NTP synchronized: no
Rick Stevens
ricks at alldigital.com
Tue Sep 8 18:27:52 UTC 2015
On 09/08/2015 10:52 AM, Patrick Dupre wrote:
> Hello,
>
> I am not sure to understand.
> The previous conclusion was that the firewall did not let me go through.
> Now, I have:
> :::* 5704/chronyd
> [root at Homere ~]# netstat -pna | grep :123
> udp 0 0 193.49.194.196:35562 210.173.160.27:123 ESTABLISHED 5704/chronyd
> udp 0 0 193.49.194.196:60225 210.173.160.57:123 ESTABLISHED 5704/chronyd
> udp 0 0 193.49.194.196:36218 210.173.160.87:123 ESTABLISHED 5704/chronyd
> udp 0 0 193.49.194.196:36803 178.32.54.53:123 ESTABLISHED 5704/chronyd
> udp 0 0 193.49.194.196:57367 62.210.85.244:123 ESTABLISHED 5704/chronyd
> udp 0 0 0.0.0.0:123 0.0.0.0:* 5704/chronyd
> udp 0 0 193.49.194.196:57601 91.121.169.20:123 ESTABLISHED 5704/chronyd
> udp 0 0 193.49.194.196:34907 195.83.66.158:123 ESTABLISHED 5704/chronyd
> udp6 0 0 :::123 :::* 5704/chronyd
>
> timedatectl
> Local time: Tue 2015-09-08 19:46:24 CEST
> Universal time: Tue 2015-09-08 17:46:24 UTC
> RTC time: Tue 2015-09-08 17:46:24
> Timezone: Europe/Paris (CEST, +0200)
> NTP enabled: yes
> NTP synchronized: yes
> RTC in local TZ: no
> DST active: yes
> Last DST change: DST began at
> Sun 2015-03-29 01:59:59 CET
> Sun 2015-03-29 03:00:00 CEST
> Next DST change: DST ends (the clock jumps one hour backwards) at
> Sun 2015-10-25 02:59:59 CEST
> Sun 2015-10-25 02:00:00 CET
>
> traceroute -p 123 -U 123.204.45.116
> traceroute to 123.204.45.116 (123.204.45.116), 30 hops max, 60 byte packets
> 1 cisco-dk.univ-littoral.fr (193.49.194.1) 1.768 ms 1.944 ms 2.151 ms
> 2 192.168.168.203 (192.168.168.203) 0.317 ms 0.417 ms 0.486 ms
> 3 * * *
> 4 * * *
>
> It does not looks like that the connection with the time server is established.
> However, it says:
> NTP synchronized: yes
>
> On the other side, the machine is 10 s beyond http://www.worldtimeserver.com/
To see what chronyd is doing, run "chronyc -n sources" as the root
user. Don't rely on what netstat is telling you.
Here's what I see:
[root at prophead ~]# chronyc -n sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 132.163.4.101 1 10 377 316 +5458us[+5379us] +/-
32ms
^- 104.41.150.68 2 10 357 806 -8917us[-8979us] +/-
91ms
^+ 192.155.90.13 2 10 377 912 -12ms[ -12ms] +/-
67ms
^- 198.211.106.151 2 9 377 486 -12ms[ -12ms] +/-
81ms
From the chrony docs, the first two columns ("M" and "S") mean:
'M'
This indicates the mode of the source. '^' means a server, '='
means a peer and '#' indicates a locally connected reference clock.
'S'
This column indicates the state of the sources. '*' indicates the
source to which 'chronyd' is currently synchronised. '+' indicates
acceptable sources which are combined with the selected source.
'-' indicates acceptable sources which are excluded by the
combining algorithm. '?' indicates sources to which connectivity
has been lost or whose packets don't pass all tests. 'x' indicates
a clock which 'chronyd' thinks is is a falseticker (i.e. its time
is inconsistent with a majority of other sources). '~' indicates a
source whose time appears to have too much variability. The '?'
condition is also shown at start-up, until at least 3 samples have
been gathered from it.
In my case, they're all servers ("M" all show "^") and I'm currently
sync'd to 132.163.4.101 (the "*" under "S"). The second and fourth
servers listed are "acceptable sources" but excluded based on the
combining algorithms. The third item is acceptable on its own.
Another useful version is "chronyc activity":
[root at prophead ~]# chronyc activity
200 OK
4 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address
So I see four sources online and available.
As others have said, if you're in a university setting it is entirely
possible that they want you to use THEIR NTP servers, not ones wild on
the net. They may very well block UDP port 123 on their firewalls so
your best bet is to ask the admins which NTP servers are available to
you.
