: If I have understand ntp right it is possible to hook up my machines to the machine running the ntp server. nevertheless I am not able to find anywhere helping me with configuring these machines to connect to my server and I am still not bright enough to figure out the syntax myself. Does anyone know about a web page or anything that my Googling have missed ? Or perhaps I have gailed to grasp nto correct, and all machines must be configured like the handbook says to connect to external machines ? Leaving aside two areas which could cover a multitude of complications should you pursue them, namely 1) You start setting various security settings and make your ntp server effectively unreachable, or 2) the ability of your local server to multicast time data, your local ntp server should look like any other ntp server to which you have access (other than for less latency and jitter should your network be normal). Put server IP_OR_FQDN_OF_LOCAL_NTP_SERVER_HERE in the ntp.conf of your client machines and see what happens. The peers query from the ntpq program should let you know if you have success or have somehow locked yourself out / blocked access. Feel free to give us specifics of what you're doing if this doesn't work. BTW, the above assumes that you mean setting up your various local machines to all use ntpd, but not all query outside machines. If this isn't it, you're going to have to tell us what you mean by hook up my machines to the machine running the ntp server. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: using own ntp server
2009/10/11 kenneth hatteland kenneth.hattel...@kleppnett.no: If I have understand ntp right it is possible to hook up my machines to the machine running the ntp server. nevertheless I am not able to find anywhere helping me with configuring these machines to connect to my server and I am still not bright enough to figure out the syntax myself. Does anyone know about a web page or anything that my Googling have missed ? Or perhaps I have gailed to grasp nto correct, and all machines must be configured like the handbook says to connect to external machines ? Take a look at OpenNTPD from OpenBSD. There are only two, three configuration options. :) For server: listen on * servers pool.ntp.org For clients: server 10.0.0.1 -- Artis Caune Everything should be made as simple as possible, but not simpler. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ntp problem
On Apr 20, 2009, at 11:19 AM, Lisa Casey wrote: Running FreeBSD 5.3 IN /etc/ntp.conf I have: server time.nist.gov prefer server tock.gpsclock.com Your actual question has already been answered, but I'd like to point out that people really shouldn't be using those NTP servers unless you have a very specific reason to. You will get just as good (or better) time and help distribute load if you use server 0.north-america.pool.ntp.org server 1.north-america.pool.ntp.org server 2.north-america.pool.ntp.org server 3.north-america.pool.ntp.org (I'm assuming that north-america is appropriate for you given you current setting). And if you have a static IP address and a reliable connection and server (good network uptime), please consider joining the pool. It takes negligible resources. http://www.pool.ntp.org/en/join.html And more information about this pool of NTP servers is available at http://www.pool.ntp.org/ -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ntp problem
Hi, Running FreeBSD 5.3 IN /etc/ntp.conf I have: server time.nist.gov prefer server tock.gpsclock.com driftfile /etc/ntp.drift logfile /var/log/ntp.log If I run ntpdate from a prompt, I get the following error message: # ntpdate 20 Apr 12:02:08 ntpdate[50109]: no servers can be used, exiting But if I type: ntpdate time.nist.gov it will update the time. Is there something wrong with my /etc/ntp.conf file? Lisa Casey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ntp problem
Lisa Casey wrote: Running FreeBSD 5.3 IN /etc/ntp.conf I have: server time.nist.gov prefer server tock.gpsclock.com driftfile /etc/ntp.drift logfile /var/log/ntp.log If I run ntpdate from a prompt, I get the following error message: # ntpdate 20 Apr 12:02:08 ntpdate[50109]: no servers can be used, exiting But if I type: ntpdate time.nist.gov it will update the time. Is there something wrong with my /etc/ntp.conf file? Give it some time (15-20 minutes or so). It will start to work like magic. -- Frederique ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ntp problem
Lisa Casey wrote: Hi, Running FreeBSD 5.3 IN /etc/ntp.conf I have: server time.nist.gov prefer server tock.gpsclock.com driftfile /etc/ntp.drift logfile /var/log/ntp.log If I run ntpdate from a prompt, I get the following error message: # ntpdate 20 Apr 12:02:08 ntpdate[50109]: no servers can be used, exiting But if I type: ntpdate time.nist.gov it will update the time. Is there something wrong with my /etc/ntp.conf file? I don't believe ntpdate uses ntp.conf. Try ntpd -q I don't have 5 running anywhere anymore, but if you read the man pages for 6.3, it's clear that ntpdate is depreciated and on its way out. Or you could just run ntpd as a daemon to maintain your time. -- --Jon Radel j...@radel.com smime.p7s Description: S/MIME Cryptographic Signature
Re: ntp problem
Lisa Casey wrote: Hi, Running FreeBSD 5.3 IN /etc/ntp.conf I have: server time.nist.gov prefer server tock.gpsclock.com driftfile /etc/ntp.drift logfile /var/log/ntp.log If I run ntpdate from a prompt, I get the following error message: # ntpdate 20 Apr 12:02:08 ntpdate[50109]: no servers can be used, exiting But if I type: ntpdate time.nist.gov it will update the time. Is there something wrong with my /etc/ntp.conf file? Lisa Casey /etc/ntp.conf is for ntpd Peter -- http://www.boosten.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ntp problem
Jon Radel wrote: Lisa Casey wrote: Hi, Running FreeBSD 5.3 IN /etc/ntp.conf I have: server time.nist.gov prefer server tock.gpsclock.com driftfile /etc/ntp.drift logfile /var/log/ntp.log If I run ntpdate from a prompt, I get the following error message: # ntpdate 20 Apr 12:02:08 ntpdate[50109]: no servers can be used, exiting But if I type: ntpdate time.nist.gov it will update the time. Is there something wrong with my /etc/ntp.conf file? I don't believe ntpdate uses ntp.conf. Try ntpd -q I don't have 5 running anywhere anymore, but if you read the man pages for 6.3, it's clear that ntpdate is depreciated and on its way out. Or you could just run ntpd as a daemon to maintain your time. Exactly. If you wish to use your /etc/ntp.conf file, add this to /etc/rc.conf: ntpd_enable=YES and start it with /etc/rc.d/ntpd start check /var/log/messages to see when it kicks in. It normally takes some time before it does the first correction. You will see messages like this: Apr 20 18:41:46 atlantis ntpd[783]: time reset +0.416117 s Apr 20 18:41:46 atlantis ntpd[783]: kernel time sync status change 2001 and then you will know it is working. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ntp problem
Thanks guys, I did have ntpd and ntpdate confused. I have things working now. Lisa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NTP on 7.1 BETA amd64 odd behaviour
Mel [EMAIL PROTECTED] wrote: On Thursday 18 September 2008 16:44:40 Nash Nipples wrote: thanks for the new /etc/rc.d/ntpd ... rc_flags=-c ${ntpd_config} ${ntpd_flags} ... what we can learn from it is that on 7.1 BETA your rc.conf.local file should look like this ntpd_config=/etc/ntpd.conf ntpd_flags=-p /var/run/ntpd.pid hope that explains Nash Almost. Look at /etc/defaults/rc.conf: ntpd_config=/etc/ntp.conf # ntpd(8) configuration file ntpd_sync_on_start=NO # Sync time on ntpd startup, even if offset is high ntpd_flags=-p /var/run/ntpd.pid -f /var/db/ntpd.drift # Flags to ntpd (if enabled). 99% of the cases you don't need ntpd_flags. Only if you want the drift file in a different location or use one of the more obscure options. In fact it might even be considered a bug that -f /var/db/ntpd.drift is included in the default flags. If someone wants to override the default location of the drift file, it is much better to specify it in the ntp.conf file. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Software gets slower faster than hardware gets faster. -- Niklaus Wirth ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP authentication using kerberos
