Description of problem: ntp as a client syncs OK but, as a server clients fail to sync with it. No firewalls in between client and server, iptables policies on both ACCEPT on all chains. ######## ntp.conf operating as a server 172.18.2.30 ######### restrict default ignore restrict 127.0.0.1 restrict 172.16.0.0 mask 255.255.0.0 notrust nomodify notrap restrict 172.17.0.0 mask 255.255.0.0 notrust nomodify notrap restrict 172.18.2.0 mask 255.255.255.0 notrust nomodify notrap restrict 128.138.140.44 mask 255.255.255.255 nomodify notrap noquery server 128.138.140.44 prefer # utcnist.colorado.edu restrict 192.5.41.40 mask 255.255.255.255 nomodify notrap noquery server 192.5.41.40 # ntp0.usno.navy.mil restrict 132.163.135.131 mask 255.255.255.255 nomodify notrap noquery server 132.163.135.131 # time-b.timefreq.bldrdoc.gov restrict 192.43.244.18 mask 255.255.255.255 nomodify notrap noquery server 192.43.244.18 #time.nist.gov restrict 204.34.198.40 mask 255.255.255.255 nomodify notrap noquery server 204.34.198.40 #tick.usnogps.navy.mil restrict 204.34.198.41 mask 255.255.255.255 nomodify notrap noquery server 204.34.198.41 #tock.usnogps.navy.mil server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008 ####### /var/log/messages - on ntp startup ############# Jul 21 10:26:06 ww11 ntpd: ntpd shutdown succeeded Jul 21 10:26:06 ww11 ntpd[16357]: ntpd 4.2.0a Mon Oct 11 09:10:20 EDT 2004 (1) Jul 21 10:26:06 ww11 ntpd[16357]: precision = 1.000 usec Jul 21 10:26:06 ww11 ntpd[16357]: Listening on interface wildcard, 0.0.0.0#123 Jul 21 10:26:06 ww11 ntpd[16357]: Listening on interface wildcard, ::#123 Jul 21 10:26:06 ww11 ntpd[16357]: Listening on interface lo, 127.0.0.1#123 Jul 21 10:26:06 ww11 ntpd[16357]: Listening on interface eth0, 172.18.2.30#123 Jul 21 10:26:06 ww11 ntpd[16357]: kernel time sync status 0040 Jul 21 10:26:06 ww11 ntpd: ntpd startup succeeded Jul 21 10:26:06 ww11 ntpd[16357]: frequency initialized 32.442 PPM from /var/lib/ntp/drift ########## client side ################# ghost:~ # ntpdate -b 172.18.2.30 21 Jul 10:30:53 ntpdate[6799]: no server suitable for synchronization found ######### ntp server tcpdump -vvvntXs 1512 udp port 123 ########## IP (tos 0x0, ttl 241, id 19092, offset 0, flags [DF], proto 17, length: 76) 172.17.217.55.ntp > 172.18.2.30.ntp: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0, poll 4s, precision -6 Root Delay: 1.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3330952249.214478999 (2005/07/21 10:30:49) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3330952249.214478999 (2005/07/21 10:30:49) 0x0000: 4500 004c 4a94 4000 f111 0b93 ac11 d937 E..LJ.@........7 0x0010: ac12 021e 007b 007b 0038 80e3 e300 04fa .....{.{.8...... 0x0020: 0001 0000 0001 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0040: 0000 0000 c68a 4c39 36e8 1882 ......L96... IP (tos 0x0, ttl 241, id 61788, offset 0, flags [DF], proto 17, length: 76) 172.17.217.55.ntp > 172.18.2.30.ntp: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0, poll 4s, precision -6 Root Delay: 1.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3330952250.219302999 (2005/07/21 10:30:50) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3330952250.219302999 (2005/07/21 10:30:50) 0x0000: 4500 004c f15c 4000 f111 64ca ac11 d937 E..L.\@...d....7 0x0010: ac12 021e 007b 007b 0038 5a5c e300 04fa .....{.{.8Z\.... 0x0020: 0001 0000 0001 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0040: 0000 0000 c68a 4c3a 3824 3dcc ......L:8$=. IP (tos 0x0, ttl 241, id 42283, offset 0, flags [DF], proto 17, length: 76) 172.17.217.55.ntp > 172.18.2.30.ntp: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0, poll 4s, precision -6 Root Delay: 1.000000, Root dispersion: 1.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3330952251.224132999 (2005/07/21 10:30:51) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3330952251.224132999 (2005/07/21 10:30:51) 0x0000: 4500 004c a52b 4000 f111 b0fb ac11 d937 E..L.+@........7 0x0010: ac12 021e 007b 007b 0038 cf2a e300 04fa .....{.{.8.*.... 0x0020: 0001 0000 0001 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0040: 0000 0000 c68a 4c3b 3960 c7c0 ......L;9`.. IP (tos 0x0, ttl 241, id 50057, offset 0, flags [DF], proto 17, length: 76) 172.17.217.55.ntp > 172.18.2.30.ntp: [udp sum ok] NTPv4, length 48
More packet traces - I changed the ntp.conf on the server to point at RedHat's NTP servers. ######### ntptrace ww11 on the client side ############# ghost:~ # ntptrace ww11 ww11: stratum 2, offset 0.000711, synch distance 0.069203 clock2.redhat.com: stratum 1, offset 0.000000, synch distance 0.000489, refid 'CDMA' ~ and ~ ghost:~ # ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== *127.127.1.0 LOCAL(0) 10 l 15 64 377 0.000 0.000 0.002 172.18.2.30 .INIT. 16 u - 64 0 0.000 0.000 4000.00 ######### ntp server tcpdump -vvvntXs 1512 udp port 123 ########## [root@ww11 ~]# tcpdump -vvvnttXs 1512 udp port 123 and host 172.17.217.55 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1512 bytes 1122906862.019440 IP (tos 0x0, ttl 241, id 59830, offset 0, flags [DF], proto 17, length: 40) 172.17.217.55.2556 > 172.18.2.30.ntp: [udp sum ok] NTPv2, length 12 Reserved, Leap indicator: (0), Stratum 2, poll 0s, precision 1 Root Delay: 0.000000, Root dispersion: 0.000000 [|ntp] 0x0000: 4500 0028 e9b6 4000 f111 6c94 ac11 d937 E..(..@...l....7 0x0010: ac12 021e 09fc 007b 0014 abd2 1602 0001 .......{........ 0x0020: 0000 0000 0000 0000 0000 0000 0000 .............. 1122906862.019587 IP (tos 0x10, ttl 64, id 1360, offset 0, flags [DF], proto 17, length: 420) 172.18.2.30.ntp > 172.17.217.55.2556: [bad udp cksum e843!] NTPv2, length 392 Reserved, Leap indicator: (0), Stratum 130, poll 0s, precision 1 Root Delay: 1620.000000, Root dispersion: 0.005767, Reference-ID: 118.101.114.115 Reference Timestamp: 1768910397.134497907 (1956/01/21 04:59:57) Originator Timestamp: 1679832110.196017287 (1953/03/26 05:01:50) Receive Timestamp: 1076964913.192278872 (1934/02/16 13:55:13) Transmit Timestamp: 1914719599.430180513 (1960/09/03 19:33:19) Originator - Receive Timestamp: -602867197.003738415 Originator - Transmit Timestamp: +234887489.234163225 0x0000: 4510 01a4 0550 4000 4011 0070 ac12 021e E....P@.