# Synchronizing Time (within Windows) from Linux?

## soroh6

I've tried running ntpd and openntpd, Windows just always comes back with An Error blah blah while synchronizing.

Does anyone have this working?

I've tried samba's time server, I've tried opening port 123 and everything, windows refuses to sync off my gentoo box.

----------

## infinite1der

There's a way using the 'net' command... something like `net start w32time` but requires setting the ntp servers in the registry somewhere. A quick google search should give you the exact info.

----------

## soroh6

Depending what you meant; I am trying to synchronize from windows, using a linux server.

The time service is already started in windows, I can sync fine from, for example, time-a.nist.gov, but not from my gentoo server. (And this is *in windows*.  I want windows clients on my network to be able to synchronize from the host (the gentoo server)).

----------

## ewaller

I run a ntpd server on a Linux box that is behind my firewall.  All of my machines (Windows and linux, real and virtual) use that server for a time reference.  

In order for this to work, your NTP daemon must be synchronized to a NTP server and the "stratum" of your NTP server must be lower than that of the Windows box.

using the command ntpdc, you can determine the stratum of your machine.  To do this, use the sub-command 'dmpeers'.  On my server:

```
ewaller@garage ~ $ ntpdc

ntpdc> dmpeers

     remote           local      st poll reach  delay   offset    disp

=======================================================================

*egr-dns-1.egr.u 192.168.0.2      2 1024  377 0.02321 -0.004708 0.13672

ntpdc>

```

  the server (in my garage) is hooked to a machine that is at stratum 2.  The laptop on which I type this is synced to the garage server and is at stratum 3:

```
ewaller@lappy ~ $ ntpdc

ntpdc> dmpeers

     remote           local      st poll reach  delay   offset    disp

=======================================================================

*garage.home     192.168.0.12     3  128  377 0.00395  0.000533 0.08621

ntpdc>                    
```

My Windows box will sync also, but I can't paste a screen shot, but it tells me "the time was successfully synchronized with 192.168.0.2".

If the box in the garage is not synced to an internet server, windows complains about the stratum being insufficient (as happens whenever I lose my internet connection).

In summary:  Ensure the machine to which ou are trying to sync has a sufficiently accurate reference, or Windows will say -- No.[/quote]

----------

## ewaller

Replying to myself---

As much as I hate to admit it, Windows XP does provide reasonable diagnostic information using the 'Computer Mangaement' application under the control panel using:

Computer Management-->SystemTools-->Event Viewer-->System and looking for W32Time entrys.  (I dislike Windows).

Also,  Once your server is connected to a time reference, you will need to allow machines on your network to connect to your daemon.  On my machine (the server in the garage), 

/etc/ntp.conf includes the following:

```
# To allow machines within your network to synchronize

# their clocks with your server, but ensure they are

# not allowed to configure the server or used as peers

# to synchronize against, uncomment this line.

#

restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap

```

----------

## soroh6

I dunno, I can't get it.  10.1.1.0 is my local lan.

```
server time-a.nist.gov

restrict time-a.nist.gov mask 255.255.255.255 nomodify notrap noquery

restrict 127.0.0.1

restrict 10.1.1.0 mask 255.255.255.0 notrust nomodify notrap

# you should not need to modify the following paths

driftfile       /var/lib/ntp/ntp.drift
```

----------

## ewaller

What is the result of:

```
ntpdc -c dmpeers
```

Also, you may need to drop the 'nomodify notrap noquery' from the time-anist.gov server.  You should trust it to change your time  

(if YOU trust .gov, to change your time, of course) 

 *Quote:*   

> server time-a.nist.gov
> 
> restrict time-a.nist.gov mask 255.255.255.255 nomodify notrap noquery 

 

----------

## soroh6

```
logfile /var/log/ntp.log

server time-a.nist.gov

# restrict time-a.nist.gov mask 255.255.255.255 nomodify notrap noquery

restrict 127.0.0.1

restrict 10.1.1.0 mask 255.255.255.0 notrust nomodify notrap

# you should not need to modify the following paths

driftfile       /var/lib/ntp/ntp.drift
```

 */var/log/messages wrote:*   

> Jun 17 06:04:05 fnd02 ntpd[11478]: ntpd 4.2.4p4@1.1520-o Tue Jun 17 04:29:53 UTC 2008 (1)
> 
> Jun 17 06:04:05 fnd02 ntpd[11479]: precision = 1.000 usec
> 
> Jun 17 06:04:05 fnd02 ntpd[11479]: Listening on interface #0 wildcard, 0.0.0.0#123 Disabled
> ...

 

 */var/log/ntp.log wrote:*   

> 17 Jun 06:04:05 ntpd[11479]: frequency initialized -72.456 PPM from /var/lib/ntp/ntp.drift
> 
> 17 Jun 06:08:23 ntpd[11479]: synchronized to 129.6.15.28, stratum 1
> 
> 17 Jun 06:08:23 ntpd[11479]: kernel time sync status change 0001

 

```
     remote           local      st poll reach  delay   offset    disp

=======================================================================

*time-a.nist.gov    EXTERNAL.IP   1   64   77 0.09845  0.024312 0.43571
```

ntpdc was ran after I seen it had synchronised to the time server.  I then tried to sync from windows and got the same error (An error ocurred while Windows was synchronizing with 10.1.1.1).  I also ran ntpdate time-a.nist.gov before starting ntpd as I've seen advised on a few websites.

----------

## ewaller

What is the IP address of the Windows Box?

----------

## soroh6

Ok, I got it.  Thanks for your help.

Been playing with it a bit now.  It was originally completely failing due to the "notrust" option on the lan configuration part.  The manpages say notrust will deny connections unless they are cryptographically signed.  Remove notrust allowed my windows box to at least attempt to sync off the server.

If it's reporting that the peer's stratum is less than the host's stratum, you just have to wait a few minutes until you see a log entry stating ntpd - synchronized to some.server, stratum 1

After that, your windows clients will sync too.  Another thing that I am personally doing now, is editing /etc/conf.d/ntpd and adding -I lo -I br0 (bridge, use eth0 eth1 etc for your LAN) and just using the local server as I have explained it below.  This way ntpd is not querying servers, and is not listening on my external IP address.  I can then just sync the time as I always have on the server, with rdate.  The fudge line sets the stratum of our local server, which has to be low enough for windows to be happy (not sure the actual value).  The burst and iburst options are to help initial sync.

Also, the IP, 127.127.1.0 is an internal NTP thing.  It should not be changed to your LAN ip or etc.

 */var/log/ntp.log wrote:*   

> 17 Jun 07:44:50 ntpd[17351]: synchronized to LOCAL(0), stratum 5
> 
> 17 Jun 07:44:50 ntpd[17351]: kernel time sync status change 0001

 

(you can sync from windows after you see this, shold only take about 1-2 minutes for the local one, 2-10 for remote servers)

```
# allow localhost:

restrict 127.0.0.1

# time servers: (you need one of these, or both)

#server time-a.nist.gov

#restrict time-a.nist.gov nomodify notrap notrust

# ---

# create a local time server

# what this does is will not connect to any official ntp servers, but will connect to "itself" to get the time

# then you don't need to listen on your internet device, by adding -I lo -I ethX (ethX lan device) to conf.d/ntpd

# ---

#server 127.127.1.0 burst iburst

#fudge 127.127.1.0 stratum 5

# allow lan:

restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap

# you should not need to modify the following paths

logfile         /var/log/ntp.log

driftfile       /var/lib/ntp/ntp.drift
```

----------