Da Rock wrote: This may be a stupid question, and/or a chicken and egg conundrum: Is it possible to use kerberos in authentication with an ntp server? Here is my reasoning for this (and please correct any wrong assumptions I have here): In the handbook regarding kerberos (and nearly every other reliable source) kerberos is all or nothing- every service needs to be included or it is not as secure as it should be. On the other hand, there are problems with using kerberos if the time is not synchronised, so use ntp. And so far I have only found simple key authentication similar to dhcp and dns to authenticate ntp with. But if kerberos provides keys then this could be simpler, yes? Once I have worked through this, I'd like to multicast ntp, but I think I've got that sewn up already, unless anybody has some advice on this? I'll probably be using the 239 subnet rather than 224 if that is not an issue. One more thing- if ntp uses the same sort of authentication as dhcp and dns, is there a way to extend this kerberos setup (if it is possible with ntp) to dhcp and dns on my local network? Or am I just getting too ambitious with everything here? :) NTP doesn't support Kerberos style authentication. It has it's own cryptographically secured authentication mechanisms. See ntp-keygen(8) However, doing the full-blown crypto security thing is generally over the top for securing simple clients. It's good for NTP servers, especially if you have your own heirarchy of Stratum 1 and perhaps Stratum 2 servers and accurate timing really is critical for you. Remember you need at least three independent time sources -- preferably four to give you some resilience -- in order to be able to detect if the clock has gone wonky on any one of your servers. For supplying a time signal by multicast or broadcast, you have to enable key based authentication on all the servers and clients. The basic method just uses what is effectively an 8 character random string as a password. This is usually sufficient if all your client machines are on protected back end networks and taking a time signal from NTP servers entirely in your control. You need to protect the ntp-keys file from exposure -- I like to create a root-only directory to hold it: mkdir /etc/ntp mv ntp.keys /etc/ntp/ chown -R root:wheel /etc/ntp chmod -R go-rwx /etc/ntp For dhcp and DNS security -- there are all sorts of mechanisms for authenticating and securing transactions between such servers. In the case of DNS, I suggest you read up on 'Tsig' (Transaction Signatures) and DNSSEC -- this is a good resource: http://www.dnssec.net/why-deploy-dnssec Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: NTP authentication using kerberos
On Thu, 2008-09-18 at 08:28 +0100, Matthew Seaman wrote: Da Rock wrote: This may be a stupid question, and/or a chicken and egg conundrum: Is it possible to use kerberos in authentication with an ntp server? Here is my reasoning for this (and please correct any wrong assumptions I have here): In the handbook regarding kerberos (and nearly every other reliable source) kerberos is all or nothing- every service needs to be included or it is not as secure as it should be. On the other hand, there are problems with using kerberos if the time is not synchronised, so use ntp. And so far I have only found simple key authentication similar to dhcp and dns to authenticate ntp with. But if kerberos provides keys then this could be simpler, yes? Once I have worked through this, I'd like to multicast ntp, but I think I've got that sewn up already, unless anybody has some advice on this? I'll probably be using the 239 subnet rather than 224 if that is not an issue. One more thing- if ntp uses the same sort of authentication as dhcp and dns, is there a way to extend this kerberos setup (if it is possible with ntp) to dhcp and dns on my local network? Or am I just getting too ambitious with everything here? :) NTP doesn't support Kerberos style authentication. It has it's own cryptographically secured authentication mechanisms. See ntp-keygen(8) However, doing the full-blown crypto security thing is generally over the top for securing simple clients. It's good for NTP servers, especially if you have your own heirarchy of Stratum 1 and perhaps Stratum 2 servers and accurate timing really is critical for you. Remember you need at least three independent time sources -- preferably four to give you some resilience -- in order to be able to detect if the clock has gone wonky on any one of your servers. For supplying a time signal by multicast or broadcast, you have to enable key based authentication on all the servers and clients. The basic method just uses what is effectively an 8 character random string as a password. This is usually sufficient if all your client machines are on protected back end networks and taking a time signal from NTP servers entirely in your control. You need to protect the ntp-keys file from exposure -- I like to create a root-only directory to hold it: mkdir /etc/ntp mv ntp.keys /etc/ntp/ chown -R root:wheel /etc/ntp chmod -R go-rwx /etc/ntp For dhcp and DNS security -- there are all sorts of mechanisms for authenticating and securing transactions between such servers. In the case of DNS, I suggest you read up on 'Tsig' (Transaction Signatures) and DNSSEC -- this is a good resource: http://www.dnssec.net/why-deploy-dnssec Cheers, Matthew Well thats good to know. I'm already using those methods on the dns and dhcp server, seems isc have their own methods in security so I'll just have to stick with those for ntp too. For reference, how does this affect the whole kerberos setup if these services are not in the kerberos system? Does it introduce a security flaw? Any experts out there that can clarify this point? Or should I just run these particular services outside the kerberos system (ie on a separate machine not kerberos secured)? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NTP on 7.1 BETA amd64 odd behaviour
I have one 7.0-RELEASE machine running NTP with the following settings. rc.conf - ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid ntp.conf --- server ntp2.sp.se server ntp.lth.se server ntp1.sp.se driftfile /etc/ntp/ntp.drift on my second machine 7.1-BETA amd64, the same configuration produces this error -- :/etc/rc.d/ntpd start Starting ntpd. ERROR: only one configfile option allowed ntpd - NTP daemon program - Ver. 4.2.4p5 USAGE: ntpd [ -flag [val] | --name[{=| }val] ]... Flg Arg Option-NameDescription -4 no ipv4 Force IPv4 DNS name resolution -6 no ipv6 Force IPv6 DNS name resolution -a no authreqRequire crypto authentication -A no authnoreq Do not require crypto authentication -b no bcastsync Allow us to sync to broadcast servers -c Str configfile configuration file name -f Str driftfile frequency drift file name -g no panicgate Allow the first adjustment to be Big -i Str jaildirJail directory -I Str interface Listen on interface -k Str keyfilepath to symmetric keys -l Str logfilepath to the log file -L no novirtualips Do not listen to virtual IPs -n no nofork Do not fork -N no nice Run at high priority -p Str pidfilepath to the PID file -P Num priority Process priority -q no quit Set the time and quit -r Str propagationdelay Broadcast/propagation delay -U Num updateinterval interval in seconds between scans for new or dropped in terfaces -s Str statsdir Statistics file location -t Str trustedkey Trusted key number -u Str user Run as userid (or userid:groupid) -v Str varmake ARG an ntp variable (RW) -V Str dvar make ARG an ntp variable (RW|DEF) -x no slew Slew up to 600 seconds -v opt versionOutput version information and exit -? no help Display usage information and exit -! no more-help Extended usage information passed thru pager Options are specified by doubled hyphens and their name or by a single hyphen and the flag character. please send bug reports to: http://bugs.ntp.isc.org, [EMAIL PROTECTED] - If I comment out the ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid line. ntp starts without any error. Should I accept this or is something wrong? Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP on 7.1 BETA amd64 odd behaviour
- If I comment out the ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid line. ntp starts without any error. Should I accept this or is something wrong? Thanks /Leslie Looks like it wants only one parameter as a flag in rc.conf.local You can try to change it to just ntpd_flags=-p /var/run/ntpd.pid If you look through the code in /etc/rc.d/ntpd file it might become more clear to you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP on 7.1 BETA amd64 odd behaviour
thanks for the new /etc/rc.d/ntpd ... rc_flags=-c ${ntpd_config} ${ntpd_flags} ... what we can learn from it is that on 7.1 BETA your rc.conf.local file should look like this ntpd_config=/etc/ntpd.conf ntpd_flags=-p /var/run/ntpd.pid hope that explains Nash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP on 7.1 BETA amd64 odd behaviour
On Thursday 18 September 2008 16:44:40 Nash Nipples wrote: thanks for the new /etc/rc.d/ntpd ... rc_flags=-c ${ntpd_config} ${ntpd_flags} ... what we can learn from it is that on 7.1 BETA your rc.conf.local file should look like this ntpd_config=/etc/ntpd.conf ntpd_flags=-p /var/run/ntpd.pid hope that explains Nash Almost. Look at /etc/defaults/rc.conf: ntpd_config=/etc/ntp.conf # ntpd(8) configuration file ntpd_sync_on_start=NO # Sync time on ntpd startup, even if offset is high ntpd_flags=-p /var/run/ntpd.pid -f /var/db/ntpd.drift # Flags to ntpd (if enabled). 99% of the cases you don't need ntpd_flags. Only if you want the drift file in a different location or use one of the more obscure options. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NTP authentication using kerberos
This may be a stupid question, and/or a chicken and egg conundrum: Is it possible to use kerberos in authentication with an ntp server? Here is my reasoning for this (and please correct any wrong assumptions I have here): In the handbook regarding kerberos (and nearly every other reliable source) kerberos is all or nothing- every service needs to be included or it is not as secure as it should be. On the other hand, there are problems with using kerberos if the time is not synchronised, so use ntp. And so far I have only found simple key authentication similar to dhcp and dns to authenticate ntp with. But if kerberos provides keys then this could be simpler, yes? Once I have worked through this, I'd like to multicast ntp, but I think I've got that sewn up already, unless anybody has some advice on this? I'll probably be using the 239 subnet rather than 224 if that is not an issue. One more thing- if ntp uses the same sort of authentication as dhcp and dns, is there a way to extend this kerberos setup (if it is possible with ntp) to dhcp and dns on my local network? Or am I just getting too ambitious with everything here? :) Cheers ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipv6 ntp multicast address specification
Hi, what is the suggested address spec for manycastclient/manycastserver in ntp.conf? manycastserver ff02::101 manycastserver ff02::101%em0 manycastserver ff02:1::101 manycastclient ff05::101 Thanks Reinhard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPV6 NTP
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 [EMAIL PROTECTED] wrote: I am running FreeBSD 6.2 in a totally IPV6-only aware environment. I want to set up an NTP server by pointing to an IPV6 stratum 1 address. Can I just add an IPV6 address in the NTP.conf file just as I would do for an IPV4 server? Yes. In fact, just put in the host name and NTP will default to using the IPv6 address. Cheers, Matthew PS. Please don't hijack other e-mail threads by replying to a message and changing the subject. It's considered rude at best, and it tends to cause your message to be hidden amongst all the traffic of the other thread. - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHRqDa3jDkPpsZ+VYRAwPpAKC4Bw1JOt4fA49RiZv3Krg6oCbsHACgjEi0 fAcaLOw7eQo11FhPck822k8= =MZ6k -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPV6 NTP
I am running FreeBSD 6.2 in a totally IPV6-only aware environment. I want to set up an NTP server by pointing to an IPV6 stratum 1 address. Can I just add an IPV6 address in the NTP.conf file just as I would do for an IPV4 server? -- Joe _ You keep typing, we keep giving. Download Messenger and join the i’m Initiative now. http://im.live.com/messenger/im/home/?source=TAGLM___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/etc/ntp -- What is this directory used for?
The ntpd(8) manpage states that its config file is looked for at /etc/ntp.conf, by default. Drift files are stored in /etc/ntp.drift, but this is overridden to be to be /var/db/ntpd.drift, as specified by the /etc/defaults/rc.conf file. Keys are stored at /etc/ntp.keys by default. Question: If that is the case, what is the directory /etc/ntp used for? It is only readable by root, so it must be some manner of sensitive information... Thanks. -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /etc/ntp -- What is this directory used for?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Modulok wrote: The ntpd(8) manpage states that its config file is looked for at /etc/ntp.conf, by default. Drift files are stored in /etc/ntp.drift, but this is overridden to be to be /var/db/ntpd.drift, as specified by the /etc/defaults/rc.conf file. Keys are stored at /etc/ntp.keys by default. Question: If that is the case, what is the directory /etc/ntp used for? It is only readable by root, so it must be some manner of sensitive information... Cryptographic keys for NTPv4 authentication. See ntp-keygen(8) -- although that manual page misleadingly talks about '/usr/local/etc' which is incorrect on FreeBSD where ntpd is part of the base system. Although I generally use /etc/ntp/ntp.keys for the password style stuff instead of /etc/ntp.keys Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGeb+88Mjk52CukIwRCNyBAJ9P4MV4E92z9TMFVQ0wKZPi85pVeQCcDUMd l6yvNjHFk3q0nTtwAPiNfk8= =W3Tk -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NTP broadcast with autokey setup
Hi all, I've been trying to follow the instructions to setup autokey authentication at http://ntp.isc.org/bin/view/Support/ConfiguringAutokey using IFF Parameters. As yet i havent been able to get this working and I'm not sure why, Does anyone have a working server and client config they would be willing to share, or better yet a methodology to follow. Thanks, Vince ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
setting up ntp on 6.2 with jailed hosts
Hello, I've got a 6.2 box that i'm running several jails on. I'm trying to get ntpd going so the box can sync it's time with the local lan ntp server. In the host system's rc.conf i have: ntpd_enable=YES ntpd_sync_on_start=YES That second line from my understanding takes away the need to run ntpdate? Ntpd does start, but i'm getting the below errors i'm wondering if this is a firewall issue or a reaction to running ntp on a host system with jails or another problem? Thanks. Dave. Apr 17 09:55:02 zeus ntpd[65236]: ntpd 4.2.0-a Sun Apr 1 21:07:28 EDT 2007 (1) Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 28, port 123, addr ::, in6_is_addr_multicast=0 flags=0 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 192.168.0.3, in_classd=0 flags=8 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 192.168.0.200, in_classd=0 flags=8 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 28, port 123, addr fe80:2::1, in6_is_addr_multicast=0 flags=0 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 28, port 123, addr ::1, in6_is_addr_multicast=0 flags=0 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 127.0.0.1, in_classd=0 flags=0 fails: Address already in use Apr 17 09:55:03 zeus ntpd[65236]: sendto(192.168.0.254): Bad file descriptor Apr 17 09:56:07 zeus ntpd[65236]: sendto(192.168.0.254): Bad file descriptor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: setting up ntp on 6.2 with jailed hosts
In response to Dave [EMAIL PROTECTED]: Hello, I've got a 6.2 box that i'm running several jails on. I'm trying to get ntpd going so the box can sync it's time with the local lan ntp server. In the host system's rc.conf i have: ntpd_enable=YES ntpd_sync_on_start=YES That second line from my understanding takes away the need to run ntpdate? Ntpd does start, but i'm getting the below errors i'm wondering if this is a firewall issue or a reaction to running ntp on a host system with jails or another problem? You have some other program already running on port 123. Perhaps another instance of nptd? Try sockstat -4 | grep 123 and see what comes up. This is not specifically a jail problem, but it could be that you accidentally configured one of your jails to start ntpd as well. This is unnecessary. Each jail will get it's time from the host, so it's only necessary to sync the host. Thanks. Dave. Apr 17 09:55:02 zeus ntpd[65236]: ntpd 4.2.0-a Sun Apr 1 21:07:28 EDT 2007 (1) Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 28, port 123, addr ::, in6_is_addr_multicast=0 flags=0 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 192.168.0.3, in_classd=0 flags=8 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 192.168.0.200, in_classd=0 flags=8 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 28, port 123, addr fe80:2::1, in6_is_addr_multicast=0 flags=0 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 28, port 123, addr ::1, in6_is_addr_multicast=0 flags=0 fails: Address already in use Apr 17 09:55:02 zeus ntpd[65236]: bind() fd 4, family 2, port 123, addr 127.0.0.1, in_classd=0 flags=0 fails: Address already in use Apr 17 09:55:03 zeus ntpd[65236]: sendto(192.168.0.254): Bad file descriptor Apr 17 09:56:07 zeus ntpd[65236]: sendto(192.168.0.254): Bad file descriptor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP: Driving Me Nuts