On my corporate firewall, I block NTP for most of my users, but I have
NTP services running on my DNS cache servers. That's what the people
behind my firewall get access to (and what's configured to be returned
on DHCP requests from them).
>> Sent: Tuesday, September 08, 2015 at 7:42 PM
>> From: "John Pilkington" <J.Pilk at tesco.net>
>> To: users at lists.fedoraproject.org
>> Subject: Re: NTP synchronized: no
>>
>> On 08/09/15 18:02, Rick Stevens wrote:
>>> On 09/08/2015 03:27 AM, John Pilkington wrote:
>>>> On 08/09/15 10:52, Ed Greshko wrote:
>>>>> On 09/08/15 17:29, Patrick Dupre wrote:
>>>>>> I cannot synchronize the date:
>>>>>> My undestanding is that it should be set by:
>>>>>> timedatectl set-ntp yes
>>>>>>
>>>>>> Here, the results of some commands:
>>>>>>
>>>>>> netstat -a |grep ntp
>>>>>> udp 0 0 localhost.localdo:51314 ns346276.ip-94-23-3:ntp
>>>>>> ESTABLISHED
>>>>>> udp 0 0 localhost.localdo:39994 tomia.ordimatic.net:ntp
>>>>>> ESTABLISHED
>>>>>> udp 0 0 localhost.localdo:45035 ntp.tuxfamily.net:ntp
>>>>>> ESTABLISHED
>>>>>> udp 0 0 localhost.localdo:49209 host3.nuagelibre.or:ntp
>>>>>> ESTABLISHED
>>>>>> warning, got bogus l2cap line.
>>>>
>>>> That looks different: here's mine.
>>>>
>>>> [john at HP_Box ~]$ netstat -a | grep ntp
>>>> udp 0 0 0.0.0.0:ntp 0.0.0.0:*
>>>> udp6 0 0 [::]:ntp [::]:*
>>>> [john at HP_Box ~]$ netstat -a | grep 323
>>>> udp 0 0 localhost:323 0.0.0.0:*
>>>> udp6 0 0 localhost:323 [::]:*
>>>> plus a few irrelevant responses.
>>>>
>>>> but ...grep 123 shows nothing that looks relevant.
>>>>
>>>> Quoting from the faq:
>>>>
>>>> Perhaps you have a firewall set up in a way that blocks packets on port
>>>> 323/udp. You need to amend the firewall configuration in this case.
>>>
>>> ntp is UDP port 123 as is shown in your output. By default, netstat
>>> will translate port numbers to services found in your /etc/services
>>> file. If you want to verify it, try "netstat -apn | grep :123" and you
>>> should see something on that port:
>>>
>>> [root at prophead ~]# netstat -pna | grep :123
>>> ...
>>> udp 0 0 192.168.1.50:58156 104.41.150.68:123
>>> ESTABLISHED 841/chronyd
>>> ...
>>>
>>> So you can see that chronyd is connected to 104.41.150.68 via UDP port 123.
>>
>> Thanks Rick. On my system, ( which does have a working chrony setup) I
>> see:
>>
>> $ uname -a
>> Linux HP_Box 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Aug 5 14:37:37 CDT
>> 2015 x86_64 x86_64 x86_64 GNU/Linux
>>
>> [john at HP_Box ~]$ netstat -pna | grep :123
>> (Not all processes could be identified, non-owned process info
>> will not be shown, you would have to be root to see it all.)
>> udp 0 0 0.0.0.0:123 0.0.0.0:*
>> -
>> udp6 0 0 :::123 :::*
>> -
>> [john at HP_Box ~]$ su
>> Password:
>> [root at HP_Box john]# netstat -pna | grep :123
>> udp 0 0 0.0.0.0:123 0.0.0.0:*
>> 692/chronyd
>> udp6 0 0 :::123 :::*
>> 692/chronyd
>> [root at HP_Box john]# netstat -pna | grep :323
>> udp 0 0 127.0.0.1:323 0.0.0.0:*
>> 692/chronyd
>> udp6 0 0 ::1:323 :::*
>> 692/chronyd
>> [root at HP_Box john]# exit
>> exit
>> [john at HP_Box ~]$
>>
>>
>>
>>
>>
>> --
>> users mailing list
>> users at lists.fedoraproject.org
>> To unsubscribe or change subscription options:
>> https://admin.fedoraproject.org/mailman/listinfo/users
>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>> Have a question? Ask away: http://ask.fedoraproject.org
>>
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks at alldigital.com -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- BASIC is the Computer Science version of `Scientific Creationism' -
----------------------------------------------------------------------
More information about the users
mailing list