Hi,
I had configured NTP before. I remember I don't need to do lots of configurations. I am not sure, why my servers are not getting synchronize with NTP server which is in our Headquater. I am at branch site.
Previously we have our own NTP server now we are changing our NTP configuration to NTP server at Headquarter.

Below is my configurations-
cat /etc/ntp.conf

restrict 127.0.0.1

server lin1.timeserver.com iburst maxpoll 6
server lin2.timeserver.com iburst maxpoll 6
server lin3.timeserver.com iburst maxpoll 6

server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10

driftfile /var/lib/ntp/drift
keys /etc/ntp/keys

After ntpd service restart, if I check the status, My server synchronize Locally instead of lin1 server-

[root@Myserver]# ntpstat
synchronised to local net at stratum 11
time correct to within 12 ms
polling server every 1024 s

If I query the tcpdump, I am receiving packets-

[root@Myserver ~]# tcpdump udp port 123
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:12:05.057082 IP Myserver.engineering.com.ntp > 10.10.1.5.ntp: NTPv4, Client, length 48
13:12:05.125619 IP 10.10.1.5.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48
13:12:24.056917 IP Myserver.engineering.com.ntp > 10.30.1.2.ntp: NTPv4, Client, length 48
13:12:24.085534 IP 10.30.1.2.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48

4 packets captured
4 packets received by filter
0 packets dropped by kernel

Questions-
I don't have an access to the server, neither I know the configuration of the server. Do we need to add my network (10.70.0.0/16) in NTP server?
What is <restrict> in NTP server?Is it the low restrict to the specific networks?eg- in ntp.conf file--
restrict 127.0.0.1

Thanks in

Do you connect to the headquarter over the internet?

Thanks for replying,

No, we are connected over intranet. But the intranet is provided by ISP.

Try this:

restrict default noquery nomodify
restrict 127.0.0.1
restrict 10.70.0.0 mask 255.255.0.0
fudge 127.127.1.0 stratum 10
server 127.127.1.0 # local clock
server lin1.timeserver.com iburst maxpoll 6
server lin2.timeserver.com iburst maxpoll 6
server lin3.timeserver.com iburst maxpoll 6
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys


Note that, depending on circumstances, it can take as much as 5 minutes or more before it actually locks onto a server and quits the local clock.

Another potential problem is the keys. You are using a secured ntp server and the keys will be different than they were with the old server. Make sure you have new keys generated for the headquarters server.

Thanks for your reply,
Yes, it take around 5 minutes but still it is synchronize locally, But if I tcpdump and query the packets, it is sending and receiving packets to timeserver-

[root@Myserver ~]# tcpdump udp port 123
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:51:21.413150 IP Myserver.engineering.com.ntp > 10.30.1.2.ntp: NTP v4, Client, length 48
10:51:21.492043 IP 10.30.1.2.ntp > Myserver.engineering.com.ntp: NTP v3, Server, length 48
10:51:22.413869 IP Myserver.engineering.com.ntp > 10.10.1.5.ntp: NTP v4, Client, length 48
10:51:22.450006 IP 10.10.1.5.ntp > Myserver.engineering.com.ntp: NTP v3, Server, length 48
10:52:20.413794 IP Myserver.engineering.com.ntp > 10.30.1.1.ntp: NTP v4, Client, length 48
10:52:20.429561 IP 10.30.1.1.ntp > Myserver.engineering.com.ntp: NTP v3, Server, length 48
10:52:25.412996 IP Myserver.engineering.com.ntp > 10.10.1.5.ntp: NTPv4, Client, length 48
10:52:25.691622 IP 10.10.1.5.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48
10:52:26.412392 IP Myserver.engineering.com.ntp > 10.30.1.2.ntp: NTPv4, Client, length 48
10:52:26.680315 IP 10.30.1.2.ntp > Myserver.engineering.com.ntp: NTPv3, Server, length 48

where- 10.30.1.1 is lin1 timeserver.

But if I query the satus-

[root@Myserver ~]# ntpstat
synchronised to local net at stratum 6
time correct to within 74 ms
polling server every 64 s


I checked in NTP, there was nothing, neither before nor after changing the configuration--

[root@Myserver ~]# cat /etc/ntp/keys
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE.
#
#65535 M akey
#1 M pass

Thanks.

And what about the security keys? Did you check with HQ and get the keys?

No, they don't have security key. Can we synchronize Linux server to Windows Domain Controllers ?

Post the output of the command:
ntpq -pn

Are other clients able to synch time with the server?

[root@Myserver ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
10.30.1.1 .LOCL. 1 u 55 64 17 15.030 5167.30 172.344
*LOCAL(0) .LOCL. 10 l 51 64 17 0.000 0.000 0.001


[root@Myserver ~]# ntpstat
synchronised to local net at stratum 11
time correct to within 949 ms
polling server every 64 s

Where 10.30.1.1 is the Time server which is located at headquarter. Other clients are not able to synch time with the server too.

Since the offset is to high the client will not sync with the server. Do you have any idea how the new time server was configured?

What linux distribution / version runs on the clients?

Here is some useful information:
http://www.eecis.udel.edu/~mills/ntp/html/debug.html

No, I don't have an idea how the new time server was configured. CentOS 5 is runs on the clients.

Can we sync our CentOS server to Windows time server?

net time set -I ipaddressofyouradserver

http://www.tutorialspoint.com/unix_commands/net.htm

Did you ever find out how the server was configured? Is it a virtual machine?