# ntpd server not responding to clients

## deanpence

I've got an ntpd server (we'll call it "ntp-server") set up on my network for other ntpd clients to sync to, but the server is not responding. Here's how I found that out from one of the clients:

```
ntp-client1 ~ # ntpd -dq

ntpd 4.2.0@1.1161-r Wed Aug 11 22:16:27 UTC 2004 (1)

addto_syslog: ntpd 4.2.0@1.1161-r Wed Aug 11 22:16:27 UTC 2004 (1)

addto_syslog: signal_no_reset: signal 13 had flags 4000000

addto_syslog: precision = 1.000 usec

create_sockets(123)

addto_syslog: no IPv6 interfaces found

bind() fd 4, family 2, port 123, addr 0.0.0.0, flags=8

bind() fd 5, family 2, port 123, addr 10.1.2.95, flags=8

bind() fd 6, family 2, port 123, addr 127.0.0.1, flags=0

init_io: maxactivefd 6

local_clock: at 0 state 0

ntp_syslogmask = 0x0000f000 (syncstatus)

ntp_syslogmask = 0x0000f002 (+sysevents)

addto_syslog: frequency initialized 0.000 PPM from /var/lib/ntp/ntp.drift

local_clock: at 0 state 1

key_expire: at 0

peer_clear: at 0 assoc ID 13092 refid INIT

newpeer: 10.1.2.95->10.1.14.2 mode 3 vers 4 poll 6 10 flags 0x201 0x1 ttl 0 key 00000000

addto_syslog: system event 'event_restart' (0x01) status 'sync_alarm, sync_unspec, 1 event, event_unspec' (0xc010)

report_event: system event 'event_restart' (0x01) status 'sync_alarm, sync_unspec, 1 event, event_unspec' (0xc010)

transmit: at 1 10.1.2.95->10.1.14.2 mode 3

auth_agekeys: at 1 keys 1 expired 0

timer: refresh ts 0

transmit: at 3 10.1.2.95->10.1.14.2 mode 3

transmit: at 5 10.1.2.95->10.1.14.2 mode 3

transmit: at 7 10.1.2.95->10.1.14.2 mode 3

transmit: at 9 10.1.2.95->10.1.14.2 mode 3

transmit: at 11 10.1.2.95->10.1.14.2 mode 3

transmit: at 13 10.1.2.95->10.1.14.2 mode 3

transmit: at 15 10.1.2.95->10.1.14.2 mode 3

addto_syslog: no reply; clock not set
```

The server is definitely listening on 10.1.14.2 on port 123 (using UDP):

```
ntp-server ~ # netstat --inet -anp | grep ntp

udp        0      0 127.0.0.1:123           0.0.0.0:*                           14075/ntpd

udp        0      0 10.1.14.2:123           0.0.0.0:*                           14075/ntpd

udp        0      0 0.0.0.0:123             0.0.0.0:*                           14075/ntpd
```

Here's the server configuration:

```
# /etc/ntp.conf

# server config

logconfig all

driftfile /var/lib/ntp/ntp.drift

server clock.nyc.he.net

server reva.sixgirls.org

server sundial.columbia.edu

# deny access from all machines (including localhost)

restrict default noquery nomodify

# allow localhost:

restrict 127.0.0.1

# allow machines within subnet to sync but not modify

restrict 10.0.0.0    mask 255.0.0.0     nomodify notrap

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

```

Here's the client config:

```
# /etc/ntp.conf

# client config

logconfig syncstatus +sysevents

driftfile /var/lib/ntp/ntp.drift

server ntp-server

restrict default noquery nomodify

restrict 127.0.0.1
```

This works on another subnet with a different server and clients, but I can't find any difference in how they're running. Any ideas?

