# [Solved] ntp client does not see the ntp server

## NP_complete

I just set up my first Gentoo-based router, and I would like

to run an NTP server on it.  For some reason, the server

is completely invisible from the LAN.  Here is a snippet of

what the wireshark gives me when I execute

"ntpdate 192.168.0.1" on the client:

No.     Time        Source                Destination           Protocol Info

      1 0.000000    192.168.0.170         192.168.0.1           NTP      NTP client

Frame 1 (90 bytes on wire, 90 bytes captured)

Ethernet II, Src: CompalCo_de:dd:73 (00:16:d4:de:dd:73), Dst: D-Link_d5:73:33 (00:1c:f0:d5:73:33)

Internet Protocol, Src: 192.168.0.170 (192.168.0.170), Dst: 192.168.0.1 (192.168.0.1)

User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)

Network Time Protocol

    Flags: 0xe3

    Peer Clock Stratum: unspecified or unavailable (0)

Frame 2 (90 bytes on wire, 90 bytes captured)

Ethernet II, Src: D-Link_d5:73:33 (00:1c:f0:d5:73:33), Dst: CompalCo_de:dd:73 (00:16:d4:de:dd:73)

Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.170 (192.168.0.170)

User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)

Network Time Protocol

    Flags: 0xe4

    Peer Clock Stratum: unspecified or unavailable (0)

Frame 3 (90 bytes on wire, 90 bytes captured)

Ethernet II, Src: CompalCo_de:dd:73 (00:16:d4:de:dd:73), Dst: D-Link_d5:73:33 (00:1c:f0:d5:73:33)

Internet Protocol, Src: 192.168.0.170 (192.168.0.170), Dst: 192.168.0.1 (192.168.0.1)

User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)

Network Time Protocol

    Flags: 0xe3

    Peer Clock Stratum: unspecified or unavailable (0)

By contrast, when I execute "ntpdate 0.gentoo.pool.ntp.org" on the client, I get

this:

Frame 1 (90 bytes on wire, 90 bytes captured)

Ethernet II, Src: CompalCo_de:dd:73 (00:16:d4:de:dd:73), Dst: D-Link_d5:73:33 (00:1c:f0:d5:73:33)

Internet Protocol, Src: 192.168.0.170 (192.168.0.170), Dst: 75.144.70.35 (75.144.70.35)

User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)

Network Time Protocol

    Flags: 0xe3

    Peer Clock Stratum: unspecified or unavailable (0)

Frame 2 (90 bytes on wire, 90 bytes captured)

Ethernet II, Src: CompalCo_de:dd:73 (00:16:d4:de:dd:73), Dst: D-Link_d5:73:33 (00:1c:f0:d5:73:33)

Internet Protocol, Src: 192.168.0.170 (192.168.0.170), Dst: 63.211.239.58 (63.211.239.58)

User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)

Network Time Protocol

    Flags: 0xe3

    Peer Clock Stratum: unspecified or unavailable (0)

Frame 3 (90 bytes on wire, 90 bytes captured)

Ethernet II, Src: D-Link_d5:73:33 (00:1c:f0:d5:73:33), Dst: CompalCo_de:dd:73 (00:16:d4:de:dd:73)

Internet Protocol, Src: 63.211.239.58 (63.211.239.58), Dst: 192.168.0.170 (192.168.0.170)

User Datagram Protocol, Src Port: ntp (123), Dst Port: ntp (123)

Network Time Protocol

    Flags: 0x24

    Peer Clock Stratum: secondary reference (2)

In other words, in the first snippet, this magic thing called stratum remains 0,

whereas in the second case, it eventually gets set to some other value.  It

would seem like my server is misconfigured and sends wrong stratum

information to the client.

My ntp.conf looks like this:

# Pools for Gentoo users

server 0.gentoo.pool.ntp.org

server 1.gentoo.pool.ntp.org

server 2.gentoo.pool.ntp.org

server 3.gentoo.pool.ntp.org

driftfile	/var/lib/ntp/ntp.drift

restrict default ignore

restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap

restrict 127.0.0.1 nomodify

logfile /var/log/ntp.log

Thanks very much in advance!Last edited by NP_complete on Mon Mar 30, 2009 11:27 pm; edited 1 time in total

----------

## TheAbu

These settings are working for me :

Clients:

```
driftfile       /var/lib/ntp/ntp.drift

# My ntp server (local network)

server rosenfolje.kaliope       iburst

restrict default nomodify nopeer

restrict 127.0.0.1

```

Server:

```
# Pools for Gentoo users

server 0.gentoo.pool.ntp.org

server 1.gentoo.pool.ntp.org

server 2.gentoo.pool.ntp.org

server 3.gentoo.pool.ntp.org

driftfile       /var/lib/ntp/ntp.drift

restrict default nomodify nopeer

restrict 127.0.0.1

restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap

```

What happen if you type "ntpq -p" on one of your client ? Do you see the IP of your server or nothing at all ?

