Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: NTP reachable but rejected

1,644 views
Skip to first unread message

Moses Truong

unread,
Dec 20, 2009, 6:31:45 PM12/20/09
to
>
> Dave Hart wrote:
>
> ntpq told you the key piece of information with "flash=400 peer_dist,"
> -- in that version of ntpd, flash=400 is associated with the peer
> distance test, which is looking at a peer_distance calculation based
> on the rootdelay and rootdispersion peer variables, as well as the
> additional delay and dispersion in the communication with that peer.
> In the current code, the threshold peer_dist indicates has been
> exceeded defaults to 1.5 (seconds) and can be modified in ntp.conf
> with "tos maxdist 2.5" for example, though I would not advise it
> except as a short-term diagnostic step.
>
> Cheers,
> Dave Hart
>
Actually your suggestion fixed the clients running CentOS. I've found a
problem with Ubuntu in that changing /etc/ntp.conf doesn't seem to
affect the NTP daemon... I'll check with Ubuntu to see if this is a bug
or not.

Thanks
moses

Moses Truong

unread,
Dec 17, 2009, 7:01:04 PM12/17/09
to
Dave Hart wrote:
> On Wed, Dec 16, 2009 at 2:11 AM, Moses Truong wrote:
>
>> I have an NTP server (v.4.2.2) running on CentOS5 and it sync with ntp
>> servers over the internet.
>>
>> On the local network, I have a variety of NTP clients running, those
>> running CentOS4 with NTP daemon v4.2.0 are able to sync without a
>> problem, but those running CentOS5 (ntp v4.2.2) or Ubuntu 9.10 (ntp
>> v4.2.4) are not able to sync.
>>
> [...]
>
>> leap=00, stratum=2, precision=-20, rootdelay=727.264,
>> rootdispersion=448.120, refid=128.250.33.242, reach=001, unreach=1,
>> hmode=3, pmode=4, hpoll=6, ppoll=6, flash=400 peer_dist, keyid=0, ttl=0,
>> offset=8716.317, delay=0.166, dispersion=0.031, jitter=0.858,
>>
> [...]
>
>> From the ntp manual, flash=400 refers to
>>
>> 0x400 TEST11
>> The autokey protocol has not verified the server or peer is
>> proventic and has valid public key credentials.
>>
> [...]
>
> You are not looking at the NTP documentation which matches the version
> in question. They are distributed in the same tarball as each
> corresponding release of the NTP software. I don't know if CentOS
> distributes the official (HTML-only) docs or not, but fortunately
> there's http://doc.ntp.org/ providing documentation matching each
> prior stable release.

>
> ntpq told you the key piece of information with "flash=400 peer_dist,"
> -- in that version of ntpd, flash=400 is associated with the peer
> distance test, which is looking at a peer_distance calculation based
> on the rootdelay and rootdispersion peer variables, as well as the
> additional delay and dispersion in the communication with that peer.
> In the current code, the threshold peer_dist indicates has been
> exceeded defaults to 1.5 (seconds) and can be modified in ntp.conf
> with "tos maxdist 2.5" for example, though I would not advise it
> except as a short-term diagnostic step.
>
> Cheers,
> Dave Hart
>
I've looked through the documentation but I couldn't find any reference
to peer_dist.

I've added the "tos maxdist 2.5", but it still did not solve the
problem. I've even tried "tos maxdist 16", but still getting the same
error.

Moses Truong

unread,
Dec 15, 2009, 9:11:42 PM12/15/09
to
I have an NTP server (v.4.2.2) running on CentOS5 and it sync with ntp
servers over the internet.

