Re: NTP synchronized: no

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/08/2015 11:30 AM, Patrick Dupre wrote:


===========================================================================
  Patrick DUPRÉ                                 | | email: pdupre@xxxxxxx
  Laboratoire de Physico-Chimie de l'Atmosphère | |
  Université du Littoral-Côte d'Opale           | |
  Tel.  (33)-(0)3 28 23 76 12                   | | Fax: 03 28 65 82 44
  189A, avenue Maurice Schumann                 | | 59140 Dunkerque, France
===========================================================================


Sent: Tuesday, September 08, 2015 at 8:27 PM
From: "Rick Stevens" <ricks@xxxxxxxxxxxxxx>
To: "Community support for Fedora users" <users@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: NTP synchronized: no

On 09/08/2015 10:52 AM, Patrick Dupre wrote:
Hello,

I am not sure to understand.
The previous conclusion was that the firewall did not let me go through.
Now, I have:
                   :::*                                5704/chronyd
[root@Homere ~]# netstat -pna | grep :123
udp        0      0 193.49.194.196:35562    210.173.160.27:123      ESTABLISHED 5704/chronyd
udp        0      0 193.49.194.196:60225    210.173.160.57:123      ESTABLISHED 5704/chronyd
udp        0      0 193.49.194.196:36218    210.173.160.87:123      ESTABLISHED 5704/chronyd
udp        0      0 193.49.194.196:36803    178.32.54.53:123        ESTABLISHED 5704/chronyd
udp        0      0 193.49.194.196:57367    62.210.85.244:123       ESTABLISHED 5704/chronyd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           5704/chronyd
udp        0      0 193.49.194.196:57601    91.121.169.20:123       ESTABLISHED 5704/chronyd
udp        0      0 193.49.194.196:34907    195.83.66.158:123       ESTABLISHED 5704/chronyd
udp6       0      0 :::123                  :::*                                5704/chronyd

timedatectl
        Local time: Tue 2015-09-08 19:46:24 CEST
    Universal time: Tue 2015-09-08 17:46:24 UTC
          RTC time: Tue 2015-09-08 17:46:24
          Timezone: Europe/Paris (CEST, +0200)
       NTP enabled: yes
NTP synchronized: yes
   RTC in local TZ: no
        DST active: yes
   Last DST change: DST began at
                    Sun 2015-03-29 01:59:59 CET
                    Sun 2015-03-29 03:00:00 CEST
   Next DST change: DST ends (the clock jumps one hour backwards) at
                    Sun 2015-10-25 02:59:59 CEST
                    Sun 2015-10-25 02:00:00 CET

traceroute -p 123 -U 123.204.45.116
traceroute to 123.204.45.116 (123.204.45.116), 30 hops max, 60 byte packets
   1  cisco-dk.univ-littoral.fr (193.49.194.1)  1.768 ms  1.944 ms  2.151 ms
   2  192.168.168.203 (192.168.168.203)  0.317 ms  0.417 ms  0.486 ms
   3  * * *
   4  * * *

It does not looks like that the connection with the time server is established.
However, it says:
NTP synchronized: yes

On the other side, the machine is 10 s beyond http://www.worldtimeserver.com/

To see what chronyd is doing, run "chronyc -n sources" as the root
user. Don't rely on what netstat is telling you.

chronyc -n sources
210 Number of sources = 7
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? 178.32.54.53                  0  10     0   10y     +0ns[   +0ns] +/-    0ns
^? 195.83.66.158                 0  10     0   10y     +0ns[   +0ns] +/-    0ns
^? 91.121.169.20                 0  10     0   10y     +0ns[   +0ns] +/-    0ns
^? 62.210.85.244                 0  10     0   10y     +0ns[   +0ns] +/-    0ns
^? 210.173.160.27                0  10     0   10y     +0ns[   +0ns] +/-    0ns
^? 210.173.160.57                0  10     0   10y     +0ns[   +0ns] +/-    0ns
^? 210.173.160.87                0  10     0   10y     +0ns[   +0ns] +/-    0ns

The question marks (and the "LastRx" of 10 years) indicates you can't
contact those servers or the data isn't reliable enough for chronyd to
use. Contact your network administrator.

Here's what I see:

[root@prophead ~]# chronyc -n sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 132.163.4.101                 1  10   377   316  +5458us[+5379us] +/-
    32ms
^- 104.41.150.68                 2  10   357   806  -8917us[-8979us] +/-
    91ms
^+ 192.155.90.13                 2  10   377   912    -12ms[  -12ms] +/-
    67ms
^- 198.211.106.151               2   9   377   486    -12ms[  -12ms] +/-
    81ms

  From the chrony docs, the first two columns ("M" and "S") mean:

'M'
       This indicates the mode of the source.  '^' means a server, '='
       means a peer and '#' indicates a locally connected reference clock.

