On 09/08/2015 11:30 AM, Patrick Dupre wrote:
===========================================================================
Patrick DUPRÉ | | email: pdupre@xxxxxxx
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
Sent: Tuesday, September 08, 2015 at 8:27 PM
From: "Rick Stevens" <ricks@xxxxxxxxxxxxxx>
To: "Community support for Fedora users" <users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: NTP synchronized: no
On 09/08/2015 10:52 AM, Patrick Dupre wrote:
Hello,
I am not sure to understand.
The previous conclusion was that the firewall did not let me go through.
Now, I have:
:::* 5704/chronyd
[root@Homere ~]# netstat -pna | grep :123
udp 0 0 193.49.194.196:35562 210.173.160.27:123 ESTABLISHED 5704/chronyd
udp 0 0 193.49.194.196:60225 210.173.160.57:123 ESTABLISHED 5704/chronyd
udp 0 0 193.49.194.196:36218 210.173.160.87:123 ESTABLISHED 5704/chronyd
udp 0 0 193.49.194.196:36803 178.32.54.53:123 ESTABLISHED 5704/chronyd
udp 0 0 193.49.194.196:57367 62.210.85.244:123 ESTABLISHED 5704/chronyd
udp 0 0 0.0.0.0:123 0.0.0.0:* 5704/chronyd
udp 0 0 193.49.194.196:57601 91.121.169.20:123 ESTABLISHED 5704/chronyd
udp 0 0 193.49.194.196:34907 195.83.66.158:123 ESTABLISHED 5704/chronyd
udp6 0 0 :::123 :::* 5704/chronyd
timedatectl
Local time: Tue 2015-09-08 19:46:24 CEST
Universal time: Tue 2015-09-08 17:46:24 UTC
RTC time: Tue 2015-09-08 17:46:24
Timezone: Europe/Paris (CEST, +0200)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2015-03-29 01:59:59 CET
Sun 2015-03-29 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2015-10-25 02:59:59 CEST
Sun 2015-10-25 02:00:00 CET
traceroute -p 123 -U 123.204.45.116
traceroute to 123.204.45.116 (123.204.45.116), 30 hops max, 60 byte packets
1 cisco-dk.univ-littoral.fr (193.49.194.1) 1.768 ms 1.944 ms 2.151 ms
2 192.168.168.203 (192.168.168.203) 0.317 ms 0.417 ms 0.486 ms
3 * * *
4 * * *
It does not looks like that the connection with the time server is established.
However, it says:
NTP synchronized: yes
On the other side, the machine is 10 s beyond http://www.worldtimeserver.com/
To see what chronyd is doing, run "chronyc -n sources" as the root
user. Don't rely on what netstat is telling you.
chronyc -n sources
210 Number of sources = 7
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 178.32.54.53 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 195.83.66.158 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 91.121.169.20 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 62.210.85.244 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 210.173.160.27 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 210.173.160.57 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 210.173.160.87 0 10 0 10y +0ns[ +0ns] +/- 0ns
The question marks (and the "LastRx" of 10 years) indicates you can't
contact those servers or the data isn't reliable enough for chronyd to
use. Contact your network administrator.
Here's what I see:
[root@prophead ~]# chronyc -n sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 132.163.4.101 1 10 377 316 +5458us[+5379us] +/-
32ms
^- 104.41.150.68 2 10 357 806 -8917us[-8979us] +/-
91ms
^+ 192.155.90.13 2 10 377 912 -12ms[ -12ms] +/-
67ms
^- 198.211.106.151 2 9 377 486 -12ms[ -12ms] +/-
81ms
From the chrony docs, the first two columns ("M" and "S") mean:
'M'
This indicates the mode of the source. '^' means a server, '='
means a peer and '#' indicates a locally connected reference clock.
'S'
This column indicates the state of the sources. '*' indicates the
source to which 'chronyd' is currently synchronised. '+' indicates
acceptable sources which are combined with the selected source.
'-' indicates acceptable sources which are excluded by the
combining algorithm. '?' indicates sources to which connectivity
has been lost or whose packets don't pass all tests. 'x' indicates
a clock which 'chronyd' thinks is is a falseticker (i.e. its time
is inconsistent with a majority of other sources). '~' indicates a
source whose time appears to have too much variability. The '?'
condition is also shown at start-up, until at least 3 samples have
been gathered from it.
