Can't seem to set up NTP on my server

Avatar · 03-14-2016, 07:24 PM

Hi all,

I have a really ancient Linux server that acts as a proxy for my network. Today I decided to set it up as an NTP server thinking it wouldn't be that hard, and it would be very useful to have a local time server.

As a background I set this server up, but only log into it once every 2 years or so, so my "Linux" is very rusty. Please bear with me!

The server is Ubuntu (Edgy, I think) with kernel 2.6.17-10-generic x86_64.

I ran apt-get install ntp. It says it ran successfully. Following a tutorial from the interwebs, I then tried to edit my /etc/ntp.conf file only to discover it doesn't exist. In fact, none of the commands from the tutorial worked except for "ntpdate" (which says "no servers can be used, exiting").

My "ntpd" service is NOT running. I get "ntpq: read: Connection refused" when I try ntpq. According to my research this means my service is stopped (or maybe even not installed?)

So I created an /etc/ntp.conf file and a drift file (to no effect), but I can't even get the ntp service running.

I've just spent the last hour and all the articles and tutorials I could find indicated that I should in fact have access to ntpq and I should also have an /etc/ntp.conf file. I should also be able to start the service using /etc/init.d/ntpd which also does not exist.

I admit defeat... can someone help me to figure out where I went wrong?

tronayne · 03-15-2016, 08:04 AM

Just a thought, have you looked in /usr/local for the package? Try

Code:

find / -type f -name ntp.conf 2>/dev/null

Sometimes stuff goes where it ain't supposed to be.

Sorry I can't help with yum or any *buntu things (haven't a clue), you might have yum syntax or a permission problem (were you downloading as root? it does write all over /etc and a few other places user cannot write to). Maybe su - or sudo?

As a last resort, go to http://www.ntp.org/downloads.html, get the source and build it. You may have problems with library versions and the like, though, if your server is too far out of date. The source builds with "configure, make, make install" and you need to be super user to install.

Hope this helps some.

michaelk · 03-15-2016, 08:14 AM

If you do not have /usr/sbin/ntpd, /etc/ntp.conf or a /etc/init.d/ntp start up script then it was not installed successfully. Although, I am surprised that you have the ntpq utility. If your not running a current version the main repositories are not available anymore. Have you thought about installing a current LTS version?

Avatar · 03-15-2016, 09:23 AM

Hi all, thanks for the replies. Yes I did try find, but it only shows the /etc/ntp.conf that I created (before I did that, it didn't find anything and I was searching under /)

Yes, I installed as root. I will try to download and compile the source when I am back in front of the server tomorrow. I will post back on how that goes!

Yes, I have considered installing a new LTS version, but the problem is that the server has ReiserFS so it would basically need to be re-built from scratch. As I don't have any assistants who know what they are doing

it would take me a long time. I am still planning on doing it, but in the meantime the server is actually running great until I get the bright idea to change something and old versions are hard to find.

Avatar · 03-16-2016, 07:45 PM

Okay, so here's what I did.

I uninstalled my ntp-4.2.0 version that I had installed with apt-get.

I installed ntp-4.2.8 from source using this tutorial http://www.linuxfromscratch.org/blfs...icnet/ntp.html (although to get it to configure/make successfully, I had to install the package libcap-dev, which is not listed in the tutorial.)

I believe the install ran successfully; at least, no fatal errors were reported and it seemed to drop me back to a command prompt happily. However, I *still* don't have an /etc/ntp.conf file. (In fact, I did a "find / -name ntp.conf" which says I don't have one anywhere).

The ntpd appears to be installed and ntpq -p says "No association ID's returned" so I think the install worked. Any ideas how I can configure it with time servers and get it working?

michaelk · 03-16-2016, 09:55 PM

You will need to manually create a /etc/ntp.conf file. The you can see if it will start.
ntpd -g

Code:

server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1  

driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log

tronayne · 03-17-2016, 07:17 AM

Here's a sample /etc/ntp.conf file you can use -- you will need to uncomment one or more of the pool servers (one isn't enough, two is OK, three is better, four is overkill -- typically use three) and check to see that /var/lib/ntp and /var/log/ntp exist (if they don't you can create them or check to see if /etc/ntp exists and leave the drift file in /etc/ntp as defined in the sample. Logging is not turned on unless there is a logfile in ntp.conf (you really don't need it and you'll want to clean it out with an appropriate entry in /etc/logrotate.d; I'd leave it off).

You do want to have the local clock at the top of the sample file; read the comments for the reason why but those two lines are there to keep NTP ticking when your network goes away and it will restart by itself when the network connection comes back.

You will either have /etc/ntp or /var/lib/ntp that's where your drift file, ntp.keys file and step-tickers file will be. NTP keeps track of clock drift and, over time, uses the value found in step-tickers to adjust your system clock so it will stay on time. The install created ntp.keys and step-tickers, after NTP has been running for some time it will create the drift file.

Anyway, here's the configuration file:

Code:

# Sample /etc/ntp.conf:  Configuration file for ntpd.
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server	127.127.1.0	# local clock
fudge	127.127.1.0 stratum 10	

#
# NTP server (list one or more) to synchronize with:
#server 0.pool.ntp.org iburst
#server 1.pool.ntp.org iburst
#server 2.pool.ntp.org iburst
#server 3.pool.ntp.org iburst

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift

#
# Uncomment to use a multicast NTP server on the local subnet:
#multicastclient 224.0.1.1		# listen on default 224.0.1.1
# Set an optional compensation for broadcast packet delay:
#broadcastdelay	0.008

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.
#
#keys		/etc/ntp/keys
#trustedkey	65535
#requestkey	65535
#controlkey	65535

#
# Don't serve time or stats to anyone else by default (more secure)
restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery

#
# Use these lines instead if you do want to serve time and stats to
# other machines on the network:
#restrict default limited kod nomodify notrap nopeer
#restrict -6 default limited kod nomodify notrap nopeer

#
# Disable the ntpdc -c monlist command, which is insecure and can be used
# to cause a denial of service attack (CVE-2013-5211). Future versions of
# NTP will remove this command.
# (this feature was disabled by default with ntpd 4.2.7p230)
disable monitor

#
# Trust ourselves.  :-)
restrict 127.0.0.1
restrict ::1

Note the comments in the file and, pretty much, leave it alone and you should be up and going (just remember to uncomment three of the servers).

Hope this helps some.

Avatar · 03-22-2016, 07:49 PM

Okay! Between both of your answers I was able to get it working (I think). I did have to reboot the server because ntpd refused to start (with "unable to bind to wildcard address" - resolved by rebooting).

My clock appears to be accurate for the first time in I don't know how long (it was off by about 11 minutes when I started, so this is great)

Thanks for all of your help.

Coop31 · 04-01-2016, 08:59 AM

Do not forget that it is better to procrastinate with adding restrict synchronizing before NTP starts working the way it should be. The program will correct the real time of your system , but you can do the checking by to correct the time. For example, if your computer's time is late, the program must correct it right away. However, this may lead to issues due to such an intensive intervention with abovementioned changes followed by. Any time sensitive software risks to access authorization denied or withdrawn, that is why the NTP daemon slowly changes the time to avoid disruption. Find more useful info here