# NTP Server Problems

## quantum0726

I'm having some problems running an NTP server on my LAN.  I have a Gentoo router set up at 192.168.0.1.  On I have the following configuration:

/etc/ntp.conf:

----------------

restrict 127.0.0.1 nomodify

restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap

server time.nist.gov prefer

server 0.pool.ntp.org

server 1.pool.ntp.org

server 2.pool.ntp.org

server 127.127.1.0

fudge 127.127.1.0 stratum 10

driftfile /var/lib/ntp/ntp.drift

logfile /var/log/ntp.log

/etc/conf.d/ntp-client:

-------------------------

NTPCLIENT_CMD="ntpdate"

NTPCLIENT_OPTS="-b time.nist.gov"

NTPCLIENT_TIMEOUT=30

I have ntp-client and ntpd in my default runlevel.  When I boot my router, ntpclient grabs a time from time.nist.gov successfully (it tells me this as a status message and my server's time has stayed very accurate since I've had this running).

However, I have been trying to get another Gentoo desktop on my LAN to sync with my router with NTP, but I cannot.  Running `ntpdate 192.168.0.1` returns:

--------

Looking for host 192.168.0.1 and service ntp

host found : 192.168.0.1

27 May 18:52:58 ntpdate[10146]: no server suitable for synchronization found

--------

Running an nmap on my router (from localhost or from my Gentoo desktop) I do not see port 123 open.  I tried with iptables off but I get the same thing.  Any ideas on what I've been doing wrong?

Thanks much!

----------

## overkll

I've had the same problem.  I think 'can't find a suitable server" translates to "your a stratum 3 server and I want a stratum 1 or 2 server.  Of course I could be wrong.

I just set the other one up to check the same servers.  So both boxes are checking the same stratum 2 servers.  Works for me!

You can check to see if ntpd is listening by:

```
# netstat -anA inet|grep 123

udp        0      0 127.0.0.1:123           0.0.0.0:*

udp        0      0 10.0.0.10:123           0.0.0.0:*

udp        0      0 0.0.0.0:123             0.0.0.0:*
```

ntpq is also handy:

```
# ntpq -p

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

+snm.sd.dreamhos 164.67.62.194    2 u  442 1024  377   51.461    1.325   0.190

+clock-a.develoo 164.67.62.194    2 u  455 1024  377   50.592    0.291   0.174

+mainframe.cynac 130.126.24.53    3 u  465 1024  377   35.354   -7.295   0.291

*ntp3.tamu.edu   128.194.254.7    2 u  207 1024  377   24.326    1.892   0.501
```

should give you a status list of the servers.  If it doesn't, you'll need to revisit you configuration files.

----------

## erikm

Hi guys,

I'm more or less in the same boat. I´m away from my machines at the moment, but I will check your configs as soon as I can. I wonder though, is it possible to trick the LAN ntp client into thinking the LAN ntp server is a stratum 3, using fudge? My LAN needs to be able to survive WAN access going down...

----------

## larand54

This works for me:

I never installed any client, just uses the server.

I have a computer as a firewall and has setup ntp on that machine.

/etc/ntp.conf:

```

mars root # cat /etc/ntp.conf

restrict 127.0.0.1 notrust nomodify notrap

restrict 172.16.68.0 mask 255.255.255.0  nomodify

server ntp1.sp.se

server ntp2.sp.se

server ntp1.mmo.netnod.se

server ntp2.mmo.netnod.se

server ntp1.sth.netnod.se

server ntp2.sth.netnod.se

server ntp1.gbg.netnod.se

driftfile /var/lib/ntp/ntp.drift

logfile /var/log/ntp.log

```

I also installed the server on all computers on the lan:

```

merkurius ~ # cat /etc/ntp.conf

server 172.16.68.1

driftfile       /var/lib/ntp/ntp.drift

restrict default nomodify nopeer

restrict 127.0.0.1

```

That's all.

Well, ofcourse I have added the rc-script to start ntp on all machines.

Hope this help

----------

## overkll

Thanks larand54!  Works for me too!  :Very Happy: 

----------

## erikm

I have a really weird problem here, just wondering if anyone heard of anything like it: ntpq kills ntpd. I can get the ntpd up and running, it syncs and works nicely, but if I try to do ntpq -p, the daemon dies and I get the "ntpq: read: Connection refused" error.

This is reproducible with configs that work on two other machines, the configs posted here and the configs I previously used...  :Crying or Very sad: 

----------

## overkll

ErikM

I had that problem too.  I don't remember the exact error message, but it was something similar.  My ntp.conf was misconfigured.  I think I just made ntp.conf as basic as possible, checking with ntpq -p, and working my way back up with more options.  I also picked my servers manually instead of pool.ntp.org.  I used a combination of mirrorselect and searching the web for public startum 2 servers in my area that didn't require notification before use.  After all that, I believe I just had a typo.  DOH!