In my case, they're all servers ("M" all show "^") and I'm currently
sync'd to 132.163.4.101 (the "*" under "S"). The second and fourth
servers listed are "acceptable sources" but excluded based on the
combining algorithms. The third item is acceptable on its own.
Another useful version is "chronyc activity":
[root@prophead ~]# chronyc activity
200 OK
4 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address
So I see four sources online and available.
As others have said, if you're in a university setting it is entirely
possible that they want you to use THEIR NTP servers, not ones wild on
the net. They may very well block UDP port 123 on their firewalls so
your best bet is to ask the admins which NTP servers are available to
you.
On my corporate firewall, I block NTP for most of my users, but I have
NTP services running on my DNS cache servers. That's what the people
behind my firewall get access to (and what's configured to be returned
on DHCP requests from them).
Sent: Tuesday, September 08, 2015 at 7:42 PM
From: "John Pilkington" <J.Pilk@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: NTP synchronized: no
On 08/09/15 18:02, Rick Stevens wrote:
On 09/08/2015 03:27 AM, John Pilkington wrote:
On 08/09/15 10:52, Ed Greshko wrote:
On 09/08/15 17:29, Patrick Dupre wrote:
I cannot synchronize the date:
My undestanding is that it should be set by:
timedatectl set-ntp yes
Here, the results of some commands:
netstat -a |grep ntp
udp 0 0 localhost.localdo:51314 ns346276.ip-94-23-3:ntp
ESTABLISHED
udp 0 0 localhost.localdo:39994 tomia.ordimatic.net:ntp
ESTABLISHED
udp 0 0 localhost.localdo:45035 ntp.tuxfamily.net:ntp
ESTABLISHED
udp 0 0 localhost.localdo:49209 host3.nuagelibre.or:ntp
ESTABLISHED
warning, got bogus l2cap line.
That looks different: here's mine.
[john@HP_Box ~]$ netstat -a | grep ntp
udp 0 0 0.0.0.0:ntp 0.0.0.0:*
udp6 0 0 [::]:ntp [::]:*
[john@HP_Box ~]$ netstat -a | grep 323
udp 0 0 localhost:323 0.0.0.0:*
udp6 0 0 localhost:323 [::]:*
plus a few irrelevant responses.
but ...grep 123 shows nothing that looks relevant.
Quoting from the faq:
Perhaps you have a firewall set up in a way that blocks packets on port
323/udp. You need to amend the firewall configuration in this case.
ntp is UDP port 123 as is shown in your output. By default, netstat
will translate port numbers to services found in your /etc/services
file. If you want to verify it, try "netstat -apn | grep :123" and you
should see something on that port:
[root@prophead ~]# netstat -pna | grep :123
...
udp 0 0 192.168.1.50:58156 104.41.150.68:123
ESTABLISHED 841/chronyd
...
So you can see that chronyd is connected to 104.41.150.68 via UDP port 123.
Thanks Rick. On my system, ( which does have a working chrony setup) I
see:
$ uname -a
Linux HP_Box 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Aug 5 14:37:37 CDT
2015 x86_64 x86_64 x86_64 GNU/Linux
[john@HP_Box ~]$ netstat -pna | grep :123
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
udp 0 0 0.0.0.0:123 0.0.0.0:*
-
udp6 0 0 :::123 :::*
-
[john@HP_Box ~]$ su
Password:
[root@HP_Box john]# netstat -pna | grep :123
udp 0 0 0.0.0.0:123 0.0.0.0:*
692/chronyd
udp6 0 0 :::123 :::*
692/chronyd
[root@HP_Box john]# netstat -pna | grep :323
udp 0 0 127.0.0.1:323 0.0.0.0:*
692/chronyd
udp6 0 0 ::1:323 :::*
692/chronyd
[root@HP_Box john]# exit
exit
[john@HP_Box ~]$
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- BASIC is the Computer Science version of `Scientific Creationism' -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- NEWS FLASH! Intelligence of mankind decreasing! Details at... -
- uh, when, uh, the little hand is, uh, on the... Aw, NUTS! -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