@..p.... 0x0010: ac11 d937 007b 09fc 0190 351b 1682 0001 ...7.{....5..... 0x0020: 0654 0000 0000 017a 7665 7273 696f 6e3d .T.....zversion= 0x0030: 226e 7470 6420 342e 322e 3061 4031 2e31 "ntpd.4.2.0a 0x0040: 3139 302d 7220 4d6f 6e20 4f63 7420 3131 190-r.Mon.Oct.11 0x0050: 2030 393a 3130 3a32 3020 4544 5420 3230 .09:10:20.EDT.20 0x0060: 3034 2028 3129 222c 0d0a 7072 6f63 6573 04.(1)",..proces 0x0070: 736f 723d 2269 3638 3622 2c20 7379 7374 sor="i686",.syst 0x0080: 656d 3d22 4c69 6e75 782f 322e 362e 392d em="Linux/2.6.9- 0x0090: 3131 2e45 4c73 6d70 222c 206c 6561 703d 11.ELsmp",.leap= 0x00a0: 302c 2073 7472 6174 756d 3d32 2c0d 0a70 0,.stratum=2,..p 0x00b0: 7265 6369 7369 6f6e 3d2d 3230 2c20 726f recision=-20,.ro 0x00c0: 6f74 6465 6c61 793d 3633 2e34 3237 2c20 otdelay=63.427,. 0x00d0: 726f 6f74 6469 7370 6572 7369 6f6e 3d33 rootdispersion=3 0x00e0: 372e 3438 392c 2070 6565 723d 3333 3231 7.489,.peer=3321 0x00f0: 322c 0d0a 7265 6669 643d 3636 2e31 3837 2,..refid=66.187 0x0100: 2e32 3234 2e34 2c20 7265 6674 696d 653d .224.4,.reftime= 0x0110: 3078 6336 3938 6230 3233 2e63 6332 6263 0xc698b023.cc2bc 0x0120: 3732 652c 2070 6f6c 6c3d 3130 2c0d 0a63 72e,.poll=10,..c 0x0130: 6c6f 636b 3d30 7863 3639 3862 3136 652e lock=0xc698b16e. 0x0140: 3035 3031 6230 3033 2c20 7374 6174 653d 0501b003,.state= 0x0150: 342c 206f 6666 7365 743d 302e 3731 312c 4,.offset=0.711, 0x0160: 2066 7265 7175 656e 6379 3d33 322e 3238 .frequency=32.28 0x0170: 332c 0d0a 6e6f 6973 653d 3130 2e34 3136 3,..noise=10.416 0x0180: 2c20 6a69 7474 6572 3d31 2e31 3339 2c20 ,.jitter=1.139,. 0x0190: 7374 6162 696c 6974 793d 3233 2e31 3338 stability=23.138 0x01a0: 0d0a 0000 .... 1122906862.027684 IP (tos 0x0, ttl 241, id 2426, offset 0, flags [DF], proto 17, length: 40) 172.17.217.55.2557 > 172.18.2.30.ntp: [udp sum ok] NTPv2, length 12 Reserved, Leap indicator: (0), Stratum 1, poll 0s, precision 1 Root Delay: 0.506774, Root dispersion: 0.000000 [|ntp] 0x0000: 4500 0028 097a 4000 f111 4cd1 ac11 d937 E..(.z@...L....7 0x0010: ac12 021e 09fd 007b 0014 2a16 1601 0001 .......{..*..... 0x0020: 0000 81bc 0000 0000 0000 0000 0000 .............. 1122906862.027802 IP (tos 0x10, ttl 64, id 1361, offset 0, flags [DF], proto 17, length: 452) 172.18.2.30.ntp > 172.17.217.55.2557: [bad udp cksum ce3c!] NTPv2, length 424 Reserved, Leap indicator: (0), Stratum 161, poll 0s, precision 1 Root Delay: 38420.506774, Root dispersion: 0.006286, Reference-ID: 115.114.99.97 Reference Timestamp: 1685208374.211642337 (1953/05/27 10:26:14) Originator Timestamp: 925774386.203830013 (1929/05/03 16:33:06) Receive Timestamp: 544436835.439200547 (1917/04/03 01:27:15) Transmit Timestamp: 1026634291.172369268 (1932/07/14 01:11:31) Originator - Receive Timestamp: -381337550.764629466 Originator - Transmit Timestamp: +100859904.968539254 0x0000: 4510 01c4 0551 4000 4011 004f ac12 021e E....Q@.@..O.... 0x0010: ac11 d937 007b 09fd 01b0 353b 16a1 0001 ...7.{....5;.... 0x0020: 9614 81bc 0000 019c 7372 6361 6472 3d36 ........srcadr=6 0x0030: 362e 3138 372e 3232 342e 342c 2073 7263 6.187.224.4,.src 0x0040: 706f 7274 3d31 3233 2c20 6473 7461 6472 port=123,.dstadr 0x0050: 3d31 3732 2e31 382e 322e 3330 2c20 6473 =172.18.2.30,.ds 0x0060: 7470 6f72 743d 3132 332c 0d0a 6c65 6170 tport=123,..leap 0x0070: 3d30 2c20 7374 7261 7475 6d3d 312c 2070 =0,.stratum=1,.p 0x0080: 7265 6369 7369 6f6e 3d2d 3136 2c20 726f recision=-16,.ro 0x0090: 6f74 6465 6c61 793d 302e 3030 302c 2072 otdelay=0.000,.r 0x00a0: 6f6f 7464 6973 7065 7273 696f 6e3d 302e ootdispersion=0. 0x00b0: 3435 382c 0d0a 7265 6669 643d 4344 4d41 458,..refid=CDMA 0x00c0: 2c20 7265 6163 683d 3078 6666 2c20 756e ,.reach=0xff,.un 0x00d0: 7265 6163 683d 302c 2068 6d6f 6465 3d33 reach=0,.hmode=3 0x00e0: 2c20 706d 6f64 653d 342c 2068 706f 6c6c ,.pmode=4,.hpoll 0x00f0: 3d31 302c 2070 706f 6c6c 3d31 302c 0d0a =10,.ppoll=10,.. 0x0100: 666c 6173 683d 3078 302c 206b 6579 6964 flash=0x0,.keyid 0x0110: 3d30 2c20 7474 6c3d 302c 206f 6666 7365 =0,.ttl=0,.offse 0x0120: 743d 302e 3731 312c 2064 656c 6179 3d36 t=0.711,.delay=6 0x0130: 332e 3432 372c 0d0a 6469 7370 6572 7369 3.427,..dispersi 0x0140: 6f6e 3d31 342e 3835 372c 206a 6974 7465 on=14.857,.jitte 0x0150: 723d 312e 3133 392c 2072 6566 7469 6d65 r=1.139,.reftime 0x0160: 3d30 7863 3639 3862 3031 372e 3437 3630 =0xc698b017.4760 0x0170: 3662 3761 2c0d 0a6f 7267 3d30 7863 3639 6b7a,..org=0xc69 0x0180: 3862 3032 332e 6334 3362 6637 3237 2c20 8b023.c43bf727,. 0x0190: 7265 633d 3078 6336 3938 6230 3233 2e63 rec=0xc698b023.c 0x01a0: 6332 6263 3732 652c 0d0a 786d 743d 3078 c2bc72e,..xmt=0x 0x01b0: 6336 3938 6230 3233 2e62 6263 6137 3530 c698b023.bbca750 0x01c0: 332c 0d0a 3,.. 1122906862.027843 IP (tos 0x10, ttl 64, id 1362, offset 0, flags [DF], proto 17, length: 224) 172.18.2.30.ntp > 172.17.217.55.2557: [bad udp cksum aaf1!] NTPv2, length 196 Reserved, Leap indicator: (0), Stratum 129, poll 0s, precision 1 Root Delay: 38420.506774, Root dispersion: 412.002761, Reference-ID: 102.105.108.116 Reference Timestamp: 1684368481.473588956 (1953/05/17 17:08:01) Originator Timestamp: 858666035.125827144 (1927/03/18 23:20:35) Receive Timestamp: 892346423.192111086 (1928/04/11 19:00:23) Transmit Timestamp: 540619822.203935635 (1917/02/17 21:10:22) Originator - Receive Timestamp: +33680388.066283941 Originator - Transmit Timestamp: -318046212.921891508 0x0000: 4510 00e0 0552 4000 4011 0132 ac12 021e E....R@.@..2.... 0x0010: ac11 d937 007b 09fd 00cc 3457 1681 0001 ...7.{....4W.... 0x0020: 9614 81bc 019c 00b5 6669 6c74 6465 6c61 ........filtdela 0x0030: 793d 2036 332e 3433 2036 352e 3530 2037 y=.63.43.65.50.7 0x0040: 312e 3130 2039 342e 3435 2036 322e 3538 1.10.94.45.62.58 0x0050: 2036 332e 3332 2036 332e 3037 2036 322e .63.32.63.07.62. 0x0060: 3730 2c0d 0a66 696c 746f 6666 7365 743d 70,..filtoffset= 0x0070: 2030 2e37 3120 2d30 2e34 3320 352e 3831 .0.71.-0.43.5.81 0x0080: 202d 3136 2e38 3020 2d30 2e33 3520 2d31 .-16.80.-0.35.-1 0x0090: 2e33 3620 2d30 2e35 3320 2d30 2e32 372c .36.-0.53.-0.27, 0x00a0: 0d0a 6669 6c74 6469 7370 3d20 302e 3032 ..filtdisp=.0.02 0x00b0: 2031 352e 3431 2033 302e 3738 2034 362e .15.41.30.78.46. 0x00c0: 3134 2036 312e 3532 2037 362e 3838 2039 14.61.52.76.88.9 0x00d0: 322e 3235 2031 3037 2e36 330d 0a00 0000 2.25.107.63..... 1122906869.384222 IP (tos 0x10, ttl 241, id 18738, offset 0, flags [DF], proto 17, length: 76) 172.17.217.55.ntp > 172.18.2.30.ntp: [udp sum ok] NTPv4, length 48 Client, Leap indicator: (0), Stratum 11, poll 6s, precision -19 Root Delay: 0.000000, Root dispersion: 0.449218, Reference-ID: 127.127.1.0 Reference Timestamp: 3331895669.388514999 (2005/08/01 08:34:29) Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3331895669.388606999 (2005/08/01 08:34:29) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3331895669.388606999 (2005/08/01 08:34:29) 0x0000: 4510 004c 4932 4000 f111 0ce5 ac11 d937 E..LI2@........7 0x0010: ac12 021e 007b 007b 0038 7ee1 230b 06ed .....{.{.8~.#... 0x0020: 0000 0000 0000 7300 7f7f 0100 c698 b175 ......s........u 0x0030: 6375 b813 0000 0000 0000 0000 0000 0000 cu.............. 0x0040: 0000 0000 c698 b175 637b bf93 .......uc{.. 6 packets captured 6 packets received by filter 0 packets dropped by kernel ########## ntptrace on the server side ############# [root@ww11 ~]# ntptrace localhost.localdomain: stratum 2, offset 0.000711, synch distance 0.073882 clock2.redhat.com: stratum 1, offset 0.000000, synch distance 0.000390, refid 'CDMA' [root@ww11 ~]# ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== *66.187.224.4 .CDMA. 1 u 649 1024 377 63.427 0.711 1.139 +66.187.233.4 .CDMA. 1 u 602 1024 377 109.160 -22.746 24.517 +209.132.176.4 .CDMA. 1 u 598 1024 377 70.643 -3.480 4.149 127.127.1.0 LOCAL(0) 10 l 22 64 377 0.000 0.000 0.001
Created attachment 120843 [details] Fixed in ntp-4.2.0.a.20050816-10.src.rpm Fixed. Try to install *.src.rpm above. Tested using your ntp.conf file. (But, remove 'ignore' at line 'restrict default ignore' or add your IP-address (where you want to launch 'ntpdate'): restrict 'your-ip-address' 255.255.255.255 nomodify notrap noquery server 'your-ip-address' ) Tested using default-ntp.conf-file (remove following lines): server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org NOTE: you cannot run 'ntpdate' with -b flag on the same machine, where your 'ntpd' is running. In this case, you receive a message: ntpdate[32091]: the NTP socket is in use, exiting On the same machine you can run 'ntpdate' with -d flag only