Re: NTP synchronized: no

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

According to the domain administrator, the port is open.
Could it be an issue with the firewall?

iptables -L |grep udp
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipp ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipp ctstate NEW

ntp is on the port 123

In zone internal I checked ntp

It is all I need?

Thank.


> >
> >
> > ===========================================================================
> >   Patrick DUPRÉ                                 | | email: pdupre@xxxxxxx
> >   Laboratoire de Physico-Chimie de l'Atmosphère | |
> >   Université du Littoral-Côte d'Opale           | |
> >   Tel.  (33)-(0)3 28 23 76 12                   | | Fax: 03 28 65 82 44
> >   189A, avenue Maurice Schumann                 | | 59140 Dunkerque, France
> > ===========================================================================
> >
> >
> >> Sent: Tuesday, September 08, 2015 at 8:27 PM
> >> From: "Rick Stevens" <ricks@xxxxxxxxxxxxxx>
> >> To: "Community support for Fedora users" <users@xxxxxxxxxxxxxxxxxxxxxxx>
> >> Subject: Re: NTP synchronized: no
> >>
> >> On 09/08/2015 10:52 AM, Patrick Dupre wrote:
> >>> Hello,
> >>>
> >>> I am not sure to understand.
> >>> The previous conclusion was that the firewall did not let me go through.
> >>> Now, I have:
> >>>                    :::*                                5704/chronyd
> >>> [root@Homere ~]# netstat -pna | grep :123
> >>> udp        0      0 193.49.194.196:35562    210.173.160.27:123      ESTABLISHED 5704/chronyd
> >>> udp        0      0 193.49.194.196:60225    210.173.160.57:123      ESTABLISHED 5704/chronyd
> >>> udp        0      0 193.49.194.196:36218    210.173.160.87:123      ESTABLISHED 5704/chronyd
> >>> udp        0      0 193.49.194.196:36803    178.32.54.53:123        ESTABLISHED 5704/chronyd
> >>> udp        0      0 193.49.194.196:57367    62.210.85.244:123       ESTABLISHED 5704/chronyd
> >>> udp        0      0 0.0.0.0:123             0.0.0.0:*                           5704/chronyd
> >>> udp        0      0 193.49.194.196:57601    91.121.169.20:123       ESTABLISHED 5704/chronyd
> >>> udp        0      0 193.49.194.196:34907    195.83.66.158:123       ESTABLISHED 5704/chronyd
> >>> udp6       0      0 :::123                  :::*                                5704/chronyd
> >>>
> >>> timedatectl
> >>>         Local time: Tue 2015-09-08 19:46:24 CEST
> >>>     Universal time: Tue 2015-09-08 17:46:24 UTC
> >>>           RTC time: Tue 2015-09-08 17:46:24
> >>>           Timezone: Europe/Paris (CEST, +0200)
> >>>        NTP enabled: yes
> >>> NTP synchronized: yes
> >>>    RTC in local TZ: no
> >>>         DST active: yes
> >>>    Last DST change: DST began at
> >>>                     Sun 2015-03-29 01:59:59 CET
> >>>                     Sun 2015-03-29 03:00:00 CEST
> >>>    Next DST change: DST ends (the clock jumps one hour backwards) at
> >>>                     Sun 2015-10-25 02:59:59 CEST
> >>>                     Sun 2015-10-25 02:00:00 CET
> >>>
> >>> traceroute -p 123 -U 123.204.45.116
> >>> traceroute to 123.204.45.116 (123.204.45.116), 30 hops max, 60 byte packets
> >>>    1  cisco-dk.univ-littoral.fr (193.49.194.1)  1.768 ms  1.944 ms  2.151 ms
> >>>    2  192.168.168.203 (192.168.168.203)  0.317 ms  0.417 ms  0.486 ms
> >>>    3  * * *
> >>>    4  * * *
> >>>
> >>> It does not looks like that the connection with the time server is established.
> >>> However, it says:
> >>> NTP synchronized: yes
> >>>
> >>> On the other side, the machine is 10 s beyond http://www.worldtimeserver.com/
> >>
> >> To see what chronyd is doing, run "chronyc -n sources" as the root
> >> user. Don't rely on what netstat is telling you.
> >
> > chronyc -n sources
> > 210 Number of sources = 7
> > MS Name/IP address         Stratum Poll Reach LastRx Last sample
> > ===============================================================================
> > ^? 178.32.54.53                  0  10     0   10y     +0ns[   +0ns] +/-    0ns
> > ^? 195.83.66.158                 0  10     0   10y     +0ns[   +0ns] +/-    0ns
> > ^? 91.121.169.20                 0  10     0   10y     +0ns[   +0ns] +/-    0ns
> > ^? 62.210.85.244                 0  10     0   10y     +0ns[   +0ns] +/-    0ns