'S'
       This column indicates the state of the sources.  '*' indicates the
       source to which 'chronyd' is currently synchronised.  '+' indicates
       acceptable sources which are combined with the selected source.
       '-' indicates acceptable sources which are excluded by the
       combining algorithm.  '?' indicates sources to which connectivity
       has been lost or whose packets don't pass all tests.  'x' indicates
       a clock which 'chronyd' thinks is is a falseticker (i.e.  its time
       is inconsistent with a majority of other sources).  '~' indicates a
       source whose time appears to have too much variability.  The '?'
       condition is also shown at start-up, until at least 3 samples have
       been gathered from it.


In my case, they're all servers ("M" all show "^") and I'm currently
sync'd to 132.163.4.101 (the "*" under "S"). The second and fourth
servers listed are "acceptable sources" but excluded based on the
combining algorithms. The third item is acceptable on its own.

Another useful version is "chronyc activity":

[root@prophead ~]# chronyc activity
200 OK
4 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

So I see four sources online and available.

As others have said, if you're in a university setting it is entirely
possible that they want you to use THEIR NTP servers, not ones wild on
the net. They may very well block UDP port 123 on their firewalls so
your best bet is to ask the admins which NTP servers are available to
you.

On my corporate firewall, I block NTP for most of my users, but I have
NTP services running on my DNS cache servers. That's what the people
behind my firewall get access to (and what's configured to be returned
on DHCP requests from them).

Sent: Tuesday, September 08, 2015 at 7:42 PM
From: "John Pilkington" <J.Pilk@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: NTP synchronized: no

On 08/09/15 18:02, Rick Stevens wrote:
On 09/08/2015 03:27 AM, John Pilkington wrote:
On 08/09/15 10:52, Ed Greshko wrote:
On 09/08/15 17:29, Patrick Dupre wrote:
I cannot synchronize the date:
My undestanding is that it should be set by:
timedatectl set-ntp yes

Here, the results of some commands:

netstat -a |grep ntp
udp        0      0 localhost.localdo:51314 ns346276.ip-94-23-3:ntp
ESTABLISHED
udp        0      0 localhost.localdo:39994 tomia.ordimatic.net:ntp
ESTABLISHED
udp        0      0 localhost.localdo:45035 ntp.tuxfamily.net:ntp
ESTABLISHED
udp        0      0 localhost.localdo:49209 host3.nuagelibre.or:ntp
ESTABLISHED
warning, got bogus l2cap line.

That looks different: here's mine.

[john@HP_Box ~]$ netstat -a | grep ntp
udp        0      0 0.0.0.0:ntp             0.0.0.0:*
udp6       0      0 [::]:ntp                [::]:*
[john@HP_Box ~]$ netstat -a | grep 323
udp        0      0 localhost:323           0.0.0.0:*
udp6       0      0 localhost:323           [::]:*
plus a few irrelevant responses.

but ...grep 123 shows nothing that looks relevant.

Quoting from the faq:

Perhaps you have a firewall set up in a way that blocks packets on port
323/udp.  You need to amend the firewall configuration in this case.

ntp is UDP port 123 as is shown in your output. By default, netstat
will translate port numbers to services found in your /etc/services
file. If you want to verify it, try "netstat -apn | grep :123" and you
should see something on that port:

[root@prophead ~]# netstat -pna | grep :123
...
udp        0      0 192.168.1.50:58156      104.41.150.68:123
ESTABLISHED 841/chronyd
...

So you can see that chronyd is connected to 104.41.150.68 via UDP port 123.

Thanks Rick.  On my system, ( which does have a working chrony setup)  I
see:

$ uname -a
Linux HP_Box 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Aug 5 14:37:37 CDT
2015 x86_64 x86_64 x86_64 GNU/Linux

[john@HP_Box ~]$ netstat -pna | grep :123
(Not all processes could be identified, non-owned process info
    will not be shown, you would have to be root to see it all.)
udp        0      0 0.0.0.0:123             0.0.0.0:*
           -
udp6       0      0 :::123                  :::*
           -
[john@HP_Box ~]$ su
Password:
[root@HP_Box john]# netstat -pna | grep :123
udp        0      0 0.0.0.0:123             0.0.0.0:*
           692/chronyd
udp6       0      0 :::123                  :::*
           692/chronyd
[root@HP_Box john]# netstat -pna | grep :323
udp        0      0 127.0.0.1:323           0.0.0.0:*
           692/chronyd
udp6       0      0 ::1:323                 :::*
           692/chronyd
[root@HP_Box john]# exit
exit
[john@HP_Box ~]$





--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-  BASIC is the Computer Science version of `Scientific Creationism' -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-   NEWS FLASH! Intelligence of mankind decreasing!  Details at...   -
-     uh, when, uh, the little hand is, uh, on the...  Aw, NUTS!     -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux