NTP synchronized: no
Rick Stevens
ricks at alldigital.com
Tue Sep 8 18:40:49 UTC 2015
On 09/08/2015 11:30 AM, Patrick Dupre wrote:
>
>
> ===========================================================================
> Patrick DUPRÉ | | email: pdupre at gmx.com
> Laboratoire de Physico-Chimie de l'Atmosphère | |
> Université du Littoral-Côte d'Opale | |
> Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
> 189A, avenue Maurice Schumann | | 59140 Dunkerque, France
> ===========================================================================
>
>
>> Sent: Tuesday, September 08, 2015 at 8:27 PM
>> From: "Rick Stevens" <ricks at alldigital.com>
>> To: "Community support for Fedora users" <users at lists.fedoraproject.org>
>> Subject: Re: NTP synchronized: no
>>
>> On 09/08/2015 10:52 AM, Patrick Dupre wrote:
>>> Hello,
>>>
>>> I am not sure to understand.
>>> The previous conclusion was that the firewall did not let me go through.
>>> Now, I have:
>>> :::* 5704/chronyd
>>> [root at Homere ~]# netstat -pna | grep :123
>>> udp 0 0 193.49.194.196:35562 210.173.160.27:123 ESTABLISHED 5704/chronyd
>>> udp 0 0 193.49.194.196:60225 210.173.160.57:123 ESTABLISHED 5704/chronyd
>>> udp 0 0 193.49.194.196:36218 210.173.160.87:123 ESTABLISHED 5704/chronyd
>>> udp 0 0 193.49.194.196:36803 178.32.54.53:123 ESTABLISHED 5704/chronyd
>>> udp 0 0 193.49.194.196:57367 62.210.85.244:123 ESTABLISHED 5704/chronyd
>>> udp 0 0 0.0.0.0:123 0.0.0.0:* 5704/chronyd
>>> udp 0 0 193.49.194.196:57601 91.121.169.20:123 ESTABLISHED 5704/chronyd
>>> udp 0 0 193.49.194.196:34907 195.83.66.158:123 ESTABLISHED 5704/chronyd
>>> udp6 0 0 :::123 :::* 5704/chronyd
>>>
>>> timedatectl
>>> Local time: Tue 2015-09-08 19:46:24 CEST
>>> Universal time: Tue 2015-09-08 17:46:24 UTC
>>> RTC time: Tue 2015-09-08 17:46:24
>>> Timezone: Europe/Paris (CEST, +0200)
>>> NTP enabled: yes
>>> NTP synchronized: yes
>>> RTC in local TZ: no
>>> DST active: yes
>>> Last DST change: DST began at
>>> Sun 2015-03-29 01:59:59 CET
>>> Sun 2015-03-29 03:00:00 CEST
>>> Next DST change: DST ends (the clock jumps one hour backwards) at
>>> Sun 2015-10-25 02:59:59 CEST
>>> Sun 2015-10-25 02:00:00 CET
>>>
>>> traceroute -p 123 -U 123.204.45.116
>>> traceroute to 123.204.45.116 (123.204.45.116), 30 hops max, 60 byte packets
>>> 1 cisco-dk.univ-littoral.fr (193.49.194.1) 1.768 ms 1.944 ms 2.151 ms
>>> 2 192.168.168.203 (192.168.168.203) 0.317 ms 0.417 ms 0.486 ms
>>> 3 * * *
>>> 4 * * *
>>>
>>> It does not looks like that the connection with the time server is established.
>>> However, it says:
>>> NTP synchronized: yes
>>>
>>> On the other side, the machine is 10 s beyond http://www.worldtimeserver.com/
>>
>> To see what chronyd is doing, run "chronyc -n sources" as the root
>> user. Don't rely on what netstat is telling you.
>
> chronyc -n sources
> 210 Number of sources = 7
> MS Name/IP address Stratum Poll Reach LastRx Last sample
> ===============================================================================
> ^? 178.32.54.53 0 10 0 10y +0ns[ +0ns] +/- 0ns
> ^? 195.83.66.158 0 10 0 10y +0ns[ +0ns] +/- 0ns
> ^? 91.121.169.20 0 10 0 10y +0ns[ +0ns] +/- 0ns
> ^? 62.210.85.244 0 10 0 10y +0ns[ +0ns] +/- 0ns
> ^? 210.173.160.27 0 10 0 10y +0ns[ +0ns] +/- 0ns
> ^? 210.173.160.57 0 10 0 10y +0ns[ +0ns] +/- 0ns
> ^? 210.173.160.87 0 10 0 10y +0ns[ +0ns] +/- 0ns
The question marks (and the "LastRx" of 10 years) indicates you can't
contact those servers or the data isn't reliable enough for chronyd to
use. Contact your network administrator.
