1

In my server the ntpd service is started but it does not seem to work.

I can find nothing according to this ( Where are the ntpd log file located, and how can we configure the ntpd log file path? ) and this ( Where can I look up for the ntpd log? ) :-(

According to MadHatter's suggestion (See How can I synchronize system time with a NTP server continuously? ), I listed some information in my server:

ntpdate returns:

2 May 21:47:55 ntpdate[47274]: the NTP socket is in use, exiting

ntpq -c as returns:

ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 22393  9614   yes   yes  none  sys.peer   reachable  1
  2 22394  9414   yes   yes  none  candidat   reachable  1
  3 22395  9414   yes   yes  none  candidat   reachable  1

ntpq -c pe returns:

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*time5.aliyun.co 10.137.38.86     2 u  157 1024  377   42.869    3.156   0.274
+time7.aliyun.co 10.137.38.86     2 u  402 1024  377   42.997    4.893   0.251
+ntp3.aliyun.com 10.137.38.86     2 u  276 1024  377   38.393    7.159   0.263

And my ntp.conf (# lines are not listed) is:

minpoll 4
maxpoll 8
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server ntp1.aliyun.com
server ntp2.aliyun.com
server ntp3.aliyun.com
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys

UPDATE

ntpq -c rv returns:

assID=0 status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.4p8@1.1612-o Tue Nov 29 00:09:12 UTC 2011 (1)",
processor="x86_64", system="Linux/2.6.32-220.4.1.el6.x86_64", leap=00,
stratum=3, precision=-20, rootdelay=42.918, rootdispersion=11.376,
peer=18777, refid=182.92.12.11,
reftime=dad1e8b1.6b42ba77  Mon, May  2 2016 22:54:41.418, poll=8,
clock=dad1e995.5771e298  Mon, May  2 2016 22:58:29.341, state=4,
offset=-0.578, frequency=23.898, jitter=1.845, noise=1.218,
stability=0.223, tai=0

p.s. This server is located in Chengdu, China (GMT+8)

Community
  • 1
auntyellow
  • 167
  • 1
  • 3
  • 9
  • Sorry, should have added a request for `ntpq -c rv` - since it looks very much as if you are sync'ed, which I wasn't expecting. – MadHatter May 02 '16 at 14:13
  • see update .... – auntyellow May 02 '16 at 15:01
  • `minpoll 4` and `maxpoll 8` are newly added since my previous question ( http://serverfault.com/questions/774227/how-can-i-synchronize-system-time-with-a-ntp-server-continuously ) . I don't know if they take effects. – auntyellow May 02 '16 at 15:02
  • 1
    Why do you think it isn't working? What symptoms are you seeing? – Zoredache May 02 '16 at 15:24

1 Answers1

5

The definitive statement is in your ntpq -c rv output, where it says

stratum=3

You are sync'ed; ntpd is working. When your daemon reports a stratum that isn't 16, you know you are sync'ed. In this case, ntpq -c pe tells you that your system peer (the one whose clock your daemon is currently following) is time5.aliyun.com, aka ntp1.aliyun.com. Its stratum is 2, and yours is one greater, which is correct behaviour.

ntpdate returns the socket-in-use error because the socket is in use, as ntpd is running; once the daemon's running, you can't use ntpdate to shift the clock. That is why ntpdate is normally run at startup, before the daemon starts.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • There are [security risks](https://blog.gaborszathmari.me/2015/11/11/tricking-google-authenticator-totp-with-ntp/) with using ```ntpdate``` (in an automated fashion) that may apply. Use of ```ntpdate``` should only be done by hand when you can verify that the resulting system time is sane when compared to the wall clock. – tgharold May 03 '16 at 14:10
  • As the second part of the linked article notes, "*ntpd and ntpdate are vulnerable to MITM attacks*". Configuring an NTP server (or servers) - whether to `ntpdate` **or** to `ntpd` - is trusting it not to lie about the time. If knowing the correct time is important to you (say, you're a TOTP OATH validator), then you should choose the servers you decide to trust with some considerable care. – MadHatter May 03 '16 at 14:35
  • Or use either the ```key``` option for symmetric keys or the [auto-key public-key authentication option](http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm) for ntpd. – tgharold May 04 '16 at 11:45