From: "Paul Smith" <phhs80@xxxxxxxxx>
On 12/9/05, Terry Polzin <fox3ec208@xxxxxxxxxxxxxxxx> wrote:
> > > > Is there some gui for configuring NTP?
> > >
> > > /usr/bin/system-config-time
> >
> > Thanks, Terry. But getting
> >
> > # /sbin/service ntpd restart
> > Shutting down ntpd: [ OK ]
> > ntpd: Synchronizing with time server: [FAILED]
> > Starting ntpd: [ OK ]
> > #
> >
> > whatever server I choose.
>
> Is your iptables open for NTP?
> I have this:
> -A INPUT -s 66.187.233.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
> -A INPUT -s 66.187.224.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
NOTE: that is only good if you have "clock1.redhat.com" as your clock
server. Make it correct for the clock server you select. You may have to
make it a range of addresses.
> If you don't have something like that, try it, restart your iptables and
> ntp, it works for me.
Also, what do you have selected for a time server? Is it one in the same TZ
and reasonably close by?
Thanks to all. I do not think my firewall (shorewall) is the
responsible, as I have not changed anything related with it, and NTP
worked fine before.
My TZ is "Europe mainland", the NTP server is clock.redhat.com, and
# ntpstat
unsynchronised
time server re-starting
polling server every 64 s
#
Paul, if "ntpq -c assoc" indicates your selected clocks are unreachable
select other clocks or check your firewall. Once you can reach your
selected clocks "ntpq -p" will let you watch the lock proceedings and
see if you actually do lock.
If you "service ntpd stop" you can then play with ntpdate with potential
peers. In one console window bring up "tail -f /var/log/messages" to make
a logging console. In another run "ntpdate -p 8 -u -d -q <yourserverhere>".
Look for messages in your loging console regarding your firewall. For a
more or less "known good" time server try "ntp.pool.org". It's not always
"known close". But it will work and provide good information. If this
works recheck the sites you are "associated" with "ntpq -c assoc" with
ntpd running with your normal startup. Make sure your step-tickers and
associations make sense and work. The ntpdate command above, perhaps
without the -d would be good for checking it out FROM YOUR LOCATION.
There is a possibility that your ntp.conf is messed up beyond belief
with restricted mis-used or other potential screwups. If nothing above
proves to get it going post the configuration file from /etc.
{^_^}