> > ^? 210.173.160.27                0  10     0   10y     +0ns[   +0ns] +/-    0ns
> > ^? 210.173.160.57                0  10     0   10y     +0ns[   +0ns] +/-    0ns
> > ^? 210.173.160.87                0  10     0   10y     +0ns[   +0ns] +/-    0ns
> 
> The question marks (and the "LastRx" of 10 years) indicates you can't
> contact those servers or the data isn't reliable enough for chronyd to
> use. Contact your network administrator.
> 
> >> Here's what I see:
> >>
> >> [root@prophead ~]# chronyc -n sources
> >> 210 Number of sources = 4
> >> MS Name/IP address         Stratum Poll Reach LastRx Last sample
> >> ===============================================================================
> >> ^* 132.163.4.101                 1  10   377   316  +5458us[+5379us] +/-
> >>     32ms
> >> ^- 104.41.150.68                 2  10   357   806  -8917us[-8979us] +/-
> >>     91ms
> >> ^+ 192.155.90.13                 2  10   377   912    -12ms[  -12ms] +/-
> >>     67ms
> >> ^- 198.211.106.151               2   9   377   486    -12ms[  -12ms] +/-
> >>     81ms
> >>
> >>   From the chrony docs, the first two columns ("M" and "S") mean:
> >>
> >> 'M'
> >>        This indicates the mode of the source.  '^' means a server, '='
> >>        means a peer and '#' indicates a locally connected reference clock.
> >>
> >> 'S'
> >>        This column indicates the state of the sources.  '*' indicates the
> >>        source to which 'chronyd' is currently synchronised.  '+' indicates
> >>        acceptable sources which are combined with the selected source.
> >>        '-' indicates acceptable sources which are excluded by the
> >>        combining algorithm.  '?' indicates sources to which connectivity
> >>        has been lost or whose packets don't pass all tests.  'x' indicates
> >>        a clock which 'chronyd' thinks is is a falseticker (i.e.  its time
> >>        is inconsistent with a majority of other sources).  '~' indicates a
> >>        source whose time appears to have too much variability.  The '?'
> >>        condition is also shown at start-up, until at least 3 samples have
> >>        been gathered from it.
> >>
> >>
> >> In my case, they're all servers ("M" all show "^") and I'm currently
> >> sync'd to 132.163.4.101 (the "*" under "S"). The second and fourth
> >> servers listed are "acceptable sources" but excluded based on the
> >> combining algorithms. The third item is acceptable on its own.
> >>
> >> Another useful version is "chronyc activity":
> >>
> >> [root@prophead ~]# chronyc activity
> >> 200 OK
> >> 4 sources online
> >> 0 sources offline
> >> 0 sources doing burst (return to online)
> >> 0 sources doing burst (return to offline)
> >> 0 sources with unknown address
> >>
> >> So I see four sources online and available.
> >>
> >> As others have said, if you're in a university setting it is entirely
> >> possible that they want you to use THEIR NTP servers, not ones wild on
> >> the net. They may very well block UDP port 123 on their firewalls so
> >> your best bet is to ask the admins which NTP servers are available to
> >> you.
> >>
> >> On my corporate firewall, I block NTP for most of my users, but I have
> >> NTP services running on my DNS cache servers. That's what the people
> >> behind my firewall get access to (and what's configured to be returned
> >> on DHCP requests from them).
> >>
> >>>> Sent: Tuesday, September 08, 2015 at 7:42 PM
> >>>> From: "John Pilkington" <J.Pilk@xxxxxxxxx>
> >>>> To: users@xxxxxxxxxxxxxxxxxxxxxxx
> >>>> Subject: Re: NTP synchronized: no
> >>>>
> >>>> On 08/09/15 18:02, Rick Stevens wrote:
> >>>>> On 09/08/2015 03:27 AM, John Pilkington wrote:
> >>>>>> On 08/09/15 10:52, Ed Greshko wrote:
> >>>>>>> On 09/08/15 17:29, Patrick Dupre wrote:
> >>>>>>>> I cannot synchronize the date:
> >>>>>>>> My undestanding is that it should be set by:
> >>>>>>>> timedatectl set-ntp yes
> >>>>>>>>
> >>>>>>>> Here, the results of some commands:
> >>>>>>>>
> >>>>>>>> netstat -a |grep ntp
> >>>>>>>> udp        0      0 localhost.localdo:51314 ns346276.ip-94-23-3:ntp
> >>>>>>>> ESTABLISHED
> >>>>>>>> udp        0      0 localhost.localdo:39994 tomia.ordimatic.net:ntp
> >>>>>>>> ESTABLISHED
> >>>>>>>> udp        0      0 localhost.localdo:45035 ntp.tuxfamily.net:ntp
> >>>>>>>> ESTABLISHED