Are all three of these systems using the same router to share the same IP number? It may be that the router is having trouble keeping track of three connections to the same port on the same server (I don't think it SHOULD, but maybe it is). If that's the case, you can fix it by using a different server for each machine. I suggest: server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org (for those in other countries, change us to the appropriate country code, and see http://www.pool.ntp.org for more info). In fact, since NTP works best if you use more than one server, and those addresses return random servers, just put all three of those server lines in each configuration file. - Bob On 6/12/05, David Marshall [EMAIL PROTECTED] wrote: I'm having an awful time trying to get NTP working on some new servers. Consider three machines: jeffy: my home machine, runs 5.4 with a very sleek kernel, sits behind a router. web1: one of the new servers, running 5.4-p2 with a kernel configuration that *only* has options INET6 commented out: [EMAIL PROTECTED] diff GENERIC WEB 25c25 ident GENERIC --- ident WEB 32c32 options INET6 # IPv6 communications protocols --- #options INET6 # IPv6 communications protocols web2: another of the new servers, running 5.4 with GENERIC All three have the same /etc/ntp.conf: server sundial.columbia.edu driftfile /var/db/ntp.drift All, of course, have ntpd_enable=YES in /etc/rc.conf Here are the relevant lines from the log when I run /etc/rc.d/ntpd start, after making sure it is stopped, of course. When any of them is stopped netstat -n | fgrep 123 yields no lines. jeffy: Jun 11 23:24:53 jeffy ntpd[90141]: ntpd 4.2.0-a Mon May 9 15:42:44 PDT 2005 (1) Jun 11 23:24:53 jeffy ntpd[90141]: no IPv6 interfaces found web1: Jun 12 02:28:23 web1 ntpd[783]: ntpd 4.2.0-a Sun Jun 12 00:46:05 EDT 2005 (1) Jun 12 02:28:23 web1 ntpd[783]: no IPv6 interfaces found Jun 12 02:28:23 web1 ntpd[783]: bind() fd 6, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use web2: Jun 12 02:24:28 web2 ntpd[32792]: ntpd 4.2.0-a Sun May 8 06:01:21 UTC 2005 (1) Jun 12 02:24:28 web2 ntpd[32792]: bind() fd 9, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use 'ntpq -p' on jeffy returns a normal looking ntpq result. 'ntpq -p' on either web1 or web2 eventually times out. However, if I put a restrict into their ntp.conf I get something like remote refid st t when poll reach delay offset jitter == hickory.cc.colu .INIT. 16 u- 6400.0000.000 4000.00 that never changes, even after several hours. I've read a lot of similar problem reports, but none of them ever seem to have a definitive answer. Can anyone help? I'm really mystified. The only thing I have left to try is that I have noticed that jeffy has NO_INET6 = true set in /etc/make.conf, whereas web1 does not have this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Freebsd 6.2 PPS (pps.ko) and NTP
Hi, I've got a Garmin GPS 18 LVD attached to a serial port on a FreeBSD 6.2 box. I've been trying to enable PPS support for ntpd on the BSD box, but this is all I get as a result: 20 Feb 10:41:46 ntpd[14503]: refclock_nmea: time_pps_kcbind failed: Operation not supported I do have pps.ko and ppbus.ko kernel modules loaded according to kldstat. My ntpd.conf looks like: # Garmin GPS 18 LVD (OEM) reference clock: server 127.127.20.0 mode 1 minpoll 4 fudge 127.127.20.0 time1 0.000 flag2 0 flag3 1 refid PPS The GPS 18 is configured to enable PPS (set to a 200ms pulse width) and it's wired to DCD on the serial port. Any ideas? I'm an NTP GPS refclock newbie... Thanks, Aaron out. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: setting ntp-servers for ntpdate via dhcp
Jonathan Horne wrote: On Sunday 02 July 2006 15:49, Erik Nørgaard wrote: There is a dhcp-option, ntp-servers, to set which ntp-server to use. It would be quite useful with ntpdate. Does anyone have a patch to ntpdate startup script or other hack that use this option? - just before I start hacking myself... my ntp options in /etc/rc.conf look like this: ntpdate_enable=YES ntpdate_hosts=us.pool.ntp.org ntpd_enable=YES when my system boots, ntpdate forces the time to syncronize (no matter how far off it is), and then ntp takes over from there. I have that too, the point is not that ntpdate doesn't work, but that configuration via dhcp is not supported. And since dhcp provides the option, it would be quite neat to support it. So something like this in rc.conf would be nice: ntpdate_enable=DHCP ntpdate_hosts=ntp.domain.tld When set to DHCP the ntpdate script should parse the lease file to find any available ntp server to use. The hosts option should be fallback if the dhcp server did not provide a list of available ntp-servers. Currently such functionality is not supported, and just before I go ahead and hack something up, it would be nice to know if others have done the effort. Cheers, Erik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
setting ntp-servers for ntpdate via dhcp
Hi: There is a dhcp-option, ntp-servers, to set which ntp-server to use. It would be quite useful with ntpdate. Does anyone have a patch to ntpdate startup script or other hack that use this option? - just before I start hacking myself... Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9 smime.p7s Description: S/MIME Cryptographic Signature
Re: setting ntp-servers for ntpdate via dhcp
On Sunday 02 July 2006 15:49, Erik Nørgaard wrote: Hi: There is a dhcp-option, ntp-servers, to set which ntp-server to use. It would be quite useful with ntpdate. Does anyone have a patch to ntpdate startup script or other hack that use this option? - just before I start hacking myself... Thanks, Erik my ntp options in /etc/rc.conf look like this: ntpdate_enable=YES ntpdate_hosts=us.pool.ntp.org ntpd_enable=YES when my system boots, ntpdate forces the time to syncronize (no matter how far off it is), and then ntp takes over from there. hth, jonathan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Getting NTP (ntpd, ntpdate) to work
Thanks for the return! I've discovered my ISP has apparently shut off port 123 (NTP), and if I dontpdate -u ntp.cape.comI get my time set! But ntpq lacks ntpdate's option to use an unprivileged port. I guess time is come to ask my ISP. (Shouldn't I have done tha before :-] Again thanks! Chuck Bacon -- [EMAIL PROTECTED] ABHOR SECRECY -- DEFEND PRIVACY PS: Yes, I use netmask 255.255.255.240 (0xfff0); a vain hope that there's a tiny increment of security in it, and a belief in the definitions of net classes. On Sun, 18 Jun 2006, Nick Withers wrote: On Sat, 17 Jun 2006 21:30:55 -0400 (EDT) Charles Bacon [EMAIL PROTECTED] wrote: Since FreeBSD 4.5-Release, I have been unable to get NTP working on my two FreeBSD computers, one running 5.3Release and the other on 6.1Release. I have done nothing with the GENERIC kernel on either machine. I talk SSH between them, and have been running ntpd on both, each naming the other as well as two external servers. My network is a typical home net, using 192.168.1/28, You mean /24 (i.e.: 255.255.255.0, Class C), yeah? served by a DSL router which does NAT for my external traffic. Internal comms. is through switches, plus one hub. Each computer (plus some others running Windows) has easy access out, and is invisible from the Internet exceptt for responses. Here's my ntp.conf, identical on my two computers: server ntp.cape.com server ntp.ourconcord.net driftfile /var/db/ntp.drift logfile /var/log/ntplog pidfile /var/run/ntpd.pid logconfig =all peer 192.168.1.3 peer 192.168.1.2(much comments removed) With mediocre diagnostic skill, I have finally discovered tcpdump. It told me after much experiment, that the relevant port (NTP, 123) was unreachable. This sounds significant, but I can't find a list of the reachability of ports. Try netstat(1). netstat -anp udp might be of help in particular, here. I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems to exist in /dev. I had expected that GENERIC would impose only slight filtering somehow, and certainly not shut off NTP! I guess I need help. If you've loaded a firewall such as IPFW in /etc/rc.conf a kernel module will be loaded for it, if it's not compiled statically into hte kernel already (which it isn't on GENERIC for either 5.3-RELEASE or 6.1-RELEASE). kldstat will list loaded modules (and the IPFW module is ipfw.ko). Thanks for any help you can give, and I accept any opprobrium for trying to be a sysadmin, even for my home boxen. Chuck Bacon -- [EMAIL PROTECTED] ABHOR SECRECY -- DEFEND PRIVACY -- Nick Withers email: [EMAIL PROTECTED] Web: http://www.nickwithers.com Mobile: +61 414 397 446 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Getting NTP (ntpd, ntpdate) to work
