- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- NTP "restrict" issue - RHEL3/4
Operating System - Linux
1753943
Members
9378
Online
108811
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2008 12:25 AM
тАО07-08-2008 12:25 AM
NTP "restrict" issue - RHEL3/4
Hi,
I've had an issue with NTP that I think is already solved, but I have still a question regarding a difference in configuration between RHEL 3 and 4.
I have several RHEL 3 systems whose NTP is working correctly with following configuration file /etc/ntp.conf:
restrict default ignore
restrict 127.0.0.1
server a.b.c.d
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
authenticate yes
keys /etc/ntp/keys
As this was working fine I copied this configuration file to my news RHEL 4 systems (in the same subnet) but whenever I started the ntpd daemon it was able to set correctly system's time but it ended up in de-synchronization (drift file was never updated, etc).
I found that "ntpq -p" command returned following output:
remote refid st t when poll reach delay offset jitter
==============================================================================
a.b.c.d .INIT. 16 u - 1024 0 0.000 0.000 4000.00
as if it couldn't initiate communication correctly or something like that. I revisited all the configuration files, checked ipdatable and communication between my systems and NTP server through NTP port... and everything seemed to be fined.
After looking for some information I realized that it seemed that with "restrict default ignore" I was preventing my server from being correctly synchronized against NTP server (still don't know why; from my point of view if the client is able to reach the server and get the time from it that should be enough as to remain synchronized).
I added following line to my /etc/ntp.conf file:
restrict a.b.c.d nomodify notrap noquery
and now everything is working fine.
The question is if this line is strictly necessary for the NTP to work. In this case I'd like somebody to let me know why all the RHEL 3 boxes that are running NTP without this line are working fine ?!
Is there any significant difference between RHEL 3 and 4 that may produce this difference in operation?
Thanks in advance.
I've had an issue with NTP that I think is already solved, but I have still a question regarding a difference in configuration between RHEL 3 and 4.
I have several RHEL 3 systems whose NTP is working correctly with following configuration file /etc/ntp.conf:
restrict default ignore
restrict 127.0.0.1
server a.b.c.d
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
authenticate yes
keys /etc/ntp/keys
As this was working fine I copied this configuration file to my news RHEL 4 systems (in the same subnet) but whenever I started the ntpd daemon it was able to set correctly system's time but it ended up in de-synchronization (drift file was never updated, etc).
I found that "ntpq -p" command returned following output:
remote refid st t when poll reach delay offset jitter
==============================================================================
a.b.c.d .INIT. 16 u - 1024 0 0.000 0.000 4000.00
as if it couldn't initiate communication correctly or something like that. I revisited all the configuration files, checked ipdatable and communication between my systems and NTP server through NTP port... and everything seemed to be fined.
After looking for some information I realized that it seemed that with "restrict default ignore" I was preventing my server from being correctly synchronized against NTP server (still don't know why; from my point of view if the client is able to reach the server and get the time from it that should be enough as to remain synchronized).
I added following line to my /etc/ntp.conf file:
restrict a.b.c.d nomodify notrap noquery
and now everything is working fine.
The question is if this line is strictly necessary for the NTP to work. In this case I'd like somebody to let me know why all the RHEL 3 boxes that are running NTP without this line are working fine ?!
Is there any significant difference between RHEL 3 and 4 that may produce this difference in operation?
Thanks in advance.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2008 05:50 AM
тАО07-08-2008 05:50 AM
Re: NTP "restrict" issue - RHEL3/4
The definition of the "ignore" option of the restrict command is:
-------
ignore
Ignore all packets from hosts which match this entry. If this flag is specified neither queries nor time server polls will be responded to.
-------
So, "restrict default ignore" is supposed to block ntpd from communicating with anyone unless further restrict keywords allow communication to specific targets. In RHEL 3, this does not seem to have the intended effect. This is probably a bug.
RHEL 4 has NTP 4.2.0, while RHEL 3 has NTP 4.1.2. So it would be very interesting to see what changes have been done to ntpd after 4.1.2. The closest equivalent seems to be the file /usr/share/doc/ntp-4.2.0.a.20040617/NEWS on any RHEL 4 machine which has ntp installed. It says:
---
(4.2.0)
* More stuff than I have time to document
* IPv6 support
* Bugfixes
* call-gap filtering
* wwv and chu refclock improvements
* OpenSSL integration
---
Very terse. But either "bugfixes" and "more stuff than I have time to document" might well include fixing the "restrict ... ignore" to actually work as documented.
MK
-------
ignore
Ignore all packets from hosts which match this entry. If this flag is specified neither queries nor time server polls will be responded to.
-------
So, "restrict default ignore" is supposed to block ntpd from communicating with anyone unless further restrict keywords allow communication to specific targets. In RHEL 3, this does not seem to have the intended effect. This is probably a bug.
RHEL 4 has NTP 4.2.0, while RHEL 3 has NTP 4.1.2. So it would be very interesting to see what changes have been done to ntpd after 4.1.2. The closest equivalent seems to be the file /usr/share/doc/ntp-4.2.0.a.20040617/NEWS on any RHEL 4 machine which has ntp installed. It says:
---
(4.2.0)
* More stuff than I have time to document
* IPv6 support
* Bugfixes
* call-gap filtering
* wwv and chu refclock improvements
* OpenSSL integration
---
Very terse. But either "bugfixes" and "more stuff than I have time to document" might well include fixing the "restrict ... ignore" to actually work as documented.
MK
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2008 11:50 PM
тАО07-13-2008 11:50 PM
Re: NTP "restrict" issue - RHEL3/4
Ok, I'll assume this issue on RHEL 3 as a bug, then. On my RHEL4 boxes NTP is working fine since I made the change.
Thanks.
Thanks.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP