I am trying to setup my Debian 6 (Squeeze) VM to act as a local time server for my network. I have it set to sync with tock.usno.navy.mil
which is a stratum 1 server.
I am having some problems finding any information on how to setup the ntp daemon to serve the time to clients requesting the time. I have looked through the ntpd man page and that was probably the best doc I found. support.ntp.org was pretty much useless to me, the documentation I found was talking more about how NTP works not how to configure a server.
I also noticed I am not getting anything in my logs about being synced with the server that I am listed.
Any help anyone can offer would be great, I am not sure what is wrong. I am sure it is something I am doing. I had a previous time server running but my SAN blew up and I was not making backups since it was for testing. So I have no old config to look at.
Here is a copy of ntp.conf
since there is nothing in here that has a any personal information I thought posting might help.
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server tock.usno.navy.mil iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 10.0.0.0 mask 255.255.255.0 notrap nomodify
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
Here the output from ntpq -p
root@ns01:/home/ns01# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
ntp1.usno.navy. .USNO. 1 u 43 64 1 34.747 -2891.0 1669.51
Output from iptables
Output from `iptables -L -n -v`
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Update
When I remove the line restrict 10.0.0.0 mask 255.255.255.0 notrap nomodify
from my config ntp seems to spring to life. This is what I see now when I look at ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
-barricade.rack9 209.51.161.238 2 u 39 64 377 37.887 -2977.7 3.180
*gallifrey.chpc. 92.113.67.127 2 u 26 64 377 68.155 -2969.0 3.024
+clock.trit.net 204.34.198.41 2 u 2 64 377 83.146 -2972.0 3.756
+ntp1.Housing.Be 169.229.128.214 3 u 63 64 377 105.803 -2972.6 2.698
Test Desktop ifconfig output (requested by MadHatter)
eth0 Link encap:Ethernet HWaddr 08:00:27:59:2d:3a
inet addr:10.0.0.21 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe59:2d3a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:62103 errors:0 dropped:0 overruns:0 frame:0
TX packets:51822 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10339609 (9.8 MiB) TX bytes:7249927 (6.9 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:56 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5066 (4.9 KiB) TX bytes:5066 (4.9 KiB)
Best Answer
You need to insure that udp port 123 is open inbound to your server from your LAN and back out to your LAN from your server.
Also, you can check the status of your server's sync by running
"ntpq -p"
I'd recommend adding at least three upstream servers to your config.
Try pointing one of your clients to your server via "ntpdate servername" and see what happens.