Setup NTPD in Ubuntu to sync Windows AD

ntpdubuntu-10.04

I am setting up my Ubuntu 10.0.4 server to sync clock with a Windows 2008 AD. As none of the "remote" has a "*" in front (worst it had a blank space in front), does it mean no time sync source is selected? The offset just keep increasing. I tried ntpdate to the same server it worked OK.

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 172.18.133.201  .LOCL.           1 u   38   64  377    0.827  277.677  58.375

Any help to fix this?

Here is my ntp.conf (with all comments removed)

driftfile /var/lib/ntp/ntp.drift     

statistics loopstats peerstats clockstats

filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

restrict 127.0.0.1
restrict ::1

server 172.18.133.201 iburst

Here is result of ntpdata, ntpq and ntptime:

master@ds02:~$ ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 172.18.133.201  .LOCL.           1 u   38   64  377    1.094  527.521   8.092
master@ds02:~$
master@ds02:~$ ntpdc -c sysstat
time since restart:     15349
time since reset:       15349
packets received:       2163
packets processed:      246
current version:        0
previous version:       246
bad version:            0
access denied:          0
bad length or format:   0
bad authentication:     0
rate exceeded:          0

master@ds02:~$ ntpdate -d 172.18.133.201
18 Sep 13:51:42 ntpdate[12661]: ntpdate 4.2.4p8@1.1612-o Tue Apr 19 07:08:19 UTC 2011 (1)
Looking for host 172.18.133.201 and service ntp
host found : windc01.dom01.com
transmit(172.18.133.201)
receive(172.18.133.201)
transmit(172.18.133.201)
receive(172.18.133.201)
transmit(172.18.133.201)
receive(172.18.133.201)
transmit(172.18.133.201)
receive(172.18.133.201)
transmit(172.18.133.201)
server 172.18.133.201, port 123
stratum 1, precision -6, leap 00, trust 000
refid [LOCL], delay 0.04182, dispersion 0.00066
transmitted 4, in filter 4
reference time:    d40246c6.e7e11e93  Tue, Sep 18 2012  9:03:02.905
originate timestamp: d4028a6f.6657e747  Tue, Sep 18 2012 13:51:43.399
transmit timestamp:  d4028a6e.dc7980f5  Tue, Sep 18 2012 13:51:42.861
filter delay:  0.04202  0.04189  0.04182  0.04193
         0.00000  0.00000  0.00000  0.00000
filter offset: 0.540268 0.539520 0.538873 0.538204
         0.000000 0.000000 0.000000 0.000000
delay 0.04182, dispersion 0.00066
offset 0.538873    
18 Sep 13:51:42 ntpdate[12661]: step time server 172.18.133.201 offset 0.538873 sec

master@ds02:~$ ntptime
ntp_gettime() returns code 5 (ERROR)
  time d4028a79.7d1947a0  Tue, Sep 18 2012 13:51:53.488, (.488667603),
  maximum error 7705516 us, estimated error 16 us
ntp_adjtime() returns code 5 (ERROR)
  modes 0x0 (),
  offset 0.000 us, frequency 0.000 ppm, interval 1 s,
  maximum error 7705516 us, estimated error 16 us,
  status 0x2040 (UNSYNC,NANO),
  time constant 0, precision 0.001 us, tolerance 500 ppm,

ntpq's rv result:

ntpq> rv 45516
assID=45516 status=9014 reach, conf, 1 event, event_reach,
srcadr=windc01.dom01.com, srcport=123, dstadr=172.18.133.53,
dstport=123, leap=00, stratum=1, precision=-6, rootdelay=0.000,
rootdispersion=10300.171, refid=LOCL, reach=001, unreach=1, hmode=3,
pmode=4, hpoll=6, ppoll=6, flash=400 peer_dist, keyid=0, ttl=0,
offset=746.777, delay=0.587, dispersion=15.594, jitter=7.193,
reftime=d40246c6.e7346994  Tue, Sep 18 2012  9:03:02.903,
org=d402a6d2.ec1198ae  Tue, Sep 18 2012 15:52:50.922,
rec=d402a6d2.2cf807c0  Tue, Sep 18 2012 15:52:50.175,
xmt=d402a6d2.2cd18fe0  Tue, Sep 18 2012 15:52:50.175,
filtdelay=     0.59    0.64    0.59    0.65    0.61    0.67    0.50    0.65,
filtoffset=  746.78  749.88  753.20  756.30  759.51  747.08  750.40  753.52,
filtdisp=     15.63   15.66   15.69   15.72   15.75   15.78   15.81   15.84

Best Answer

Yeah, it means no time source is being selected. The refid shows local, have you commented out local fudge clock lines in your ntp.conf file.

Also, I know from experience that there are issues while syncing with windows AD servers, I have seen this myself in case of RHEL servers getting time from windows AD. What timesource the AD server is using. Can you omit the AD server and use some public pool NTP server to see that in fact it is not a problem with NTP server, before debugging the client.

If you are determined to sync between the AD server and the ubuntu machine, then following output might help.

ntpq -pn

ntpdc -c sysstat

ntpdate -d <time-server-ip>

ntptime

Run ntpq in root prompt and then in the shell run these. associations rv

This should give some other clues.

Related Solutions

Linux – How to configure ntpd to sync time more frequently

The iburst option does several checks quickly as soon as the daemon is started and whenever the server is unreachable if you have that in your configuration. The burst option does several checks quickly whenever the server is reachable.

By default ntpd then follows an exponential backoff where the time between checks progressively increases, starting at 64 seconds and doubling each time, up to a maximum of 1024 seconds.

The maxpoll option allows you to set the maximum value higher or lower. This value is the power of 2 in seconds between checks, so for 1024 seconds, maxpoll is 10. There is also minpoll which is 6 by default and can be lowered to 4.

If you want anything more frequent than every 16 seconds you will probably need to use ntpdate instead of ntpd and run your own loop.

Please don't aim this at public time servers without contacting the maintainers first.

Ubuntu – ntpd doesn’t seem to sync at all

It appears you are inside network which limits access to ntp servers. Of the six time servers you have specified you are only getting time from one. However, all is not lost.

Try using local time sources. I find reliable NTP sources are common. Often your router and DNS servers will provide a reliable time source. If an dedicated ntp server is available, it is often called ntp or ntp1. If the local domain is example.com then you would find it as ntp.example.com.

For your master server consider using its clock as a time source. Setting is stratum in the range 8 to 12 makes it a useful backup but won't override real sources. This may not be an accurate time source, but can be used as common fallback time source for all your systems. Even if you can't get a good time source, you can at least sync all your systems to the same time source.

# ... and use the local system clock as a reference if all else fails
server  127.127.1.0
fudge   127.127.1.0 stratum 8

It is also possible to use some GPS units as a time source. One of my time sources claims gps as its time source. You can start with the NTP Reference Clocks documentation if you need to use this approach.

Use the command ntpq -p or ntpdc -c peers to check the reliability of your time sources. You can add a hostname to query your peers, although they may be configured not to respond.

You can use ntpdate in debug mode to scan the local network for ntp servers. However, you may find some rouge servers which are highly inaccurate. (One network scan I did found many srtatum 0 servers with clocks that were a day or more off the current date.) Look for a moderately low stratum (2 to 4) with an accurate time. Checking the peers of server at stratums above 3 may help you discover accessible time sources.

Best Answer

Related Solutions

Linux – How to configure ntpd to sync time more frequently

Ubuntu – ntpd doesn’t seem to sync at all

Related Topic