On Sat, 17 Jun 2006 21:30:55 -0400 (EDT) Charles Bacon [EMAIL PROTECTED] wrote: Since FreeBSD 4.5-Release, I have been unable to get NTP working on my two FreeBSD computers, one running 5.3Release and the other on 6.1Release. I have done nothing with the GENERIC kernel on either machine. I talk SSH between them, and have been running ntpd on both, each naming the other as well as two external servers. My network is a typical home net, using 192.168.1/28, You mean /24 (i.e.: 255.255.255.0, Class C), yeah? served by a DSL router which does NAT for my external traffic. Internal comms. is through switches, plus one hub. Each computer (plus some others running Windows) has easy access out, and is invisible from the Internet exceptt for responses. Here's my ntp.conf, identical on my two computers: server ntp.cape.com server ntp.ourconcord.net driftfile /var/db/ntp.drift logfile /var/log/ntplog pidfile /var/run/ntpd.pid logconfig =all peer 192.168.1.3 peer 192.168.1.2(much comments removed) With mediocre diagnostic skill, I have finally discovered tcpdump. It told me after much experiment, that the relevant port (NTP, 123) was unreachable. This sounds significant, but I can't find a list of the reachability of ports. Try netstat(1). netstat -anp udp might be of help in particular, here. I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems to exist in /dev. I had expected that GENERIC would impose only slight filtering somehow, and certainly not shut off NTP! I guess I need help. If you've loaded a firewall such as IPFW in /etc/rc.conf a kernel module will be loaded for it, if it's not compiled statically into hte kernel already (which it isn't on GENERIC for either 5.3-RELEASE or 6.1-RELEASE). kldstat will list loaded modules (and the IPFW module is ipfw.ko). Thanks for any help you can give, and I accept any opprobrium for trying to be a sysadmin, even for my home boxen. Chuck Bacon -- [EMAIL PROTECTED] ABHOR SECRECY -- DEFEND PRIVACY -- Nick Withers email: [EMAIL PROTECTED] Web: http://www.nickwithers.com Mobile: +61 414 397 446 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Getting NTP (ntpd, ntpdate) to work
Since FreeBSD 4.5-Release, I have been unable to get NTP working on my two FreeBSD computers, one running 5.3Release and the other on 6.1Release. I have done nothing with the GENERIC kernel on either machine. I talk SSH between them, and have been running ntpd on both, each naming the other as well as two external servers. My network is a typical home net, using 192.168.1/28, served by a DSL router which does NAT for my external traffic. Internal comms. is through switches, plus one hub. Each computer (plus some others running Windows) has easy access out, and is invisible from the Internet exceptt for responses. Here's my ntp.conf, identical on my two computers: server ntp.cape.com server ntp.ourconcord.net driftfile /var/db/ntp.drift logfile /var/log/ntplog pidfile /var/run/ntpd.pid logconfig =all peer 192.168.1.3 peer 192.168.1.2(much comments removed) With mediocre diagnostic skill, I have finally discovered tcpdump. It told me after much experiment, that the relevant port (NTP, 123) was unreachable. This sounds significant, but I can't find a list of the reachability of ports. I've looked at ng*, mac_* and pf* and finally bpf*, and only the last seems to exist in /dev. I had expected that GENERIC would impose only slight filtering somehow, and certainly not shut off NTP! I guess I need help. Thanks for any help you can give, and I accept any opprobrium for trying to be a sysadmin, even for my home boxen. Chuck Bacon -- [EMAIL PROTECTED] ABHOR SECRECY -- DEFEND PRIVACY ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP
Try ntpdate -b foo.foo Aguiar Magalhaes wrote: Hi list, When I type ntpdate ntp.nasa.gov (or another server) the answer is no server suitable for synchronization found... What is wrong ? Aguiar ___ Yahoo! doce lar. Faça do Yahoo! sua homepage. http://br.yahoo.com/homepageset.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NTP
Hi list, When I type ntpdate ntp.nasa.gov (or another server) the answer is no server suitable for synchronization found... What is wrong ? Aguiar ___ Yahoo! doce lar. Faça do Yahoo! sua homepage. http://br.yahoo.com/homepageset.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP
* Aguiar Magalhaes [EMAIL PROTECTED] [2006-01-19 16:35:25 -0300]: When I type ntpdate ntp.nasa.gov (or another server) the answer is no server suitable for synchronization found... Works fine over here. Can you connect to the NTP port on that server? Try this: nc -u -v ntp.nasa.gov 123 and see if you get a connection succeeded message. Also, have you thought about using pool.ntp.org instead? Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP
Aguiar Magalhaes wrote: When I type ntpdate ntp.nasa.gov (or another server) the answer is no server suitable for synchronization found... perhaps there's a problem with your internet-connection somehow or your DNS-settings or firewall- or proxy-settings ? (ntpdate ntp.nasa.gov works fine here) trying ntpdate with the -d parameter is also an idea -- grtjs, albi gpg-key: lynx -dump http://scii.nl/~albi/gpg.asc | gpg --import ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NTP
On 1/19/06, Aguiar Magalhaes [EMAIL PROTECTED] wrote: Hi list, When I type ntpdate ntp.nasa.gov (or another server) the answer is no server suitable for synchronization found... # ntpdate ntp.nasa.gov 19 Jan 20:45:32 ntpdate[17119]: adjust time server 198.123.30.132 offset 0.000333 sec Can you ping that server or any other ntp server? Are you behind a firewall? What is wrong ? Aguiar ___ Yahoo! doce lar. Faça do Yahoo! sua homepage. http://br.yahoo.com/homepageset.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Pietro Cerutti [EMAIL PROTECTED] Non lasciar calpestare i TUOI diritti! Don't let 'em take YOUR rights! NO al Trusted Computing! Say NO to Trusted Computing! www.no1984.org www.againsttcpa.com -- Pietro Cerutti [EMAIL PROTECTED] Non lasciar calpestare i TUOI diritti! Don't let 'em take YOUR rights! NO al Trusted Computing! Say NO to Trusted Computing! www.no1984.org www.againsttcpa.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
unable to build ntp
Help please. I am running 6.0-RELEASE, and am trying to build ntp. Process fails during ./configure with the following results: # cd /usr/src/contrib/ntp # ./configure --snip--- configure: creating ./config.status config.status: creating Makefile config.status: creating ElectricFence/Makefile config.status: error: cannot find input file: ElectricFence/Makefile.in Interestingly, I get the same results using a 4.5 machine. I note that in the /usr/src/contrib/ntp/FREBSD-upgrade file, it states in part, For the import of NTP the following files were removed: ElectricFence/* so it makes sense that ElectricFence is not there, but how do I get rid of the error? Background: I have the following entry in my crontab: 7 0-23 * * * /usr/sbin/ntpdate -s pool.ntp.org /dev/null In the old days, ntpdate would only send root an email if it could not find a server. Now I get emails every time the cron runs, even though I am dumping STDOUT to /dev/null. Problem is code in 6.0 directs server found messages to STDERR, while 4.5 code did not contain this. I want to recompile with the server found messages directed to STDOUT. Thanks in advance, Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unable to build ntp
In the last episode (Jan 16), Brad Gilmer said: Help please. I am running 6.0-RELEASE, and am trying to build ntp. Process fails during ./configure with the following results: # cd /usr/src/contrib/ntp # ./configure You want to build /usr/src/usr.sbin/ntp . /usr/src/contrib is just where the original distribution files live. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unable to build ntp
Brad Gilmer [EMAIL PROTECTED] writes: Help please. I am running 6.0-RELEASE, and am trying to build ntp. Process fails during ./configure with the following results: # cd /usr/src/contrib/ntp # ./configure --snip--- configure: creating ./config.status config.status: creating Makefile config.status: creating ElectricFence/Makefile config.status: error: cannot find input file: ElectricFence/Makefile.in Interestingly, I get the same results using a 4.5 machine. I note that in the /usr/src/contrib/ntp/FREBSD-upgrade file, it states in part, For the import of NTP the following files were removed: ElectricFence/* so it makes sense that ElectricFence is not there, but how do I get rid of the error? Background: I have the following entry in my crontab: 7 0-23 * * * /usr/sbin/ntpdate -s pool.ntp.org /dev/null In the old days, ntpdate would only send root an email if it could not find a server. Now I get emails every time the cron runs, even though I am dumping STDOUT to /dev/null. Problem is code in 6.0 directs server found messages to STDERR, while 4.5 code did not contain this. I want to recompile with the server found messages directed to STDOUT. Thanks in advance, Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] You could always try building from the directory that buildworld uses: /usr/src/usr.sbin/ntp. But the easier answer would be to redirect stderr as well as stdout when calling ntpdate, and generate a message only if ntpdate returns an error result. Or run ntpd... -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unable to build ntp
Thanks everyone for the help. For the archive: I went to /usr/src/contrib/ntp/ntpdate and edited ntpdate.c. I searched for 'host found' and changed the stderror to stdout. I then went to /usr/src/usr.sbin/ntp and performed a make install clean. Problem solved; the new 'host found' messages now go to stdout, just like all the other messages, so I can dump them to /dev/null, but 'host not found' error messages still show up as mail to root. Brad ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: unable to build ntp
On 1/17/06, BSD Questions user [EMAIL PROTECTED] wrote: Thanks everyone for the help. For the archive: I went to /usr/src/contrib/ntp/ntpdate and edited ntpdate.c. I searched for 'host found' and changed the stderror to stdout. I then went to /usr/src/usr.sbin/ntp and performed a make install clean. Problem solved; the new 'host found' messages now go to stdout, just like all the other messages, so I can dump them to /dev/null, but 'host not found' error messages still show up as mail to root. Brad As cron generally uses /bin/sh as the shell (set near the top of /etc/crontab) you could have used /usr/sbin/ntpdate -s pool.ntp.org 2/dev/null instead of /usr/sbin/ntpdate -s pool.ntp.org /dev/null and I believe you could also extend it to 2/dev/null /dev/null ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp problems (strata too high)
Christopher McGee wrote: [ ... ] I hate to reopen a dead thread, however, I'm having a very strange problem I have 2 machines running ntpd. I just set this up and it is not working. [ ... ] 192.168.1.3.STEP. 16 u1 12800.0000.000 192.168.1.2.DROP. 16 u- 6400.0000.000 When a machine is badly out of sync, it indicates this by setting it's stratum to an unbelievable level, so other NTP servers avoid depending on it until some time has passed and the server's time remains stable for a reasonable time period. This appears to be what is happening with the .DROP. and .STEP. refid's you've shown. Be patient, NTPD ought to sync up given a few hours... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp problems (strata too high)
Svein Halvor Halvorsen wrote: On 12/8/05, Michael Wynne [EMAIL PROTECTED] wrote: The information contained in this e-mail and its attachments ('the information) is intended only for the use of the individual or entity to whom it is addressed, is private and confidential, may be privileged or otherwise protected by work product immunity or other legal rules. Access to the information by anyone else is unauthorized. [...] Then why would you send it to a public mailinglist, that's archived and propagated throughout the internet, and made available to anyone through search engines and the like? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I hate to reopen a dead thread, however, I'm having a very strange problem I have 2 machines running ntpd. I just set this up and it is not working. I don't think the ntpd servers are syncing properly and ntpdate -b 192.168.1.2 doesn't work, it gives me a strata too high with the -d flag. Here is my current config/output, this network is not actually nat'd private ips so I changed the ips for security reasons: server1(192.168.1.2) /etc/ntp.conf server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org server pool.ntp.org peer 192.168.1.3 restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap logconfig =syncall +clockall +sysall ntpq -p output remote refid st t when poll reach delay offset jitter == +195.216.80.207 195.216.80.206 2 u 283 512 37 109.803 -230.38 62.815 *ipd50ad048.spee 130.149.17.8 2 u 285 512 37 101.458 -190.45 85.706 +antares.speedne 217.11.227.683 u 285 512 37 137.773 -192.71 85.431 +cheddar.halon.o 129.240.64.3 3 u 282 512 37 76.770 -276.95 62.389 192.168.1.3.STEP. 16 u1 12800.0000.000 4000.00 server2 (192.168.1.3) /etc/ntp.conf server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org server pool.ntp.org peer 192.168.1.2 restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap logconfig =syncall +clockall +sysall ntpq -p output remote refid st t when poll reach delay offset jitter == zirkon.biophys. 134.99.128.802 u 71 1287 94.189 -77.270 27.511 oubliette.mctav .MSF.1 u 70 1287 98.417 -38.531 16.505 antares.speedne 217.11.227.683 u 70 1287 136.851 -53.314 27.989 cteha.ulp.co.il 192.114.62.249 3 u5 1287 170.650 -52.706 17.982 192.168.1.2.DROP. 16 u- 6400.0000.000 4000.00 Any help getting this to work will be appreciated. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp problems (strata too high)
Christopher McGee wrote: Svein Halvor Halvorsen wrote: On 12/8/05, Michael Wynne [EMAIL PROTECTED] wrote: The information contained in this e-mail and its attachments ('the information) is intended only for the use of the individual or entity to whom it is addressed, is private and confidential, may be privileged or otherwise protected by work product immunity or other legal rules. Access to the information by anyone else is unauthorized. [...] Then why would you send it to a public mailinglist, that's archived and propagated throughout the internet, and made available to anyone through search engines and the like? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I hate to reopen a dead thread, however, I'm having a very strange problem I have 2 machines running ntpd. I just set this up and it is not working. I don't think the ntpd servers are syncing properly and ntpdate -b 192.168.1.2 doesn't work, it gives me a strata too high with the -d flag. Here is my current config/output, this network is not actually nat'd private ips so I changed the ips for security reasons: server1(192.168.1.2) /etc/ntp.conf server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org server pool.ntp.org peer 192.168.1.3 restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap logconfig =syncall +clockall +sysall ntpq -p output remote refid st t when poll reach delay offset jitter == +195.216.80.207 195.216.80.206 2 u 283 512 37 109.803 -230.38 62.815 *ipd50ad048.spee 130.149.17.8 2 u 285 512 37 101.458 -190.45 85.706 +antares.speedne 217.11.227.683 u 285 512 37 137.773 -192.71 85.431 +cheddar.halon.o 129.240.64.3 3 u 282 512 37 76.770 -276.95 62.389 192.168.1.3.STEP. 16 u1 12800.0000.000 4000.00 server2 (192.168.1.3) /etc/ntp.conf server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org server pool.ntp.org peer 192.168.1.2 restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap logconfig =syncall +clockall +sysall ntpq -p output remote refid st t when poll reach delay offset jitter == zirkon.biophys. 134.99.128.802 u 71 1287 94.189 -77.270 27.511 oubliette.mctav .MSF.1 u 70 1287 98.417 -38.531 16.505 antares.speedne 217.11.227.683 u 70 1287 136.851 -53.314 27.989 cteha.ulp.co.il 192.114.62.249 3 u5 1287 170.650 -52.706 17.982 192.168.1.2.DROP. 16 u- 6400.0000.000 4000.00 Any help getting this to work will be appreciated. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] This has been resolved. I waslked away for about 7 hours and suddenly it works. It just resolved itself. Chris ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ntp problems (strata too high)
Hi, I am having the same problems as you. Did you find a solution ?. Regards Michael IVC 86 Brook Street London W1K 5AY Michael Wynne T +44 (0)20 7016 1655 F +44 (0)20 7016 1601 M +44 (0)7930 451 057 [EMAIL PROTECTED] Regulated by the Financial Services Authority LEGAL NOTICE The information contained in this e-mail and its attachments ('the information) is intended only for the use of the individual or entity to whom it is addressed, is private and confidential, may be privileged or otherwise protected by work product immunity or other legal rules. Access to the information by anyone else is unauthorized. If you are not the intended recipient you are kindly requested (1) to inform us immediately by return e-mail, (2) to irretrievably erase all copies of the information from your computer systems, (3) not to disclose the information to any other person, (4) to note that any dissemination, distribution or copying of the information is strictly prohibited and (5) not to take or refrain to take any action in reliance upon the information. The Internet cannot guarantee the integrity of this message or of its attachments if any. Attachments to this message have been scanned to remove viruses. IVC accepts no responsibility for these attachments once they have left our office system environment and is not liable for any message or attachment that has been modified. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp problems (strata too high)
On 12/8/05, Michael Wynne [EMAIL PROTECTED] wrote: The information contained in this e-mail and its attachments ('the information) is intended only for the use of the individual or entity to whom it is addressed, is private and confidential, may be privileged or otherwise protected by work product immunity or other legal rules. Access to the information by anyone else is unauthorized. [...] Then why would you send it to a public mailinglist, that's archived and propagated throughout the internet, and made available to anyone through search engines and the like? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ntp Runs 2 Processes
Dev Tugnait [EMAIL PROTECTED] writes: Upong booting my machine i noticed ntp running 2 processes. root 456 0.0 0.1 2952 1396 ?? Ss4:30AM 0:00.50 /usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ root 803 0.0 0.1 2952 1404 ?? S 4:31AM 0:00.01 /usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ rc.conf info ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid ntpdate_enable=YES ntpdate_flags=ntp2.usno.navy.mil I'd guess that something else is being configured to start ntp as well... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ntp Runs 2 Processes
On Thu, Nov 17, 2005 at 08:58:02AM -0500, Lowell Gilbert wrote: Dev Tugnait [EMAIL PROTECTED] writes: Upong booting my machine i noticed ntp running 2 processes. root 456 0.0 0.1 2952 1396 ?? Ss4:30AM 0:00.50 /usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ root 803 0.0 0.1 2952 1404 ?? S 4:31AM 0:00.01 /usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ rc.conf info ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid ntpdate_enable=YES ntpdate_flags=ntp2.usno.navy.mil I'd guess that something else is being configured to start ntp as well... When ntp starts it spawns a child to help with syncing. Check the parent-child relationships on the processes. The child process will terminate after ntp makes up its mind which timeserver to sync against. Cheers. -- Jonathan Chen [EMAIL PROTECTED] -- Experience is a hard teacher because she gives the test first, the lesson afterwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Ntp Runs 2 Processes
Upong booting my machine i noticed ntp running 2 processes. root 456 0.0 0.1 2952 1396 ?? Ss4:30AM 0:00.50 /usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ root 803 0.0 0.1 2952 1404 ?? S 4:31AM 0:00.01 /usr/sbin/ntpd -c /etc/ntp.conf -p /var/run/ rc.conf info ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid ntpdate_enable=YES ntpdate_flags=ntp2.usno.navy.mil -- _ FreeBSD - \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || [ We've switched the bath sponge with a tribble. ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp handling in 6.0
Don't top-post, please. Dave [EMAIL PROTECTED] writes: Thanks for your reply. My server box does indeed have ntpd running i confirmed it with ps -aux and it does have a pf firewall. The rules are: # allow UDP requests to port 123 from firewall to exit ext_if_if # in order to contact internet ntp servers # (keep state on this connection) pass out quick on $ext_if inet proto { tcp, udp} from $ext_if to any port 123 keep state # allow UDP requests to ports 67, 68, and 123 from # in order to perform dhcp and ntp queries on the firewall # ( Keep state on this connection) pass in quick on $int_if inet proto { tcp,udp } from $int_net to $int_if port { 67, 68, 123 } keep state There's probably a syntax issue here; I don't use pf, so the fact that I don't personally see a problem may not mean anthing. You could try debugging it by seeing whether the request packets actually get out of the firewall, and whether responses come back. and ntpdc shows me a prompt. But does it see any peers? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp handling in 6.0
Dave [EMAIL PROTECTED] writes: Hello, Has ntp handling changed in 6.0-RELEASE? I've been through the handbook and /etc/defaults/rc.conf but haven't found the answer to this. I've got a machine acting as an ntp server for a network. When i run ntpdate -b IP from another machine i get the error No servers suitable for synchronization found. Ntpd from these other boxes shows the same. From the local ntp server to the ntp servers on the internet works fine. The local ntp server's configuration is as follows: /etc/rc.conf ntpdate_enable=YES ntpdate_flags=-b servername ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid ntp.conf server servername prefer server servername servername driftfile /etc/ntp.drift restrict 192.168.9.0 mask 255.255.255.0 notrust nomodify notrap and on client boxes: /etc/rc.conf ntpdate_enable=YES ntpdate_flags=-b local ntp server IP ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid /etc/ntp.conf server local-ntp-server-ip prefer driftfile /etc/ntp.drift Is there an ntpd running? Is there a firewall in the way? What does ntpdc tell you? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp handling in 6.0
Hello, Thanks for your reply. My server box does indeed have ntpd running i confirmed it with ps -aux and it does have a pf firewall. The rules are: # allow UDP requests to port 123 from firewall to exit ext_if_if # in order to contact internet ntp servers # (keep state on this connection) pass out quick on $ext_if inet proto { tcp, udp} from $ext_if to any port 123 keep state # allow UDP requests to ports 67, 68, and 123 from # in order to perform dhcp and ntp queries on the firewall # ( Keep state on this connection) pass in quick on $int_if inet proto { tcp,udp } from $int_net to $int_if port { 67, 68, 123 } keep state and ntpdc shows me a prompt. Hope this helps. Dave. - Original Message - From: Lowell Gilbert [EMAIL PROTECTED] To: Dave [EMAIL PROTECTED] Cc: freebsd-questions@freebsd.org Sent: Monday, November 14, 2005 10:00 AM Subject: Re: ntp handling in 6.0 Dave [EMAIL PROTECTED] writes: Hello, Has ntp handling changed in 6.0-RELEASE? I've been through the handbook and /etc/defaults/rc.conf but haven't found the answer to this. I've got a machine acting as an ntp server for a network. When i run ntpdate -b IP from another machine i get the error No servers suitable for synchronization found. Ntpd from these other boxes shows the same. From the local ntp server to the ntp servers on the internet works fine. The local ntp server's configuration is as follows: /etc/rc.conf ntpdate_enable=YES ntpdate_flags=-b servername ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid ntp.conf server servername prefer server servername servername driftfile /etc/ntp.drift restrict 192.168.9.0 mask 255.255.255.0 notrust nomodify notrap and on client boxes: /etc/rc.conf ntpdate_enable=YES ntpdate_flags=-b local ntp server IP ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid /etc/ntp.conf server local-ntp-server-ip prefer driftfile /etc/ntp.drift Is there an ntpd running? Is there a firewall in the way? What does ntpdc tell you? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ntp handling in 6.0
Hello, Has ntp handling changed in 6.0-RELEASE? I've been through the handbook and /etc/defaults/rc.conf but haven't found the answer to this. I've got a machine acting as an ntp server for a network. When i run ntpdate -b IP from another machine i get the error No servers suitable for synchronization found. Ntpd from these other boxes shows the same. From the local ntp server to the ntp servers on the internet works fine. The local ntp server's configuration is as follows: /etc/rc.conf ntpdate_enable=YES ntpdate_flags=-b servername ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid ntp.conf server servername prefer server servername servername driftfile /etc/ntp.drift restrict 192.168.9.0 mask 255.255.255.0 notrust nomodify notrap and on client boxes: /etc/rc.conf ntpdate_enable=YES ntpdate_flags=-b local ntp server IP ntpd_enable=YES ntpd_flags=-c /etc/ntp.conf -p /var/run/ntpd.pid /etc/ntp.conf server local-ntp-server-ip prefer driftfile /etc/ntp.drift Thanks. Dave. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ntp problem :(
Hello, I use a FreeBSD 5.3. I want to synchronize my 2 machines. I tried to connect to a ntp server, but I couldn't. When I type this command ntpdate -v ntp.imag.fr, I have the following message: host found ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ...no server suitable for synchronization found I tried also with adding the server name to ntp.conf and typing this command /etc/rc.d/ntpdate restart, but I have the same message. the ping to ntp.imag.fr responds very good have you some idea? may be perhaps I have a proxy , but I don't know what I must doing to synchronize my machines. Can you help me please? Many thanks, Souha ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp problem :(
bannour souha wrote: Hello, I use a FreeBSD 5.3. I want to synchronize my 2 machines. I tried to connect to a ntp server, but I couldn't. When I type this command ntpdate -v ntp.imag.fr, I have the following message: host found ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ...no server suitable for synchronization found I tried also with adding the server name to ntp.conf and typing this command /etc/rc.d/ntpdate restart, but I have the same message. the ping to ntp.imag.fr responds very good have you some idea? may be perhaps I have a proxy , but I don't know what I must doing to synchronize my machines. Can you help me please? Many thanks, Souha the NTP server is not the cause of your problem it seems that *your* machine hasen't a direct access to the Internet. ( no route to host ) -- Cordialement/Regards Frank Bonnet ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ntp problem :(
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bonnet Sent: Thursday, September 15, 2005 7:12 AM To: bannour souha Cc: freebsd-questions@freebsd.org Subject: Re: ntp problem :( bannour souha wrote: Hello, I use a FreeBSD 5.3. I want to synchronize my 2 machines. I tried to connect to a ntp server, but I couldn't. When I type this command ntpdate -v ntp.imag.fr, I have the following message: host found ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ntpdate (imag.imag.fr) : No route to host ...no server suitable for synchronization found I tried also with adding the server name to ntp.conf and typing this command /etc/rc.d/ntpdate restart, but I have the same message. the ping to ntp.imag.fr responds very good have you some idea? may be perhaps I have a proxy , but I don't know what I must doing to synchronize my machines. Can you help me please? Many thanks, Souha the NTP server is not the cause of your problem it seems that *your* machine hasen't a direct access to the Internet. ( no route to host ) -- Cordialement/Regards Frank Bonnet Hmm, pinging from here I see that ntp.imag.fr = imag.imag.fr = 129.80.30.1 so if you can ping that address then you have low level connectivity. One possibility is that something in the middle is blocking port 37. First do a traceroute and see what is in your route to ntp.imag.fr. Could one of the hops stop your ntpdate request? E.g. a firewall? Are you sure that the time service is running? Can you get to it from another machine? Does ntp.imag.fr require that you register to use ntp? If so, their firewall would block you until you register. -gayn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ntp problem :(
Hmm, pinging from here I see that ntp.imag.fr = imag.imag.fr = 129.80.30.1 so if you can ping that address then you have low level connectivity. One possibility is that something in the middle is Apparently ntpdate is trying to use the IPv6 address that ntp.imag.fr publishes. I don't know how to tell ntpdate to use only IPv4 addresses, so a workaround is to use the IPv4 address directly. ntpdate -v 129.88.30.1 -- Noel Jones ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Timezone isn't setting to EST corectly, ntp doesn't help
I'm connected to a remote machine located in NJ and ran /usr/sbin/sysinstall and set the timezone to Eastern Time, but the clock is displaying 2:30PM or so when it is only 10:44AM here. I tried ntp but that didn't work as well. Does anyone have any idea what's wrong? Thanks. -- Robert G. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Timezone isn't setting to EST corectly, ntp doesn't help
Robert G. wrote: I'm connected to a remote machine located in NJ and ran /usr/sbin/sysinstall and set the timezone to Eastern Time, but the clock is displaying 2:30PM or so when it is only 10:44AM here. I tried ntp but that didn't work as well. Does anyone have any idea what's wrong? Your BIOS clock is probably set to keeping time in the local timezone rather than in GMT. ntpd won't correct a multi-hour offset without being nudged. You can run ntpdate -b to step the clock by the four hours, or use date to set it to something close by hand, and then run ntpd from there. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NTP: Driving Me Nuts
I'm having an awful time trying to get NTP working on some new servers. Consider three machines: jeffy: my home machine, runs 5.4 with a very sleek kernel, sits behind a router. web1: one of the new servers, running 5.4-p2 with a kernel configuration that *only* has options INET6 commented out: [EMAIL PROTECTED] diff GENERIC WEB 25c25 ident GENERIC --- ident WEB 32c32 options INET6 # IPv6 communications protocols --- #options INET6 # IPv6 communications protocols web2: another of the new servers, running 5.4 with GENERIC All three have the same /etc/ntp.conf: server sundial.columbia.edu driftfile /var/db/ntp.drift All, of course, have ntpd_enable=YES in /etc/rc.conf Here are the relevant lines from the log when I run /etc/rc.d/ntpd start, after making sure it is stopped, of course. When any of them is stopped netstat -n | fgrep 123 yields no lines. jeffy: Jun 11 23:24:53 jeffy ntpd[90141]: ntpd 4.2.0-a Mon May 9 15:42:44 PDT 2005 (1) Jun 11 23:24:53 jeffy ntpd[90141]: no IPv6 interfaces found web1: Jun 12 02:28:23 web1 ntpd[783]: ntpd 4.2.0-a Sun Jun 12 00:46:05 EDT 2005 (1) Jun 12 02:28:23 web1 ntpd[783]: no IPv6 interfaces found Jun 12 02:28:23 web1 ntpd[783]: bind() fd 6, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use web2: Jun 12 02:24:28 web2 ntpd[32792]: ntpd 4.2.0-a Sun May 8 06:01:21 UTC 2005 (1) Jun 12 02:24:28 web2 ntpd[32792]: bind() fd 9, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use 'ntpq -p' on jeffy returns a normal looking ntpq result. 'ntpq -p' on either web1 or web2 eventually times out. However, if I put a restrict into their ntp.conf I get something like remote refid st t when poll reach delay offset jitter == hickory.cc.colu .INIT. 16 u- 6400.0000.000 4000.00 that never changes, even after several hours. I've read a lot of similar problem reports, but none of them ever seem to have a definitive answer. Can anyone help? I'm really mystified. The only thing I have left to try is that I have noticed that jeffy has NO_INET6 = true set in /etc/make.conf, whereas web1 does not have this. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SOLVED: NTP: Driving Me Nuts
After many hours of trying many different things, I *finally* noticed that an interface on the motherboard was marked as DHCP in /etc/rc.conf. It was getting an IP address of 0.0.0.0, which I guess was causing all my problems. So, it's got noting to do with ipv6 or any of the other dumb ideas I had. -- Forwarded message -- From: David Marshall [EMAIL PROTECTED] Date: Jun 11, 2005 11:37 PM Subject: NTP: Driving Me Nuts To: freebsd-questions@freebsd.org I'm having an awful time trying to get NTP working on some new servers. [snip] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]