> >>>>>>>> udp        0      0 localhost.localdo:49209 host3.nuagelibre.or:ntp
> >>>>>>>> ESTABLISHED
> >>>>>>>> warning, got bogus l2cap line.
> >>>>>>
> >>>>>> That looks different: here's mine.
> >>>>>>
> >>>>>> [john@HP_Box ~]$ netstat -a | grep ntp
> >>>>>> udp        0      0 0.0.0.0:ntp             0.0.0.0:*
> >>>>>> udp6       0      0 [::]:ntp                [::]:*
> >>>>>> [john@HP_Box ~]$ netstat -a | grep 323
> >>>>>> udp        0      0 localhost:323           0.0.0.0:*
> >>>>>> udp6       0      0 localhost:323           [::]:*
> >>>>>> plus a few irrelevant responses.
> >>>>>>
> >>>>>> but ...grep 123 shows nothing that looks relevant.
> >>>>>>
> >>>>>> Quoting from the faq:
> >>>>>>
> >>>>>> Perhaps you have a firewall set up in a way that blocks packets on port
> >>>>>> 323/udp.  You need to amend the firewall configuration in this case.
> >>>>>
> >>>>> ntp is UDP port 123 as is shown in your output. By default, netstat
> >>>>> will translate port numbers to services found in your /etc/services
> >>>>> file. If you want to verify it, try "netstat -apn | grep :123" and you
> >>>>> should see something on that port:
> >>>>>
> >>>>> [root@prophead ~]# netstat -pna | grep :123
> >>>>> ...
> >>>>> udp        0      0 192.168.1.50:58156      104.41.150.68:123
> >>>>> ESTABLISHED 841/chronyd
> >>>>> ...
> >>>>>
> >>>>> So you can see that chronyd is connected to 104.41.150.68 via UDP port 123.
> >>>>
> >>>> Thanks Rick.  On my system, ( which does have a working chrony setup)  I
> >>>> see:
> >>>>
> >>>> $ uname -a
> >>>> Linux HP_Box 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Aug 5 14:37:37 CDT
> >>>> 2015 x86_64 x86_64 x86_64 GNU/Linux
> >>>>
> >>>> [john@HP_Box ~]$ netstat -pna | grep :123
> >>>> (Not all processes could be identified, non-owned process info
> >>>>     will not be shown, you would have to be root to see it all.)
> >>>> udp        0      0 0.0.0.0:123             0.0.0.0:*
> >>>>            -
> >>>> udp6       0      0 :::123                  :::*
> >>>>            -
> >>>> [john@HP_Box ~]$ su
> >>>> Password:
> >>>> [root@HP_Box john]# netstat -pna | grep :123
> >>>> udp        0      0 0.0.0.0:123             0.0.0.0:*
> >>>>            692/chronyd
> >>>> udp6       0      0 :::123                  :::*
> >>>>            692/chronyd
> >>>> [root@HP_Box john]# netstat -pna | grep :323
> >>>> udp        0      0 127.0.0.1:323           0.0.0.0:*
> >>>>            692/chronyd
> >>>> udp6       0      0 ::1:323                 :::*
> >>>>            692/chronyd
> >>>> [root@HP_Box john]# exit
> >>>> exit
> >>>> [john@HP_Box ~]$
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> users mailing list
> >>>> users@xxxxxxxxxxxxxxxxxxxxxxx
> >>>> To unsubscribe or change subscription options:
> >>>> https://admin.fedoraproject.org/mailman/listinfo/users
> >>>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> >>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> >>>> Have a question? Ask away: http://ask.fedoraproject.org
> >>>>
> >>
> >>
> >> --
> >> ----------------------------------------------------------------------
> >> - Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
> >> - AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
> >> -                                                                    -
> >> -  BASIC is the Computer Science version of `Scientific Creationism' -
> >> ----------------------------------------------------------------------
> >> --
> >> users mailing list
> >> users@xxxxxxxxxxxxxxxxxxxxxxx
> >> To unsubscribe or change subscription options:
> >> https://admin.fedoraproject.org/mailman/listinfo/users
> >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> >> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> >> Have a question? Ask away: http://ask.fedoraproject.org
> >>
> 
> 
> -- 
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
> - AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
> -                                                                    -
> -   NEWS FLASH! Intelligence of mankind decreasing!  Details at...   -
> -     uh, when, uh, the little hand is, uh, on the...  Aw, NUTS!     -
> ----------------------------------------------------------------------
> -- 
> users mailing list
> users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux