# [SOLVED] NTP Error

## SAngeli

Hi,

AMD64 with 64-bit OS.

I installed NTP and it starts fine.

When I type ntpq -p I get the error: ntpq: read: Connection refused

What is wrong? Any idea?

As I recall I did follow the same steps as for other PC.

Thank you,

SpiroLast edited by SAngeli on Wed Jun 08, 2005 2:38 pm; edited 1 time in total

----------

## rutski89

This is what got me synced with ntp on a fresh install just yesterday.

```
ntpdate -b -u pool.ntp.org
```

 I hope this helps.

Peace

----------

## SAngeli

I will try it tomorrow and let you know.

Thank you,

Spiro

----------

## Maedhros

Moved from Installing Gentoo.

----------

## SAngeli

Hi,

no luck. I tried ntpdate -b -u pool.ntp.org which run fine.

Also ntpd loads fine at boot.

But still: ntpq: read: Connection refused 

Any idea?

Thank you,

Spiro

----------

## christsong84

bad conncetion...almost sounds like a firewall issue...does it work if the firewall is down?

----------

## SAngeli

I have two PC on the same network and they both run fine.

Does it have anything to do with IPv6 (although I have no idea of this)?

This is what I fould:

 *Quote:*   

> The easiest command to verify that xntpd is still running is ntpq -p. This command will contact xntpd on the local host, and it will list all configured servers together with some health status. If xntpd is not running, the typical error message is ntpq: read: Connection refused.

 

Could it be? But, I cannot locate /usr/sbin/xntpd? Perhaps I do not have it?

Spiro

----------

## larand54

Maybe you can get an answer here:

https://forums.gentoo.org/viewtopic-t-342476.html

Good luck!

----------

## SAngeli

I had no luck.

I wish to post some data so that you could see better:

from logs:

```
May 29 14:29:19 (none) ntpd[7485]: ntpd 4.2.0@1.1161-r Sat May 28 17:23:49 CEST 2005 (1)

May 29 14:29:19 (none) ntpd[7485]: signal_no_reset: signal 13 had flags 4000000

May 29 14:29:19 (none) ntpd[7485]: precision = 1.000 usec

May 29 14:29:19 (none) ntpd[7485]: kernel time sync status 0040

May 29 14:29:19 (none) ntpd[7485]: configure: keyword "212.204.235.156" unknown, line ignored

May 29 14:29:19 (none) ntpd[7485]: configure: keyword "83.137.103.134" unknown, line ignored

May 29 14:29:19 (none) ntpd[7485]: configure: keyword "213.84.46.114" unknown, line ignored

28 May 16:39:44 ntpd[18167]: frequency error -512 PPM exceeds tolerance 500 PPM

28 May 16:40:47 ntpd[18167]: frequency error -512 PPM exceeds tolerance 500 PPM

28 May 16:42:56 ntpd[18167]: frequency error -504 PPM exceeds tolerance 500 PPM

28 May 17:10:59 ntpd[18167]: time reset +0.559925 s

29 May 14:29:19 ntpd[7485]: cap_set_proc() failed to drop root privileges: Operation not permitted

29 May 14:35:34 ntpd[7609]: cap_set_proc() failed to drop root privileges: Operation not permitted

29 May 14:37:06 ntpd[7605]: cap_set_proc() failed to drop root privileges: Operation not permitted

29 May 14:40:55 ntpd[8263]: cap_set_proc() failed to drop root privileges: Operation not permitted

29 May 22:35:37 ntpd[7601]: cap_set_proc() failed to drop root privileges: Operation not permitted

30 May 11:59:07 ntpd[7564]: cap_set_proc() failed to drop root privileges: Operation not permitted
```

/etc/ntp.conf

```
server  pool.ntp.org            iburst

#server  215 212.204.235.156     iburst

#server  216 83.137.103.134      iburst

#server  245 213.84.46.114       iburst

restrict 127.0.0.1 notrust nomodify

driftfile       /var/lib/ntp/ntp.drift

logfile         /var/log/ntpd.log
```

/etc/conf.d/ntpd

```
# Copyright 1999-2004 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/files/ntpd.confd,v 1.15 2004/07/15 00:05:46 agriffis Exp $

# Options to pass to the ntpd process

# Most people should leave this line alone ...

# however, if you know what you're doing, feel free to tweak

NTPD_OPTS="-u ntp:ntp"
```

/etc/conf.d/ntp-client

```
NTPCLIENT_CMD="ntpdate"

NTPCLIENT_OPTS="-b pool.ntp.org"

NTPCLIENT_TIMEOUT=30

#NTPCLIENT_OPTS="-Q -b -u pool.ntp.org"
```

When I turn the PC off, I get the error ntpd[7736] Failed to stop NTPD....

Please help.

Also, in rc.conf would it be better to set CLOCK="UTC" rather than "local" as I have it?

I was reading that by using UTC in conjunction with /etc/localtime it should report the same time as if I would use "local" Corrent (Y/n)?

Thank you,

Spiro

----------

## plut0

The "Connection refused" error usually means your daemon is not running.  Anyway, by your comment on the shutdown ntpd failing to stop thats what seems to be happening.

----------

## plut0

I use localtime myself.  Do you have the correct timezone set?  Does date -u give the correct time?

----------

## SAngeli

hi plut0,

here is what I get for dates:

As of now, I have "local" and this is what I get:

```
# date -u

Fri Jun  3 13:07:05 UTC 2005

# date

Fri Jun  3 15:07:14 CEST 2005

```

My timezone is properly set.

So, I see two different times. What should I do?

My timezone is Italy and now it is 15:07

As for ntpd, at boot it starts properly.

Here is also my rc-status:

```
  local                  [ started ]

  netmount               [ started ]

  domainname             [ started ]

  net.eth0               [ started ]

  hotplug                [ started ]

  syslog-ng              [ started ]

  ntp-client             [ started ]

  ntpd                   [ started ]

  numlock                [ started ]

  gpm                    [ started ]

  splash                 [ started ]

  sshd                   [ started ]

```

What should I do?

Please help, if you can.

Thanks,

SpiroLast edited by SAngeli on Tue Jun 07, 2005 8:43 pm; edited 1 time in total

----------

## plut0

You see two different times because one is your time and the other is Universal Time.  The UTC should be the same for everybody no matter where you are.  Your times are correct.

I realize that ntpd is set to start at default run level but I don't think it is running.  See if the process is running `ps aux | grep ntpd | grep -v grep`  I suspect the frequency errors is what is causing it to crash.  Can you post the output of `cat /var/lib/ntp/ntp.drift`?

----------

## SAngeli

Hi,

Time: So, as all being correct, should I live it to local or to UTC?

As for ntpd, you are perfectly correct:

ps aux | grep ntpd | grep -v grep

did not return anything.

cat /var/lib/ntp/ntp.drift

-58.220

Spiro

----------

## plut0

```
# Set CLOCK to "UTC" if your system clock is set to UTC (also known as

# Greenwich Mean Time).  If your clock is set to the local time, then set CLOCK

# to "local".  This setting is used by the /etc/init.d/clock script.
```

Leave it as "local", it is easier to read.

----------

## SAngeli

ok for time.

please let me know for ntpd if you are aware of how to solve it.

Thanks,

Spiro

----------

## plut0

I wonder if the problem has to due to your latency to the server.  What is your latency if you `ping pool.ntp.org`?  If that is the problem you might have to search for a server closer to you.

For now, try appending "-x" in NTPD_OPTS in /etc/conf.d/ntpd.

----------

## SAngeli

```
root # ping -c 5 pool.ntp.org

PING pool.ntp.org (62.94.26.10) 56(84) bytes of data.

64 bytes from ip-26-10.sn1.eutelia.it (62.94.26.10): icmp_seq=1 ttl=54 time=98.5 ms

64 bytes from ip-26-10.sn1.eutelia.it (62.94.26.10): icmp_seq=2 ttl=54 time=107 ms

64 bytes from ip-26-10.sn1.eutelia.it (62.94.26.10): icmp_seq=3 ttl=54 time=163 ms

64 bytes from ip-26-10.sn1.eutelia.it (62.94.26.10): icmp_seq=4 ttl=54 time=103 ms

64 bytes from ip-26-10.sn1.eutelia.it (62.94.26.10): icmp_seq=5 ttl=54 time=131 ms

```

Spiro

----------

## F.Ultra

```
failed to drop root privileges: Operation not permitted
```

This means that the ntpd daemon cannot change from beeing root into the ntp:ntp user, and it does therefore quit. And that is why you cannot see it running and why the init.d script cannot kill it (since it is not running).

Perhaps you have no ntp user? Check whats in /etc/passwd there should be a line with "ntp:xx" in it. If everything else fails you can tell ntpd to run as root by changing 

```
NTPD_OPTS="-u ntp:ntp"
```

 into 

```
NTPD_OPTS=""
```

 in /etc/conf.d/ntpd atleast to see if it works that way, it is though not recommended to run ntpd as root.

----------

## SAngeli

Hi,

finaly a right answer!  :Smile: 

This is what I have in this PC:

```
ntp:x:123:123:added by portage for ntp:/dev/null:/bin/false

```

I tried to make the above changes to /etc/conf.d/ntpd and it works. Here is the output:

```
root # ps aux | grep ntpd | grep -v grep

root      8923  0.0  0.5  12564  5272 ?        SLs  10:23   0:00 /usr/bin/ntpd -p /var/run/ntpd.pid

root # ntpq -p

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

*ns3.dns.pciwest 132.163.4.103    2 u   36   64    1  227.995  -72.077   1.973
```

So, this tells me that I have an issue with ntp user. What to do now? Is there anything to do with permissions? Maybe, does it have anything to do with udev?

