NTP synchronized: no
Patrick Dupre
pdupre at gmx.com
Tue Sep 8 18:30:32 UTC 2015
===========================================================================
Patrick DUPRÉ | | email: pdupre at gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
> Sent: Tuesday, September 08, 2015 at 8:27 PM
> From: "Rick Stevens" <ricks at alldigital.com>
> To: "Community support for Fedora users" <users at lists.fedoraproject.org>
> Subject: Re: NTP synchronized: no
>
> On 09/08/2015 10:52 AM, Patrick Dupre wrote:
> > Hello,
> >
> > I am not sure to understand.
> > The previous conclusion was that the firewall did not let me go through.
> > Now, I have:
> > :::* 5704/chronyd
> > [root at Homere ~]# netstat -pna | grep :123
> > udp 0 0 193.49.194.196:35562 210.173.160.27:123 ESTABLISHED 5704/chronyd
> > udp 0 0 193.49.194.196:60225 210.173.160.57:123 ESTABLISHED 5704/chronyd
> > udp 0 0 193.49.194.196:36218 210.173.160.87:123 ESTABLISHED 5704/chronyd
> > udp 0 0 193.49.194.196:36803 178.32.54.53:123 ESTABLISHED 5704/chronyd
> > udp 0 0 193.49.194.196:57367 62.210.85.244:123 ESTABLISHED 5704/chronyd
> > udp 0 0 0.0.0.0:123 0.0.0.0:* 5704/chronyd
> > udp 0 0 193.49.194.196:57601 91.121.169.20:123 ESTABLISHED 5704/chronyd
> > udp 0 0 193.49.194.196:34907 195.83.66.158:123 ESTABLISHED 5704/chronyd
> > udp6 0 0 :::123 :::* 5704/chronyd
> >
> > timedatectl
> > Local time: Tue 2015-09-08 19:46:24 CEST
> > Universal time: Tue 2015-09-08 17:46:24 UTC
> > RTC time: Tue 2015-09-08 17:46:24
> > Timezone: Europe/Paris (CEST, +0200)
> > NTP enabled: yes
> > NTP synchronized: yes
> > RTC in local TZ: no
> > DST active: yes
> > Last DST change: DST began at
> > Sun 2015-03-29 01:59:59 CET
> > Sun 2015-03-29 03:00:00 CEST
> > Next DST change: DST ends (the clock jumps one hour backwards) at
> > Sun 2015-10-25 02:59:59 CEST
> > Sun 2015-10-25 02:00:00 CET
> >
> > traceroute -p 123 -U 123.204.45.116
> > traceroute to 123.204.45.116 (123.204.45.116), 30 hops max, 60 byte packets
> > 1 cisco-dk.univ-littoral.fr (193.49.194.1) 1.768 ms 1.944 ms 2.151 ms
> > 2 192.168.168.203 (192.168.168.203) 0.317 ms 0.417 ms 0.486 ms
> > 3 * * *
> > 4 * * *
> >
> > It does not looks like that the connection with the time server is established.
> > However, it says:
> > NTP synchronized: yes
> >
> > On the other side, the machine is 10 s beyond http://www.worldtimeserver.com/
>
> To see what chronyd is doing, run "chronyc -n sources" as the root
> user. Don't rely on what netstat is telling you.
chronyc -n sources
210 Number of sources = 7
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 178.32.54.53 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 195.83.66.158 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 91.121.169.20 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 62.210.85.244 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 210.173.160.27 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 210.173.160.57 0 10 0 10y +0ns[ +0ns] +/- 0ns
^? 210.173.160.87 0 10 0 10y +0ns[ +0ns] +/- 0ns
> Here's what I see:
>
> [root at prophead ~]# chronyc -n sources
> 210 Number of sources = 4
> MS Name/IP address Stratum Poll Reach LastRx Last sample
> ===============================================================================
> ^* 132.163.4.101 1 10 377 316 +5458us[+5379us] +/-
> 32ms
> ^- 104.41.150.68 2 10 357 806 -8917us[-8979us] +/-
> 91ms
> ^+ 192.155.90.13 2 10 377 912 -12ms[ -12ms] +/-
> 67ms
> ^- 198.211.106.151 2 9 377 486 -12ms[ -12ms] +/-
> 81ms
>
> From the chrony docs, the first two columns ("M" and "S") mean:
>
> 'M'
> This indicates the mode of the source. '^' means a server, '='
> means a peer and '#' indicates a locally connected reference clock.
>
> 'S'
> This column indicates the state of the sources. '*' indicates the
> source to which 'chronyd' is currently synchronised. '+' indicates
> acceptable sources which are combined with the selected source.
> '-' indicates acceptable sources which are excluded by the
> combining algorithm. '?' indicates sources to which connectivity
> has been lost or whose packets don't pass all tests. 'x' indicates
> a clock which 'chronyd' thinks is is a falseticker (i.e. its time
> is inconsistent with a majority of other sources). '~' indicates a
> source whose time appears to have too much variability. The '?'
> condition is also shown at start-up, until at least 3 samples have
> been gathered from it.
>
>
> In my case, they're all servers ("M" all show "^") and I'm currently
> sync'd to 132.163.4.101 (the "*" under "S"). The second and fourth
> servers listed are "acceptable sources" but excluded based on the
> combining algorithms. The third item is acceptable on its own.