>> Here's what I see:
>>
>> [root at prophead ~]# chronyc -n sources
>> 210 Number of sources = 4
>> MS Name/IP address Stratum Poll Reach LastRx Last sample
>> ===============================================================================
>> ^* 132.163.4.101 1 10 377 316 +5458us[+5379us] +/-
>> 32ms
>> ^- 104.41.150.68 2 10 357 806 -8917us[-8979us] +/-
>> 91ms
>> ^+ 192.155.90.13 2 10 377 912 -12ms[ -12ms] +/-
>> 67ms
>> ^- 198.211.106.151 2 9 377 486 -12ms[ -12ms] +/-
>> 81ms
>>
>> From the chrony docs, the first two columns ("M" and "S") mean:
>>
>> 'M'
>> This indicates the mode of the source. '^' means a server, '='
>> means a peer and '#' indicates a locally connected reference clock.
>>
>> 'S'
>> This column indicates the state of the sources. '*' indicates the
>> source to which 'chronyd' is currently synchronised. '+' indicates
>> acceptable sources which are combined with the selected source.
>> '-' indicates acceptable sources which are excluded by the
>> combining algorithm. '?' indicates sources to which connectivity
>> has been lost or whose packets don't pass all tests. 'x' indicates
>> a clock which 'chronyd' thinks is is a falseticker (i.e. its time
>> is inconsistent with a majority of other sources). '~' indicates a
>> source whose time appears to have too much variability. The '?'
>> condition is also shown at start-up, until at least 3 samples have
>> been gathered from it.
>>
>>
>> In my case, they're all servers ("M" all show "^") and I'm currently
>> sync'd to 132.163.4.101 (the "*" under "S"). The second and fourth
>> servers listed are "acceptable sources" but excluded based on the
>> combining algorithms. The third item is acceptable on its own.
>>
>> Another useful version is "chronyc activity":
>>
>> [root at prophead ~]# chronyc activity
>> 200 OK
>> 4 sources online
>> 0 sources offline
>> 0 sources doing burst (return to online)
>> 0 sources doing burst (return to offline)
>> 0 sources with unknown address
>>
>> So I see four sources online and available.
>>
>> As others have said, if you're in a university setting it is entirely
>> possible that they want you to use THEIR NTP servers, not ones wild on
>> the net. They may very well block UDP port 123 on their firewalls so
>> your best bet is to ask the admins which NTP servers are available to
>> you.
>>
>> On my corporate firewall, I block NTP for most of my users, but I have
>> NTP services running on my DNS cache servers. That's what the people
>> behind my firewall get access to (and what's configured to be returned
>> on DHCP requests from them).
>>
>>>> Sent: Tuesday, September 08, 2015 at 7:42 PM
>>>> From: "John Pilkington" <J.Pilk at tesco.net>
>>>> To: users at lists.fedoraproject.org
>>>> Subject: Re: NTP synchronized: no
>>>>
>>>> On 08/09/15 18:02, Rick Stevens wrote:
>>>>> On 09/08/2015 03:27 AM, John Pilkington wrote:
>>>>>> On 08/09/15 10:52, Ed Greshko wrote:
>>>>>>> On 09/08/15 17:29, Patrick Dupre wrote:
>>>>>>>> I cannot synchronize the date:
>>>>>>>> My undestanding is that it should be set by:
>>>>>>>> timedatectl set-ntp yes
>>>>>>>>
>>>>>>>> Here, the results of some commands:
>>>>>>>>
>>>>>>>> netstat -a |grep ntp
>>>>>>>> udp 0 0 localhost.localdo:51314 ns346276.ip-94-23-3:ntp
>>>>>>>> ESTABLISHED
>>>>>>>> udp 0 0 localhost.localdo:39994 tomia.ordimatic.net:ntp
>>>>>>>> ESTABLISHED
>>>>>>>> udp 0 0 localhost.localdo:45035 ntp.tuxfamily.net:ntp
>>>>>>>> ESTABLISHED
>>>>>>>> udp 0 0 localhost.localdo:49209 host3.nuagelibre.or:ntp
>>>>>>>> ESTABLISHED
>>>>>>>> warning, got bogus l2cap line.
>>>>>>
>>>>>> That looks different: here's mine.
>>>>>>
>>>>>> [john at HP_Box ~]$ netstat -a | grep ntp
>>>>>> udp 0 0 0.0.0.0:ntp 0.0.0.0:*
>>>>>> udp6 0 0 [::]:ntp [::]:*
>>>>>> [john at HP_Box ~]$ netstat -a | grep 323
>>>>>> udp 0 0 localhost:323 0.0.0.0:*
>>>>>> udp6 0 0 localhost:323 [::]:*
>>>>>> plus a few irrelevant responses.
>>>>>>
>>>>>> but ...grep 123 shows nothing that looks relevant.
>>>>>>
>>>>>> Quoting from the faq:
>>>>>>
>>>>>> Perhaps you have a firewall set up in a way that blocks packets on port
>>>>>> 323/udp. You need to amend the firewall configuration in this case.
>>>>>
>>>>> ntp is UDP port 123 as is shown in your output. By default, netstat
>>>>> will translate port numbers to services found in your /etc/services
>>>>> file. If you want to verify it, try "netstat -apn | grep :123" and you
>>>>> should see something on that port:
>>>>>
>>>>> [root at prophead ~]# netstat -pna | grep :123
>>>>> ...
>>>>> udp 0 0 192.168.1.50:58156 104.41.150.68:123
>>>>> ESTABLISHED 841/chronyd
>>>>> ...
>>>>>
>>>>> So you can see that chronyd is connected to 104.41.150.68 via UDP port 123.
>>>>
>>>> Thanks Rick. On my system, ( which does have a working chrony setup) I
>>>> see:
>>>>
>>>> $ uname -a
>>>> Linux HP_Box 3.10.0-229.11.1.el7.x86_64 #1 SMP Wed Aug 5 14:37:37 CDT
>>>> 2015 x86_64 x86_64 x86_64 GNU/Linux
>>>>
>>>> [john at HP_Box ~]$ netstat -pna | grep :123
>>>> (Not all processes could be identified, non-owned process info
>>>> will not be shown, you would have to be root to see it all.)
>>>> udp 0 0 0.0.0.0:123 0.0.0.0:*
>>>> -
>>>> udp6 0 0 :::123 :::*
>>>> -
>>>> [john at HP_Box ~]$ su
>>>> Password:
>>>> [root at HP_Box john]# netstat -pna | grep :123
>>>> udp 0 0 0.0.0.0:123 0.0.0.0:*
>>>> 692/chronyd
>>>> udp6 0 0 :::123 :::*
>>>> 692/chronyd
>>>> [root at HP_Box john]# netstat -pna | grep :323
>>>> udp 0 0 127.0.0.1:323 0.0.0.0:*
>>>> 692/chronyd
>>>> udp6 0 0 ::1:323 :::*
>>>> 692/chronyd
>>>> [root at HP_Box john]# exit
>>>> exit
>>>> [john at HP_Box ~]$
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> users mailing list
>>>> users at lists.fedoraproject.org
>>>> To unsubscribe or change subscription options:
>>>> https://admin.fedoraproject.org/mailman/listinfo/users
>>>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>>> Have a question? Ask away: http://ask.fedoraproject.org
>>>>
>>
>>
>> --
>> ----------------------------------------------------------------------
>> - Rick Stevens, Systems Engineer, AllDigital ricks at alldigital.com -
>> - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
>> - -
>> - BASIC is the Computer Science version of `Scientific Creationism' -
>> ----------------------------------------------------------------------
>> --
>> users mailing list
>> users at lists.fedoraproject.org
>> To unsubscribe or change subscription options:
>> https://admin.fedoraproject.org/mailman/listinfo/users
>> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>> Have a question? Ask away: http://ask.fedoraproject.org
>>
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks at alldigital.com -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- NEWS FLASH! Intelligence of mankind decreasing! Details at... -
- uh, when, uh, the little hand is, uh, on the... Aw, NUTS! -
----------------------------------------------------------------------
More information about the users
mailing list