You probably have read it already, but this is excellent : http://en.gentoo-wiki.com/wiki/NTP

----------

## disi

In the conf file I think this makes the server not respond:

```
# If you want to deny all machines (including your own)

# from accessing the NTP server, uncomment:

#restrict default ignore
```

then I have this line:

```
# To allow machines within your network to synchronize

# their clocks with your server, but ensure they are

# not allowed to configure the server or used as peers

# to synchronize against, uncomment this line.

#

restrict 192.168.1.0 mask 255.255.255.0 nomodify nopeer notrap
```

----------

## NP_complete

Dear TheAbu and disi,

I tried your suggestions out but didn't get very far.  It is obvious that

the server is running:

# ps uax | grep ntpd

root      4849  0.0  0.5   3924  1156 ?        Ss   14:49   0:00 /usr/sbin/ntpd -p /var/run/ntpd.pid

However,

$ ssh 192.168.0.1 -p 123

ssh: connect to host 192.168.0.1 port 123: Connection refused

$ ntpq -p

ntpq: read: Connection refused

$ sudo ntpdate -d 192.168.0.1

30 Mar 15:54:30 ntpdate[11549]: ntpdate 4.2.4p4@1.1520-o Tue Jan  6 15:54:49 UTC 2009 (1)

transmit(192.168.0.1)

receive(192.168.0.1)

transmit(192.168.0.1)

receive(192.168.0.1)

transmit(192.168.0.1)

receive(192.168.0.1)

transmit(192.168.0.1)

receive(192.168.0.1)

transmit(192.168.0.1)

192.168.0.1: Server dropped: strata too high

server 192.168.0.1, port 123

stratum 16, precision -20, leap 11, trust 000

refid [192.168.0.1], delay 0.02586, dispersion 0.00000

transmitted 4, in filter 4

reference time:    00000000.00000000  Thu, Feb  7 2036  1:28:16.000

originate timestamp: cd7ba1f5.73944014  Mon, Mar 30 2009 15:54:29.451

transmit timestamp:  cd7ba1f6.28de4c51  Mon, Mar 30 2009 15:54:30.159

filter delay:  0.02592  0.02588  0.02586  0.02586 

         0.00000  0.00000  0.00000  0.00000 

filter offset: -0.70831 -0.70832 -0.70832 -0.70832

         0.000000 0.000000 0.000000 0.000000

delay 0.02586, dispersion 0.00000

offset -0.708325

30 Mar 15:54:30 ntpdate[11549]: no server suitable for synchronization found

Turning off the firewall didn't change anything, so the firewall is not to blame.

----------

## TheAbu

Ok, this might be a totally stupid suggestion but since it already happened to me  :Smile:  A week ago, I had the time set wrong on one of my computer (by wrong I mean, off by more than one hour) and I got "connection refused" with ntpq -c  until I set the time right again by hand. I'm not saying it's the problem you have, just trying to go through all possibilities  :Smile: 

Another thing, if using caps, you need a "enable different security..." set in the kernel (not sure it's still relevant though, it seems it's not needed anymore with kernel 2.6.28.

----------

## NP_complete

TheAbu,

Thanks.  I, actually, don't have any time accuracy-related issues

on the router.

Do you happen to know if there is any way to make the ntpd server

more verbose so it would log all the incoming requests, as well

as how these requests were handled?  I just want to use a more

definitive debugging strategy rather than shooting in the dark.

***UPDATE:***

Solved it.  Here is the configuration that appears to work:

server 0.gentoo.pool.ntp.org iburst

server 1.gentoo.pool.ntp.org iburst

server 2.gentoo.pool.ntp.org iburst

server 3.gentoo.pool.ntp.org iburst

driftfile       /var/lib/ntp/ntp.drift

logfile /var/log/ntp.log

restrict default nomodify

restrict 0.gentoo.pool.ntp.org

restrict 1.gentoo.pool.ntp.org

restrict 2.gentoo.pool.ntp.org

restrict 3.gentoo.pool.ntp.org

restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap

Well, troubleshooting the NTP infrastruc doesn't appear

to be the sexiest one, after all.  (Smile).  Thanks for everyone's help!

----------