On the local network, I have a variety of NTP clients running, those
running CentOS4 with NTP daemon v4.2.0 are able to sync without a
problem, but those running CentOS5 (ntp v4.2.2) or Ubuntu 9.10 (ntp
v4.2.4) are not able to sync.

assID=63102 status=9014 reach, conf, 1 event, event_reach,
srcadr=172.23.68.1, srcport=123, dstadr=172.23.68.121, dstport=123,


leap=00, stratum=2, precision=-20, rootdelay=727.264,
rootdispersion=448.120, refid=128.250.33.242, reach=001, unreach=1,
hmode=3, pmode=4, hpoll=6, ppoll=6, flash=400 peer_dist, keyid=0, ttl=0,
offset=8716.317, delay=0.166, dispersion=0.031, jitter=0.858,

reftime=ced28a23.6c7cf811 Wed, Dec 16 2009 8:20:19.423,
org=ced28a5b.688a3484 Wed, Dec 16 2009 8:21:15.408,
rec=ced28a52.b12f1670 Wed, Dec 16 2009 8:21:06.692,
xmt=ced28a52.b1231994 Wed, Dec 16 2009 8:21:06.691,
filtdelay= 0.17 0.17 0.15 0.18 0.18 0.23 0.20 0.27,
filtoffset= 8716.32 8716.12 8715.92 8715.74 8715.54 8715.37 8715.16 8714.99,
filtdisp= 0.00 0.03 0.06 0.09 0.12 0.15 0.18 0.21

From the ntp manual, flash=400 refers to

0x400 TEST11
The autokey protocol has not verified the server or peer is

proventic and has valid public key credentials. See the
Authentication Options <cid:part1.03080...@ntm.org.pg> page.

So I'm wondering are there a way to configure the client to ignore autokey?

I've tried removing all restrict options and have a barebone ntp.conf
with just the server and driftfile entry:

server 172.23.68.1
driftfile /var/lib/ntp/ntp.drift

But it is still rejecting the reply from the server.

Thanks for any help in advance.

moses

Dave Hart

unread,
Dec 17, 2009, 5:44:30 PM12/17/09
to
On Wed, Dec 16, 2009 at 2:11 AM, Moses Truong wrote:
> I have an NTP server (v.4.2.2) running on CentOS5 and it sync with ntp
> servers over the internet.
>
> On the local network, I have a variety of NTP clients running, those
> running CentOS4 with NTP daemon v4.2.0 are able to sync without a
> problem, but those running CentOS5 (ntp v4.2.2) or Ubuntu 9.10 (ntp
> v4.2.4) are not able to sync.
[...]

> leap=00, stratum=2, precision=-20, rootdelay=727.264,
> rootdispersion=448.120, refid=128.250.33.242, reach=001, unreach=1,
> hmode=3, pmode=4, hpoll=6, ppoll=6, flash=400 peer_dist, keyid=0, ttl=0,
> offset=8716.317, delay=0.166, dispersion=0.031, jitter=0.858,
[...]

>  From the ntp manual, flash=400 refers to
>
> 0x400 TEST11
>    The autokey protocol has not verified the server or peer is
>    proventic and has valid public key credentials.
[...]

You are not looking at the NTP documentation which matches the version
in question. They are distributed in the same tarball as each
corresponding release of the NTP software. I don't know if CentOS
distributes the official (HTML-only) docs or not, but fortunately
there's http://doc.ntp.org/ providing documentation matching each
prior stable release.

ntpq told you the key piece of information with "flash=400 peer_dist,"
-- in that version of ntpd, flash=400 is associated with the peer
distance test, which is looking at a peer_distance calculation based
on the rootdelay and rootdispersion peer variables, as well as the
additional delay and dispersion in the communication with that peer.
In the current code, the threshold peer_dist indicates has been
exceeded defaults to 1.5 (seconds) and can be modified in ntp.conf
with "tos maxdist 2.5" for example, though I would not advise it
except as a short-term diagnostic step.

Cheers,
Dave Hart
_______________________________________________
questions mailing list
ques...@lists.ntp.org
https://lists.ntp.org/mailman/listinfo/questions

Richard B. Gilbert

unread,
Dec 21, 2009, 7:38:57 PM12/21/09
to

Did you restart the NTP daemon? /etc/ntp.conf is normally read ONLY
when NTPD starts!

0 new messages