Hello, According to the domain administrator, the port is open. Could it be an issue with the firewall? iptables -L |grep udp ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW ntp is on the port 123 In zone internal I checked ntp It is all I need? Thank. > > > > > > =========================================================================== > > Patrick DUPRÉ | | email: pdupre@xxxxxxx > > Laboratoire de Physico-Chimie de l'Atmosphère | | > > Université du Littoral-Côte d'Opale | | > > Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 > > 189A, avenue Maurice Schumann | | 59140 Dunkerque, France > > =========================================================================== > > > > > >> Sent: Tuesday, September 08, 2015 at 8:27 PM > >> From: "Rick Stevens" <ricks@xxxxxxxxxxxxxx> > >> To: "Community support for Fedora users" <users@xxxxxxxxxxxxxxxxxxxxxxx> > >> Subject: Re: NTP synchronized: no > >> > >> On 09/08/2015 10:52 AM, Patrick Dupre wrote: > >>> Hello, > >>> > >>> I am not sure to understand. > >>> The previous conclusion was that the firewall did not let me go through. > >>> Now, I have: > >>> :::* 5704/chronyd > >>> [root@Homere ~]# netstat -pna | grep :123 > >>> udp 0 0 193.49.194.196:35562 210.173.160.27:123 ESTABLISHED 5704/chronyd > >>> udp 0 0 193.49.194.196:60225 210.173.160.57:123 ESTABLISHED 5704/chronyd > >>> udp 0 0 193.49.194.196:36218 210.173.160.87:123 ESTABLISHED 5704/chronyd > >>> udp 0 0 193.49.194.196:36803 178.32.54.53:123 ESTABLISHED 5704/chronyd > >>> udp 0 0 193.49.194.196:57367 62.210.85.244:123 ESTABLISHED 5704/chronyd > >>> udp 0 0 0.0.0.0:123 0.0.0.0:* 5704/chronyd > >>> udp 0 0 193.49.194.196:57601 91.121.169.20:123 ESTABLISHED 5704/chronyd > >>> udp 0 0 193.49.194.196:34907 195.83.66.158:123 ESTABLISHED 5704/chronyd > >>> udp6 0 0 :::123 :::* 5704/chronyd > >>> > >>> timedatectl > >>> Local time: Tue 2015-09-08 19:46:24 CEST > >>> Universal time: Tue 2015-09-08 17:46:24 UTC > >>> RTC time: Tue 2015-09-08 17:46:24 > >>> Timezone: Europe/Paris (CEST, +0200) > >>> NTP enabled: yes > >>> NTP synchronized: yes > >>> RTC in local TZ: no > >>> DST active: yes > >>> Last DST change: DST began at > >>> Sun 2015-03-29 01:59:59 CET > >>> Sun 2015-03-29 03:00:00 CEST > >>> Next DST change: DST ends (the clock jumps one hour backwards) at > >>> Sun 2015-10-25 02:59:59 CEST > >>> Sun 2015-10-25 02:00:00 CET > >>> > >>> traceroute -p 123 -U 123.204.45.116 > >>> traceroute to 123.204.45.116 (123.204.45.116), 30 hops max, 60 byte packets > >>> 1 cisco-dk.univ-littoral.fr (193.49.194.1) 1.768 ms 1.944 ms 2.151 ms > >>> 2 192.168.168.203 (192.168.168.203) 0.317 ms 0.417 ms 0.486 ms > >>> 3 * * * > >>> 4 * * * > >>> > >>> It does not looks like that the connection with the time server is established. > >>> However, it says: > >>> NTP synchronized: yes > >>> > >>> On the other side, the machine is 10 s beyond http://www.worldtimeserver.com/ > >> > >> To see what chronyd is doing, run "chronyc -n sources" as the root > >> user. Don't rely on what netstat is telling you. > > > > chronyc -n sources > > 210 Number of sources = 7 > > MS Name/IP address Stratum Poll Reach LastRx Last sample > > =============================================================================== > > ^? 178.32.54.53 0 10 0 10y +0ns[ +0ns] +/- 0ns > > ^? 195.83.66.158 0 10 0 10y +0ns[ +0ns] +/- 0ns > > ^? 91.121.169.20 0 10 0 10y +0ns[ +0ns] +/- 0ns > > ^? 62.210.85.244 0 10 0 10y +0ns[ +0ns] +/- 0ns > > ^? 210.173.160.27 0 10 0 10y +0ns[ +0ns] +/- 0ns > > ^? 210.173.160.57 0 10 0 10y +0ns[ +0ns] +/- 0ns > > ^? 