Hi,
I Think I found the missconfigured parts :-)! Thanks for pointing me into the right direction.
"notrust" and "restrict" where misconfigurred!
Now the clients have:
restrict IP mask 255.255.255.255 nomodify notrap noquery server IP
The server:
restrict IP mask 255.255.255.0 notrust nomodify notrap ...
Regards
Götz Reinicke
John DeDourek wrote:
Note the column called "reach". On the server it has 377. That's the octal (base 8) representation of an 8-bit quantity. (377 = 11111111 binary). Periodically a machine running ntp sends a time query to its configured servers. When it gets a reply it shifts a 1 into the right of "reach"; no reply, it shifts a 0. Thus on the server, the last eight queries to its servers got a reply: 11111111. On the clients 00000000; that's obviously bad. So the clients are not getting responses to their queries.
Two usual problems: -- Either the queries or the responses to the clients are not getting through the network; most commonly firewall issues; occasionally network problems like routing; check the latter by ping. The former requires an investigation of the firewall setup -- Bad ntp configuration on the server (refusing to accept queries) or on the clients (refusing to accept responses). You unfortunately didn't shows us the ntp configuration on the two machines. Most common problem is that the meaning of "restrict notrust" changed between older and newer versions of ntp. If you are reading old guidlines, or have upgraded to the newer ntp and used the configuration files from the old one, that could be the problem. Have a quick look at /etc/ntp.conf; if the word "notrust" appears on any "restrict" lines, try editing it out (saving a copy of the old configuration first). If you just copied an old configuration file over the new one after upgrading (and happened to save the original installed configuration, which I highly recommend), a good procedure would be to go back to the ntp.conf installed by the upgrade and edit your own server lines in (making changes as appropriate). In any case, we would need to see the configuration files to comment further.
Götz Reinicke wrote:
Hi,
today I checked the time on some servers and found that they differ by a couple off minutes. Without teh ntpd running a "ntpdate gaugin" syncs the clock.
<...>
-- Götz Reinicke IT Koordinator - IT OfficeNet
Tel. +49 (0) 7141 - 969 420 Fax +49 (0) 7141 - 969 55 420 goetz.reinicke@xxxxxxxxxxxxxxx
Filmakademie Baden-Württemberg Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de
