Description of problem: During ipa-client-install this warning is displayed: WARNING Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. The IPA NTP server is available and responding to other clients. ipa-client-install does configure and start ntpd which then works correctly. This is not a big problem, more of an annoyance really, but it did cause me to stop and check that NTP was working. Version-Release number of selected component (if applicable): freeipa-client-3.1.5-1.fc18.x86_64 How reproducible: This warning is only displayed where the ipa client is being rebuilt. Steps to Reproduce: 1. ipa-client-install --uninstall 2. reboot 3. ipa-client-install \ --domain hunter.org \ --enable-dns-updates \ --password adminpassword \ --principal admin \ --realm HUNTER.ORG \ --ssh-trust-dns \ --unattended Actual results: from ipaclient-install.log 2013-06-18T03:34:10Z INFO Synchronizing time with KDC... 2013-06-18T03:34:10Z DEBUG Search DNS for SRV record of _ntp._udp.hunter.org 2013-06-18T03:34:10Z DEBUG DNS record found: 0 100 123 ipa.hunter.org. 2013-06-18T03:34:10Z DEBUG Starting external process 2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org 2013-06-18T03:34:10Z DEBUG Process finished, return code=1 2013-06-18T03:34:10Z DEBUG stdout= 2013-06-18T03:34:10Z DEBUG stderr= 2013-06-18T03:34:10Z DEBUG Starting external process 2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org 2013-06-18T03:34:10Z DEBUG Process finished, return code=1 2013-06-18T03:34:10Z DEBUG stdout= 2013-06-18T03:34:10Z DEBUG stderr= 2013-06-18T03:34:10Z DEBUG Starting external process 2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org 2013-06-18T03:34:10Z DEBUG Process finished, return code=1 2013-06-18T03:34:10Z DEBUG stdout= 2013-06-18T03:34:10Z DEBUG stderr= 2013-06-18T03:34:10Z DEBUG Starting external process 2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org 2013-06-18T03:34:10Z DEBUG Process finished, return code=1 2013-06-18T03:34:10Z DEBUG stdout= 2013-06-18T03:34:10Z DEBUG stderr= 2013-06-18T03:34:10Z DEBUG Starting external process 2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org 2013-06-18T03:34:10Z DEBUG Process finished, return code=1 2013-06-18T03:34:10Z DEBUG stdout= 2013-06-18T03:34:10Z DEBUG stderr= 2013-06-18T03:34:10Z DEBUG Starting external process 2013-06-18T03:34:10Z DEBUG args=/usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org 2013-06-18T03:34:10Z DEBUG Process finished, return code=1 2013-06-18T03:34:10Z DEBUG stdout= 2013-06-18T03:34:10Z DEBUG stderr= 2013-06-18T03:34:10Z WARNING Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Expected results: This command: /usr/sbin/ntpdate -U ntp -s -b -v ipa.hunter.org should be successful. Additional info: I believe the problem is that when the ipa client is uninstalled the ntpd.service is not stopped. If ntpd.service is running ntpdate will fail because it can not use the port. Inserting: systemctl stop ntpd.service before: ipa-client-install \ --domain hunter.org \ --enable-dns-updates \ --password adminpassword \ --principal admin \ --realm HUNTER.ORG \ --ssh-trust-dns \ --unattended resolved the problem.
You are right. When ntpd.service is enabled and IPA client fails to synchronize the time (even though this is probably redundant step as NTP is already set). We already do time synchronization checks with chrony: # service chronyd start # ipa-client-install WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd ... We need to extend the check for ntpd too and avoid doing the NTP sync. I will open an upstream ticket.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3735
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
This issue is still valid for current Fedora version, changing the version field.
*** Bug 1063512 has been marked as a duplicate of this bug. ***
Note that Bug 1063512 contains an interesting proposal how to fix the code.
freeipa-3.3.4 uses ntpdate, so the proposed change works. However, the freeipa version obtained from the git repository ( git clone git://git.fedorahosted.org/git/freeipa.git) switched to ntpd. Provided the ntp server (the freeipa one) in the temporary config file works, ntpd -qgc /path/to/temp/config should work: [root@centos64 ~]# date Thu Feb 13 10:17:59 EST 2014 [root@centos64 ~]# date +%T -s "6:13:13" 06:13:13 [root@centos64 ~]# date Thu Feb 13 06:13:14 EST 2014 [root@centos64 ~]# ntpd -qgc /tmp/doobie ntpd: time set +14696.921704s [root@centos64 ~]# date Thu Feb 13 10:18:42 EST 2014 [root@centos64 ~]# Therefore, the proposed solution in https://bugzilla.redhat.com/show_bug.cgi?id=1063512 only affects freeipa-3.3.4 and earlier.
This message is a reminder that Fedora 20 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 20. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '20'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 20 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Closing it in for Fedora 20 as there are number of fixes FreeIPA 4.2 upstream.