In stopping ntp services, is the correct sequence ntp-client first and then ntpd?

Thank you,

Spiro

----------

## NeddySeagoon

SAngeli,

I read the thread but can't really add anything - I has problems with ntpd because the accumulater errors were toobe (I switch my PC off at night). I used ntp-date which is a bit of a blunt instument.

You may need to run that at startup before ntpd runs, to fix any gross errors.

----------

## SAngeli

Hi NeddySeagoon,

thank you so much for taking your time and reading about my issue.

could you explani better this part: 

 *Quote:*   

> because the accumulater errors were toobe

 

What is ntp-date?

Thanks,

Spiro

----------

## NeddySeagoon

SAngeli,

ntpd attempts to correct your clock by applying very small corrections frequently. 

It maintains a drift rate file to help it do this.

However, it needs a long time to calibrate your clock against time servers and may fail if you switch the PC off.

It will only correct small errors too. (I forget how much, but less than 1 second)

If you switch your PC off, you can use ntpdate once at power on to fix any errors that are too big for ntpd.

Then ntpd does not quit because the errors are bigger than it can manage.  

ntpdate gets time from a timeserver and updates the clock, no matter what the error.

There is no calibration or frequent small updates, just get time, update clock and exit.

I have a system that looses over 0.5 sec an hour, so I run nptdate every hor in a cron job.

Be aware that stepping the time backwards can cause problems. Linux will complain if it encounters file timestamps in the future.

Make may go wrong too. Its OK to use this as long as time changes are forward.

Heres the script from /etc/cron.hourly 

```
#!/usr/bin/perl

{

        # sync clock

        $ntp = `/usr/sbin/ntpdate -u -t 5 ntp0.zen.co.uk`;

        `logger -f /var/log/everything/current -t timesync "clock sync1: $ntp"`;

        $ntp = substr $ntp, (index $ntp, "offset");

        `logger -f /var/log/everything/current -t timesync "clock sync2: $ntp"`;

        if ($ntp eq '')

        {

                $ntp = "failed3";

        }

        # update hardware clock

        `/sbin/clock --systohc`;

        # write to log

        `logger -f /var/log/everything/current -t timesync "clock sync4: $ntp"`;

}
```

ntp0.zen.co.uk is my ISPs timeserver. It may not be public.

and ntpdate may have moved from /usr/sbin/ntpdate too. so you may need to edit that script before you can use it.

----------

## SAngeli

Hi NeddySeagoon

thank you for the explanation. I assume I am wrong here but should I not solve the ntpq: read: Connection refused first?

One comment above mentioned this:

 *F.Ultra wrote:*   

> failed to drop root privileges: Operation not permitted
> 
> This means that the ntpd daemon cannot change from beeing root into the ntp:ntp user, and it does therefore quit. And that is why you cannot see it running and why the init.d script cannot kill it (since it is not running). 

 

I believe perhaps I need to solve this issue first so that when I can succesfully run ntpd -p then I can investigate if my system loose time or not and then apply your suggestion.

See also this  and portion of the thread that I believe is important to solve: 

What do you think?

Spiro

----------

## hgerstung

Hi Spiro,

just check out this thread:

https://forums.gentoo.org/viewtopic-t-162583.html

It basically says the solution is to load a specific module called "capability" and is related to the CONFIG_SECURITY option(s) in your kernel configuration. 

Kind regards,

Heiko

----------

## SAngeli

Yes,

it solved the issue!!!!  :Very Happy: 

Take care,

Spiro

----------

## hgerstung

Hi Spiro,

great!

Could you do us a favour and edit the subject of your initial post adding a [SOLVED] to it?

And, as I was pointed to this topic from the ntp newsgroup (comp.protocols.time.ntp), it would be nice if you could post a follow up there telling that this solution worked (I posted my reply there, too).

Take care and happy Gentoo'ing and NTP'ing  :Wink: 

Kind regards,

Heiko

----------

## SAngeli

Hi hgerstung.

could you tell me how to setup the newsgroup?

I did subscribe to the mailing list, but because I receive many emails from it I decided to unsubscribe so that I can use newsgroup.

Thank you,

Spiro

----------

## hgerstung

Hi Spiro,

 *SAngeli wrote:*   

> Hi hgerstung.
> 
> could you tell me how to setup the newsgroup?
> 
> I did subscribe to the mailing list, but because I receive many emails from it I decided to unsubscribe so that I can use newsgroup.
> ...

 

That's strongly depending on the news client you want to use. I use Mozillas Thunderbird which is a combined mail and news client. 

Plus you need to find a newsserver you can use, maybe your internet service provider offers such a service. Otherwise you would have to pay for it or find a free one somewhere. 

As an alternative you can check Google Groups which is some kind of a web interface to the newsgroups. Just go to http://groups.google.com and read ahead.

I will tell the comp.protocols.time.ntp people that your NTP is up and running now.

Kind regards,

Heiko

----------