----------

## deanpence

bump

----------

## deanpence

I thought I had discovered that I was wrong. On the offending ntpd client machines, ntpdate seems to work. (Please excuse my hostname-munging; I have to deal with non-disclosure issues.)

```
ntp-client1 ~ # ntpdate -q ntp-server

Looking for host ntp-server and service ntp

host found : ntp-server

server 10.1.14.2, stratum 2, offset -0.002633, delay 0.02567

15 Apr 14:30:59 ntpdate[13376]: adjust time server 10.1.14.2 offset -0.002633 sec
```

... whereas ntpd doesn't (at least with the -q option) doesn't. From syslog:

```
2005-04-15 14:34:06 ntp-client1: ntpd[13692]: ntpd 4.2.0@1.1161-r Wed Aug 11 22:16:27 UTC 2004 (1)

2005-04-15 14:34:06 ntp-client1: ntpd[13692]: signal_no_reset: signal 13 had flags 4000000

2005-04-15 14:34:06 ntp-client1: ntpd[13692]: precision = 1.000 usec

2005-04-15 14:34:06 ntp-client1: ntpd[13692]: no IPv6 interfaces found

2005-04-15 14:34:06 ntp-client1: ntpd[13692]: kernel time sync status 0040

2005-04-15 14:34:06 ntp-client1: ntpd[13692]: frequency initialized -8.131 PPM from /var/lib/ntp/ntp.drift

2005-04-15 14:34:06 ntp-client1: ntpd[13692]: system event 'event_restart' (0x01) status 'sync_alarm, sync_unspec, 1 event, event_unspec' (0xc010)

2005-04-15 14:34:23 ntp-client1: ntpd[13692]: no reply; clock not set
```

So I thought it might be a bug with the '-q' option of ntpd. Then I saw this in last night's syslog:

```
2005-04-15 08:33:03 ntp-client1: ntpd[1103]: no servers reachable

2005-04-15 08:46:04 ntp-client2: ntpd[2163]: no servers reachable

2005-04-15 08:51:08 ntp-client3: ntpd[23587]: no servers reachable

2005-04-15 08:53:10 ntp-client4: ntpd[5608]: no servers reachable

2005-04-15 09:02:24 ntp-client5: ntpd[28507]: no servers reachable

2005-04-15 09:03:02 ntp-client6: ntpd[307]: no servers reachable

2005-04-15 09:04:21 ntp-client7: ntpd[2518]: no servers reachable

2005-04-15 09:04:45 ntp-client8: ntpd[326]: no servers reachable

2005-04-15 09:06:58 ntp-client9: ntpd[18937]: no servers reachable

2005-04-15 09:07:21 ntp-clienta: ntpd[408]: no servers reachable
```

None of the ntpd client machines seem to be able to sync to the ntpd server machine. I've verified that there are no network problems between the hosts. In fact, the ntpd server machine also acts as a syslog server, and the client machines have no problems logging to it over UDP or TCP.

This exact configuration works at another data center on the machines there. Does anyone have an idea of what the problem might be?

----------

## larand54

This works:

ntp.conf for my server:

```

restrict 127.0.0.1 notrust nomodify notrap

restrict 172.16.68.0 mask 255.255.255.0  nomodify

server ntp1.sp.se

server ntp2.sp.se

server ntp1.mmo.netnod.se

server ntp2.mmo.netnod.se

server ntp1.sth.netnod.se

server ntp2.sth.netnod.se

server ntp1.gbg.netnod.se

driftfile /var/lib/ntp/ntp.drift

logfile /var/log/ntp.log

```

I have a lot of servers for my server  :Wink: 

ntp.conf for one of my clients:

```

restrict default noquery notrust nomodify

restrict 127.0.0.1

restrict 172.16.68.0 mask 255.255.255.0

restrict 172.16.68.1

server 172.16.68.1

driftfile /var/lib/ntp/ntp.drift

logfile /var/log/ntp.log

```

The startup of the server looks:

```
/usr/bin/ntpd -p /var/run/ntpd.pid -u ntp:ntp

```

and for the client:

```
/usr/bin/ntpd -p /var/run/ntpd.pid -u ntp:ntp

```

Hmm looks the same --- of course  :Wink: 

----------

## deanpence

bump

----------

