Re: [ntp:questions] ntpd on busybox ARM system not keeping time with server
On 2021-05-18 13:56, David Woolley wrote: On 18/05/2021 12:26, Andreas Schick wrote: server 127.127.1.0 # local clock (LCL) fudge 127.127.1.0 stratum 10 # LCL is unsynchronized Delete these lines. As described, this system is not suitable as a time server, and including these lines on a pure client can actually frustrate synchronisation. This fake server is likely to vote against the genuine server. Perhaps the "tos orphan" option is a better way to make ntpd continue after loss of all time sources. Maybe some option to force treating the Windows server as stratum 12, even if it looses outside synch and reports itself as stratum 16. server 192.168.101.2 This appears to be the machine itself, so it will be voting that's its own time is correct. Delete it. Windows machines can vary from fair to atrocious as time servers. A workstation running a default configuration of w32time will be at the atrocious end. Fortunately, this is reportedly a server, which means it will keep time with a somewhat coarse granularity and include a battery backed TOY (Time Of Year) clock to keep time even across power outages. W32Time in server mode has a tendency to fluctuate about +/- 10ms from the time sources. It is designed to provide an SNTP time source for Kerberos clients that need to stay within +/- 5 minutes of the Kerberos KDC. You should make sure that the ARM starts in the right ball park, by either using a file timestamp to record the time at, or close to, shutdown, or, as a last resort, setting a fixed time that isn't too far from reality. Perhaps using the sntp program to do initial synchronization to the server machine (as a better alternative to ntpd -g). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpd on busybox ARM system not keeping time with server
David Woolley schrieb am Dienstag, 18. Mai 2021 um 13:58:46 UTC+2: > On 18/05/2021 12:39, Andreas Schick wrote: > > I could safely remove the LCL entries and the server line where it lists > > own IPv4 address of the ARM box > I think it is more accurate to say that you CANNOT safely keep these! > The self reference is plain wrong. @David:Wooley: Thank you for confirming that. I was 'forced/asked' to set it up this way by one of my former colleagues, who is frankly speaking not really familiar with ntpd functionality. People here sadly (my employer) tend to assume stuff without exactly knowing the technical backgrounds. I think this idea initially came up because we are also using several of these ARM machines on one network and all of them are running ntpd and people used to always put all of them into server lines assuming they will get some strange sort of pooling redundancy or something. I still doubt it is the right way in that scenario and I'd rather prefer one server that is reasonably safe provided it is synced to some sort of outside world and has at least a battery buffered LCL. Regarding w32time I know it is not the solution anyone using ntp mechanisms would prefer (me included), but at least it gives me some means of time syncronisation as the network is missing a real ntp timeserver (eiteher a dedicated device or a reliable linux server machine running 24/7). The windows workstation is actually a server machine running 24/7 and it is connected to the internet via a router and a secondary NIC. Sadly I had the mentioned router already failing or dropping the internet connection and that lead to the windows machine dropping to stratum 16 and then clients have to say goodbye to synchronisation. But this risk I currently have to take. If I could I'd replace that windows host by some dedicated time server (e.g. the meinberg lantime series). But at the moment unfortunately I can not do that. Another question I have is: does adding iburst to the server entry improve startup behavior of ntpd, as far as I saw it does not make much difference in my scenario, as I only have one accessible server on my network. And as per the documents I read so far it just makes the server send out several requests in a shorter time period. I do not think it will improve the situation I am having in regards to startup, as it already seems to work fine now without it. One further idea I had was just modifying some startup scripts (which run before ntpd process is started and after the network is up) to include some from of a ntpd-run-sync-and-quit or ntpdate call that steps the clock at system startup on the ARM device. I have to avoid stepping the system time during normal system runtime as timers in some software can misbehave if a leap in time is detected. But at the moment startup behavior seems fine after boot and the time just is not in sync after a couple of hours days of the system running. Thank you for helping anyway. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpd on busybox ARM system not keeping time with server
Addition: After I reboot the embedded ARM system time is in sync with the windows box and ntp.log shows this: # cat /tmp/ntp.2021-05-18T13\:29\:43\+0200.log 18 May 13:29:43 ntpd[1224]: proto: precision = 0.666 usec 18 May 13:29:43 ntpd[1224]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16 18 May 13:29:43 ntpd[1224]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 18 May 13:29:43 ntpd[1224]: Listen and drop on 1 v6wildcard :: UDP 123 18 May 13:29:43 ntpd[1224]: Listen normally on 2 lo 127.0.0.1 UDP 123 18 May 13:29:43 ntpd[1224]: Listen normally on 3 eth0 192.0.2.16 UDP 123 18 May 13:29:43 ntpd[1224]: Listen normally on 4 eth0:aka00 192.168.101.2 UDP 123 18 May 13:29:43 ntpd[1224]: Listen normally on 5 eth0 fe80::205:51ff:fe0a:ef05 UDP 123 18 May 13:29:43 ntpd[1224]: Listen normally on 6 lo ::1 UDP 123 18 May 13:29:43 ntpd[1224]: peers refreshed 18 May 13:29:43 ntpd[1224]: Listening on routing socket on fd #23 for interface updates 18 May 13:29:43 ntpd[1224]: 0.0.0.0 c016 06 restart 18 May 13:29:43 ntpd[1224]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM 18 May 13:29:43 ntpd[1224]: 0.0.0.0 c011 01 freq_not_set 18 May 13:29:44 ntpd[1224]: 0.0.0.0 c514 04 freq_mode Any advice would be helpful. Sidenote: As per my understanding I could safely remove the LCL entries and the server line where it lists own IPv4 address of the ARM box. I know that under normal circumstances I should provide at least three server addresses. But this is not the case here as I just want to sync the box to one device (currentlywindows box) non the local LAN, that itself is synced to the outside world via internet or GPS or DCF or the like. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] ntpd on busybox ARM system not keeping time with server