210.173.160.87 0 10 0 10y +0ns[ +0ns] +/- 0ns > > The question marks (and the "LastRx" of 10 years) indicates you can't > contact those servers or the data isn't reliable enough for chronyd to > use. Contact your network administrator. > > >> Here's what I see: > >> > >> [root@prophead ~]# chronyc -n sources > >> 210 Number of sources = 4 > >> MS Name/IP address Stratum Poll Reach LastRx Last sample > >> =============================================================================== > >> ^* 132.163.4.101 1 10 377 316 +5458us[+5379us] +/- > >> 32ms > >> ^- 104.41.150.68 2 10 357 806 -8917us[-8979us] +/- > >> 91ms > >> ^+ 192.155.90.13 2 10 377 912 -12ms[ -12ms] +/- > >> 67ms > >> ^- 198.211.106.151 2 9 377 486 -12ms[ -12ms] +/- > >> 81ms > >> > >> From the chrony docs, the first two columns ("M" and "S") mean: > >> > >> 'M' > >> This indicates the mode of the source. '^' means a server, '=' > >> means a peer and '#' indicates a locally connected reference clock. > >> > >> 'S' > >> This column indicates the state of the sources. '*' indicates the > >> source to which 'chronyd' is currently synchronised. '+' indicates > >> acceptable sources which are combined with the selected source. > >> '-' indicates acceptable sources which are excluded by the > >> combining algorithm. '?' indicates sources to which connectivity > >> has been lost or whose packets don't pass all tests. 'x' indicates > >> a clock which 'chronyd' thinks is is a falseticker (i.e. its time > >> is inconsistent with a majority of other sources). '~' indicates a > >> source whose time appears to have too much variability. The '?' > >> condition is also shown at start-up, until at least 3 samples have > >> been gathered from it. > >> > >> > >> In my case, they're all servers ("M" all show "^") and I'm currently > >> sync'd to 132.163.4.101 (the "*" under "S"). The second and fourth > >> servers listed are "acceptable sources" but excluded based on the > >> combining algorithms. The third item is acceptable on its own. > >> > >> Another useful version is "chronyc activity": > >> > >> [root@prophead ~]# chronyc activity > >> 200 OK > >> 4 sources online > >> 0 sources offline > >> 0 sources doing burst (return to online) > >> 0 sources doing burst (return to offline) > >> 0 sources with unknown address > >> > >> So I see four sources online and available. > >> > >> As others have said, if you're in a university setting it is entirely > >> possible that they want you to use THEIR NTP servers, not ones wild on > >> the net. They may very well block UDP port 123 on their firewalls so > >> your best bet is to ask the admins which NTP servers are available to > >> you. > >> > >> On my corporate firewall, I block NTP for most of my users, but I have > >> NTP services running on my DNS cache servers. That's what the people > >> behind my firewall get access to (and what's configured to be returned > >> on DHCP requests from them). > >> > >>>> Sent: Tuesday, September 08, 2015 at 7:42 PM > >>>> From: "John Pilkington" <J.Pilk@xxxxxxxxx> > >>>> To: users@xxxxxxxxxxxxxxxxxxxxxxx > >>>> Subject: Re: NTP synchronized: no > >>>> > >>>> On 08/09/15 18:02, Rick Stevens wrote: > >>>>> On 09/08/2015 03:27 AM, John Pilkington wrote: > >>>>>> On 08/09/15 10:52, Ed Greshko wrote: > >>>>>>> On 09/08/15 17:29, Patrick Dupre wrote: > >>>>>>>> I cannot synchronize the date: > >>>>>>>> My undestanding is that it should be set by: > >>>>>>>> timedatectl set-ntp yes > >>>>>>>> > >>>>>>>> Here, the results of some commands: > >>>>>>>> > >>>>>>>> netstat -a |grep ntp > >>>>>>>> udp 0 0 localhost.localdo:51314 ns346276.ip-94-23-3:ntp > >>>>>>>> ESTABLISHED > >>>>>>>> udp 0 0 localhost.localdo:39994 tomia.ordimatic.net:ntp > >>>>>>>> ESTABLISHED > >>>>>>>> udp 0 0 localhost.localdo:45035 ntp.tuxfamily.net:ntp > >>>>>>>> ESTABLISHED > >>>>>>>> udp 0 0 localhost.localdo:49209 host3.nuagelibre.or:ntp > >>>>>>>> ESTABLISHED > >>>>>>>> warning, got bogus l2cap line. > >>>>>> > >>>>>> That looks different: here's mine. > >>>>>> > >>>>>> [john@HP_Box ~]$ netstat -a | grep ntp > >>>>>> udp 0 0 0.0.0.0:ntp 0.0.0.0:* > >>>>>> udp6 0 0 [::]:ntp [::]:* > >>>>>> [john@HP_Box ~]$ netstat -a | grep 323 > >>>>>> udp 0 0 localhost:323 0.0.0.0:* > >>>>>> udp6 0 0 localhost:323 [::]:* > >>>>>> plus a few irrelevant responses. > >>>>>> > >>>>>> but ...grep 123 shows nothing that looks relevant. > >>>>>> > >>>>>> Quoting from the faq: > >>>>>> > >>>>>> Perhaps you have a firewall set up in a way that blocks packets on port > >>>>>> 323/udp. You need to amend the firewall configuration in this case. > >>>>> > >>>>> ntp is UDP port 123 as is shown in your output. By default, netstat > >>>>> will translate port numbers to services found in your /etc/services > >>>>> file. If you want to verify it, try "netstat -apn | grep :123" and you > >>>>> should see something on that port: > >>>>> > >>>>> [root@prophead ~]# netstat -pna | grep :123 > >>>>> ... > >>>>> udp 0 0 192.168.1.50:58156 104.41.150.68:123 > >>>>> ESTABLISHED 841/chronyd > >>>>> ... > >>>>> > >>>>> So you can see that chronyd is connected to 104.41.150.68 via UDP port 123. > >>>> > >>>> Thanks Rick. On my system, ( which does have a working chrony setup) I > >>>> see: > >>>> > >>>> $ uname -a > >>>> Linux HP_Box 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Aug 5 14:37:37 CDT > >>>> 2015 x86_64 x86_64 x86_64 GNU/Linux > >>>> > >>>> [john@HP_Box ~]$ netstat -pna | grep :123 > >>>> (Not all processes could be identified, non-owned process info > >>>> will not be shown, you would have to be root to see it all.) > >>>> udp 0 0 0.0.0.0:123 0.0.0.0:* > >>>> - > >>>> udp6 0 0 :::123 :::* > >>>> - > >>>> [john@HP_Box ~]$ su > >>>> Password: > >>>> [root@HP_Box john]# netstat -pna | grep :123 > >>>> udp 0 0 0.0.0.0:123 0.0.0.0:* > >>>> 692/chronyd > >>>> udp6 0 0 :::123 :::* > >>>> 692/chronyd > >>>> [root@HP_Box john]# netstat -pna | grep :323 > >>>> udp 0 0 127.0.0.1:323 0.0.0.0:* > >>>> 692/chronyd > >>>> udp6 0 0 ::1:323 :::* > >>>> 692/chronyd > >>>> [root@HP_Box john]# exit > >>>> exit > >>>> [john@HP_Box ~]$ > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> users mailing list > >>>> users@xxxxxxxxxxxxxxxxxxxxxxx > >>>> To unsubscribe or change subscription options: > >>>> https://admin.fedoraproject.org/mailman/listinfo/users > >>>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > >>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > >>>> Have a question? Ask away: http://ask.fedoraproject.org > >>>> > >> > >> > >> -- > >> ---------------------------------------------------------------------- > >> - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - > >> - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - > >> - - > >> - BASIC is the Computer Science version of `Scientific Creationism' - > >> ---------------------------------------------------------------------- > >> -- > >> users mailing list > >> users@xxxxxxxxxxxxxxxxxxxxxxx > >> To unsubscribe or change subscription options: > >> https://admin.fedoraproject.org/mailman/listinfo/users > >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > >> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > >> Have a question? Ask away: http://ask.fedoraproject.org > >> > > > -- > ---------------------------------------------------------------------- > - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - > - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - > - - > - NEWS FLASH! Intelligence of mankind decreasing! Details at... - > - uh, when, uh, the little hand is, uh, on the... Aw, NUTS! - > ---------------------------------------------------------------------- > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
