[ale] NTP...

Joe Steele joe at madewell.com
Mon Apr 24 17:07:46 EDT 2006 

Michael B. Trausch wrote:
> Okay, well, here's something interesting:
>
> root at cinnamon:~# ntpdate -u pool.ntp.org
> 24 Apr 15:08:45 ntpdate[9163]: step time server 64.136.200.96 
> offset -5.162111 sec
> root at cinnamon:~# ntpdate -u pool.ntp.org
> 24 Apr 15:08:54 ntpdate[9164]: adjust time server 64.136.200.96 
> offset -0.000806 sec
> root at cinnamon:~# ntpdate -u pool.ntp.org
> 24 Apr 15:08:58 ntpdate[9165]: adjust time server 64.136.200.96 
> offset -0.000766 sec
>
> So, that seems to work.  Now, however, I have to wonder how to get the rest 
> of it working.
>
>   
So, to recap:  "ntpdate pool.ntp.org" fails, but "ntpdate -u 
pool.ntp.org" works, correct?  The implication is that something is 
blocking outbound (or inbound) UDP packets that have a source port (or 
destination port, respectively) of 123 (ntp).
> It *looks like* (yet again, I'm kind of stabbing in the dark) I cannot get 
> things going.  Somebody else (Bj?rn Gustafsson) suggested something about 
> authentication keys?
>   
I don't think the servers at pool.ntp.org require any sort of 
authentication (otherwise, that would be spelled out at 
http://www.pool.ntp.org).  Also, you've shown that ntpdate is successful 
without authentication.
> Might that be why I'm getting the following?
>
> ntpq> lassociations
>
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 11372  8000   yes   yes  none    reject
>   2 11373  8000   yes   yes  none    reject
>   3 11374  8000   yes   yes  none    reject
>   4 11375  8000   yes   yes  none    reject
>   5 11376  8000   yes   yes  none    reject
>   6 11377  8000   yes   yes  none    reject
>   7 11378  8000   yes   yes  none    reject
> ntpq> lopeers
>      remote           local      st t when poll reach   delay   offset    
> disp
> ==============================================================================
>  ntp3.usv.ro     192.168.0.100   16 u    -   64    0    0.000    0.000 
> 4000.00
>  Time20.Stupi.SE 192.168.0.100   16 u    -   64    0    0.000    0.000 
> 4000.00
>  c-24-91-98-32.h 192.168.0.100   16 u    -   64    0    0.000    0.000 
> 4000.00
>  dsl081-199-165. 192.168.0.100   16 u    -   64    0    0.000    0.000 
> 4000.00
>  cuba.esysmail.c 192.168.0.100   16 u    -   64    0    0.000    0.000 
> 4000.00
>  zoiedog.com     192.168.0.100   16 u    -   64    0    0.000    0.000 
> 4000.00
>  d57-69-157.home 192.168.0.100   16 u    -   64    0    0.000    0.000 
> 4000.00
> ntpq>
>
>   
The fact that "reach" equals 0 implies that ntpd is unable to elicit a 
reply from any of the servers.  As I said above, It looks like something 
is blocking outbound (or inbound) UDP NTP packets (ethereal or tcpdump 
could confirm this).  Unfortunately, ntpd has no equivalent to the "-u" 
option for ntpdate (at least I've not come across such an option), so 
you'll need to figure out where the packets are being blocked.

--Joe

More information about the Ale mailing list