Sorry I can't be more specific.

----------

## quantum0726

 *larand54 wrote:*   

> I also installed the server on all computers on the lan:
> 
> ```
> 
> merkurius ~ # cat /etc/ntp.conf
> ...

 

I haven't tried this yet, but I'm wondering if there's any way to force out this conf file with dhcp?  I have my dhcpd setting ntp_server to my router (where I am attempting to run ntpd), but I don't know if there's any place I can tell it to push out these settings to all the clients on my LAN.

----------

## erikm

 *overkll wrote:*   

> ErikM
> 
> I had that problem too.  I don't remember the exact error message, but it was something similar.  My ntp.conf was misconfigured.  I think I just made ntp.conf as basic as possible, checking with ntpq -p, and working my way back up with more options.  I also picked my servers manually instead of pool.ntp.org.  I used a combination of mirrorselect and searching the web for public startum 2 servers in my area that didn't require notification before use.  After all that, I believe I just had a typo.  DOH!
> 
> Sorry I can't be more specific.

 

Thanks for helping out, I'll try. I'll post back should I find anything revolutionizing...  :Smile: 

----------

## overkll

 *quantum0726 wrote:*   

> 
> 
> I haven't tried this yet, but I'm wondering if there's any way to force out this conf file with dhcp? I have my dhcpd setting ntp_server to my router (where I am attempting to run ntpd), but I don't know if there's any place I can tell it to push out these settings to all the clients on my LAN.

 

I don't think you can force out the file with dhcpd.  I found this on the dhcp-options man page

 *Quote:*   

> option time-servers ip-address [, ip-address... ];
> 
>     The time-server option specifies a list of RFC 868 time servers available to the client. Servers should be listed in order of preference. 

 

Probably add this option to you dhcpd.conf file on the server with YOUR ntp server's ip address.

Here's a link to an online version.

----------

## zen_guerrilla

Propably OT: I highly recommend using openntpd, it's more secure than ntp & quite more simple to config & use.

A nice client is clockspeed.

Just s/IP/{your server's ip address} and (for the server) :

```
$ emerge openntpd && mkdir /var/run/ntpd && chown ntp:ntp /var/run/ntpd && chmod 700 /var/run/ntpd

$ sed -i "s:^#listen on \*:listen on IP:g" /etc/ntpd.conf

$ sed -i "s:^NTPD_HOME.*:NTPD_HOME='/var/run/ntpd':g" /etc/conf.d/ntpd

$ /etc/init.d/ntpd start && rc-update -a ntpd default
```

And fom clients: 

```
$ emerge clockspeed && /usr/sbin/ntpclockset IP
```

And you're done  :Smile: .

----------

## larand54

If you use dhcpcd, you need to add the following line into file /etc/conf.d/net 

```
dhcpcd_eth0="-N"
```

Else dhcpcd will overwrite your ntp.conf file.

You can read about it by entering: 

```
man dhcpcd
```

----------

## butters

I have the same problem as the original poster when I start ntp-client:

 * Setting clock via the NTP client 'ntpdate' ...

 8 Jun 10:53:55 ntpdate[7740]: no server suitable for synchronization found

 * Failed to set clock

My /etc/conf.d/ntp-client:

NTPCLIENT_CMD="ntpdate"

NTPCLIENT_OPTS="-b -u ntppub.tamu.edu"

NTPCLIENT_TIMEOUT=30

My /etc/ntp.conf (not modified):

server pool.ntp.org

driftfile       /var/lib/ntp/ntp.drift

restrict default nomodify nopeer

restrict 127.0.0.1

I don't start ntpd, just ntp-client.  This has worked for me in the past, but not now...

Do I need to run the server for some reason?

----------

## overkll

Have you tried running "ntpdate" from the command line?  That may help you track down the issue.  You shouldn't have to worry about ntp.conf if you are just running ntp-client.

FYI "ntpdate" just grabs the time from the specified server and updates your clock.  "ntpd" will poll the specified servers and adjust your time more precisely.  So, "ntpd" can act as a client, a server or both.

It's probably not the problem but "ntppub.tamu.edu" is Texas A&M University.  You should try to pick a ntp server geographically closer to your location.  You're in Pittsburgh, right?

----------

## butters

Actually, I'm here in Austin! I should update my profile.

# ntpdate -b -u ntppub.tamu.edu (or pool.ntp.org)

doesn't give any more enlightening error messages:

13 Jun 09:05:49 ntpdate[24278]: no server suitable for synchronization found

I'm beginning to think maybe the corporate firewall is blocking outgoing NTP requests?

----------