>
> Another useful version is "chronyc activity":
>
> [root at prophead ~]# chronyc activity
> 200 OK
> 4 sources online
> 0 sources offline
> 0 sources doing burst (return to online)
> 0 sources doing burst (return to offline)
> 0 sources with unknown address
>
> So I see four sources online and available.
>
> As others have said, if you're in a university setting it is entirely
> possible that they want you to use THEIR NTP servers, not ones wild on
> the net. They may very well block UDP port 123 on their firewalls so
> your best bet is to ask the admins which NTP servers are available to
> you.
>
> On my corporate firewall, I block NTP for most of my users, but I have
> NTP services running on my DNS cache servers. That's what the people
> behind my firewall get access to (and what's configured to be returned
> on DHCP requests from them).
>
> >> Sent: Tuesday, September 08, 2015 at 7:42 PM
> >> From: "John Pilkington" <J.Pilk at tesco.net>
> >> To: users at lists.fedoraproject.org
> >> Subject: Re: NTP synchronized: no
> >>
> >> On 08/09/15 18:02, Rick Stevens wrote:
> >>> On 09/08/2015 03:27 AM, John Pilkington wrote:
> >>>> On 08/09/15 10:52, Ed Greshko wrote:
> >>>>> On 09/08/15 17:29, Patrick Dupre wrote:
> >>>>>> I cannot synchronize the date:
> >>>>>> My undestanding is that it should be set by:
> >>>>>> timedatectl set-ntp yes
> >>>>>>
> >>>>>> Here, the results of some commands:
> >>>>>>
> >>>>>> netstat -a |grep ntp
> >>>>>> udp 0 0 localhost.localdo:51314 ns346276.ip-94-23-3:ntp
> >>>>>> ESTABLISHED
> >>>>>> udp 0 0 localhost.localdo:39994 tomia.ordimatic.net:ntp
> >>>>>> ESTABLISHED
> >>>>>> udp 0 0 localhost.localdo:45035 ntp.tuxfamily.net:ntp
> >>>>>> ESTABLISHED
> >>>>>> udp 0 0 localhost.localdo:49209 host3.nuagelibre.or:ntp
> >>>>>> ESTABLISHED
> >>>>>> warning, got bogus l2cap line.
> >>>>
> >>>> That looks different: here's mine.
> >>>>
> >>>> [john at HP_Box ~]$ netstat -a | grep ntp
> >>>> udp 0 0 0.0.0.0:ntp 0.0.0.0:*
> >>>> udp6 0 0 [::]:ntp [::]:*
> >>>> [john at HP_Box ~]$ netstat -a | grep 323
> >>>> udp 0 0 localhost:323 0.0.0.0:*
> >>>> udp6 0 0 localhost:323 [::]:*
> >>>> plus a few irrelevant responses.
> >>>>
> >>>> but ...grep 123 shows nothing that looks relevant.
> >>>>
> >>>> Quoting from the faq:
> >>>>
> >>>> Perhaps you have a firewall set up in a way that blocks packets on port
> >>>> 323/udp. You need to amend the firewall configuration in this case.
> >>>
> >>> ntp is UDP port 123 as is shown in your output. By default, netstat
> >>> will translate port numbers to services found in your /etc/services
> >>> file. If you want to verify it, try "netstat -apn | grep :123" and you
> >>> should see something on that port:
> >>>
> >>> [root at prophead ~]# netstat -pna | grep :123
> >>> ...
> >>> udp 0 0 192.168.1.50:58156 104.41.150.68:123
> >>> ESTABLISHED 841/chronyd
> >>> ...
> >>>
> >>> So you can see that chronyd is connected to 104.41.150.68 via UDP port 123.
> >>
> >> Thanks Rick. On my system, ( which does have a working chrony setup) I
> >> see:
> >>
> >> $ uname -a
> >> Linux HP_Box 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Aug 5 14:37:37 CDT
> >> 2015 x86_64 x86_64 x86_64 GNU/Linux
> >>
> >> [john at HP_Box ~]$ netstat -pna | grep :123
> >> (Not all processes could be identified, non-owned process info
> >> will not be shown, you would have to be root to see it all.)
> >> udp 0 0 0.0.0.0:123 0.0.0.0:*
> >> -
> >> udp6 0 0 :::123 :::*
> >> -
> >> [john at HP_Box ~]$ su
> >> Password:
> >> [root at HP_Box john]# netstat -pna | grep :123
> >> udp 0 0 0.0.0.0:123 0.0.0.0:*
> >> 692/chronyd
> >> udp6 0 0 :::123 :::*
> >> 692/chronyd
> >> [root at HP_Box john]# netstat -pna | grep :323
> >> udp 0 0 127.0.0.1:323 0.0.0.0:*
> >> 692/chronyd
> >> udp6 0 0 ::1:323 :::*
> >> 692/chronyd
> >> [root at HP_Box john]# exit
> >> exit
> >> [john at HP_Box ~]$
> >>
> >>
> >>
> >>
> >>
> >> --
> >> users mailing list
> >> users at lists.fedoraproject.org
> >> To unsubscribe or change subscription options:
> >> https://admin.fedoraproject.org/mailman/listinfo/users
> >> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> >> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> >> Have a question? Ask away: http://ask.fedoraproject.org
> >>
>
>
> --
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer, AllDigital ricks at alldigital.com -
> - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
> - -
> - BASIC is the Computer Science version of `Scientific Creationism' -
> ----------------------------------------------------------------------
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
More information about the users
mailing list