Greetings to the community, I am struggling with some issue on a ARM based embedded system using linux with busybox binary and ntpd for synchrosnisation. From time to time system clock is out of sync in that local network. 1. There is a windows box (IPv4: 192.168.101.35) on the same LAN subnet which is synced to the outside world. The default gateway on that LAN (192.168.101.1) is not the router to the outside world. 2. This is intended but I may be able to configure additional routes on the embedded ARM device 3. The embedded ARM system (IPv4: 192.168.101.2) is synced to the windows box and does not have a proper LCL which is battery buffered or synced otherwise (GPS or DCF etc) so it drifts badly and starts up with bogus time upon boot. The ARM system has the following ntp.conf. BEGIN paste ntp.conf # /etc/ntp.conf - Configuration file for ntpd ## ## Undisciplined Local Clock. This is a fake driver intended for backup ## and when no outside source of synchronized time is available. ## server 127.127.1.0 # local clock (LCL) fudge 127.127.1.0 stratum 10 # LCL is unsynchronized ## ## Outside source of synchronized time. ## Uncomment when needed. ## # IP address of server ## ## Miscellaneous stuff ## #driftfile /etc/ntp.drift # path for drift file #driftfile /run/ntp.drift #logfile /var/log/ntp # alternate log file #logfile /run/ntp.log #logconfig =syncstatus + sysevents logconfig =all # statsdir /rdisk/ # directory for statistics files # filegen peerstats file peerstats type day enable # filegen loopstats file loopstats type day enable # filegen clockstats file clockstats type day enable server 192.168.101.35 server 192.168.101.2 END paste ntp.conf - What I want to achieve is just the ARM system syncing itself to the windows box, that I maybe will swap out for a meinberg lantime device serving as a proper ntp-server in the future. What I do not understand is is this all LCL stuff needed at all? And why is the servers section listing the system itself as a server? Does this make any sense in this configuration? To be honest I received this mess and have to figure out now how to get it to work. Googling gave nothing of value and the results I found were even sometimes controversial. What I achieved so far: 1. ntpdate -q 192.168.101.35 yields correct time and intends to step clock as the offset of the embedded ARM box is approx. 1 minute now compared to the windows box having startum 4 - following is the output: BEGIN # ntpdate -q 192.168.101.35 server 192.168.101.35, stratum 4, offset 64.145311, delay 0.02582 18 May 13:20:07 ntpdate[9548]: step time server 192.168.101.35 offset 64.145311 sec END 2. ntpd process seems running OK on startup, with ps showing: ntpd -g -c /tmp/ntp.conf -f /tmp/ntp.2021-05-07T13:11:54+0200.drift -l /tmp/ntp.2021-05-07T13:11:54+0200.log 3. Logfile seems strange as the only output I see is dated to May 7th this year and I checked it today. Please point me in the right direction, as I am out of ideas now. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Regarding SHA1 authentication and Key_id 0 and no MAC sent in packets from server
Hi all Just an update to close this thread. I just saw that keyid of all 0 as MAC is the crypto-nak and so will pursue that line of investigation. Thanks Srihari On Tue, May 18, 2021, 3:41 PM Srihari Raghavan wrote: > Hi all > > I was trying to get SHA1 based symmetric key authentication and MAC work > with a standard Linux NTP server. > > I have root access to the Linux NTP server but the NTP server there is > ALWAYS sending back replies with 'key id: ' with no MAC in reply to > an NTP client sending valid packets. > >1. Linux test_ntp 3.10.0-957.27.2.el7.x86_64 #1 SMP Tue Jul 9 16:53:14 >UTC 2019 x86_64 x86_64 x86_64 GNU/Linux >2. ntpd 4.2.6p5 in Red Hat Enterprise Linux Server release 7.6 (Maipo) >3. I have the following /etc/ntp/keys file as generated by 'ntpkeygen >-M' > 1. # idtypekey > 21 SHA1 bfe521e1c452d12885dd25ce889 # > > 4. openssl is supported - OpenSSL 1.0.2k-fips 26 Jan 2017 >5. As seen in the attached images, the NTP client sends a key ID: 21 >with a MAC, while the server ALWAYS replies with key ID:0 and no MAC. >6. Between the same server and client, MD5 configuration and MAC works >perfectly fine. > > I also saw that the RHEL version that I have, has the fixes for the > following issue. > https://bugzilla.redhat.com/show_bug.cgi?id=641800 > > Thoughts? > > Thanks > Srihari > > > ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpd on busybox ARM system not keeping time with server
On 18/05/2021 12:39, Andreas Schick wrote: I could safely remove the LCL entries and the server line where it lists own IPv4 address of the ARM box I think it is more accurate to say that you CANNOT safely keep these! The self reference is plain wrong. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpd on busybox ARM system not keeping time with server
On 18/05/2021 12:26, Andreas Schick wrote: server 127.127.1.0 # local clock (LCL) fudge 127.127.1.0 stratum 10 # LCL is unsynchronized Delete these lines. As described, this system is not suitable as a time server, and including these lines on a pure client can actually frustrate synchronisation. This fake server is likely to vote against the genuine server. server 192.168.101.2 This appears to be the machine itself, so it will be voting that's its own time is correct. Delete it. Windows machines can vary from fair to atrocious as time servers. A workstation running a default configuration of w32time will be at the atrocious end. You should make sure that the ARM starts in the right ball park, by either using a file timestamp to record the time at, or close to, shutdown, or, as a last resort, setting a fixed time that isn't too far from reality. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
