ntpd refusing connections

theking2 · 2015-08-26 18:22:22

I have a /etc/ntpd.conf

# Please consider joining the pool:
#
#     http://www.pool.ntp.org/join.html
#
# For additional information see:
# - https://wiki.archlinux.org/index.php/Network_Time_Protocol_daemon
# - http://support.ntp.org/bin/view/Support/GettingStarted
# - the ntp.conf man page

# Associate to Arch's NTP pool
server 0.ch.pool.ntp.org
server 1.ch.pool.ntp.org
server 2.ch.pool.ntp.org
server 3.ch.pool.ntp.org
fudge 192.168.111.8 stratum 12

# By default, the server allows:
# - all queries from the local host
# - only time queries from remote hosts, protected by rate limiting and kod
restrict default kod limited nomodify nopeer noquery notrap
# Location of drift file
driftfile /var/lib/ntp/ntp.drift

logfile /var/log/ntp.log

Yet connections are refused from my windows client and a telnet to host:123 informs of a connection refused
The ntpd service is started and reports no errors.

Aug 26 20:19:55 janus systemd[1]: Starting Network Time Service...
Aug 26 20:19:55 janus ntpd[4019]: ntpd 4.2.8p3@1.3265-o Wed Jul  1 15:59:39 UTC 2015 (1): Starting
Aug 26 20:19:55 janus systemd[1]: Started Network Time Service.
Aug 26 20:19:55 janus ntpd[4020]: proto: precision = 0.376 usec (-21)
Aug 26 20:19:55 janus ntpd[4020]: switching logging to file /var/log/ntp.log

Last edited by theking2 (2015-08-29 11:46:47)

theking2 · 2015-08-27 18:58:56

ok ntpq -p gives

No association ID's returned

I'm at a loss. NTP has been working for 15 years without a problem. Was there a recent package update?

theking2 · 2015-08-27 19:23:20

I see this in /var/log/ntp.log

27 Aug 21:17:21 ntpd[3178]: Listen normally on 5 eth0 [fe80::227:eff:fe08:1726%2]:123
27 Aug 21:17:21 ntpd[3178]: Listening on routing socket on fd #22 for interface updates
27 Aug 21:20:53 ntpd[3178]: ntpd exiting on signal 15 (Terminated)
27 Aug 21:20:53 ntpd[3623]: Listen and drop on 0 v6wildcard [::]:123
27 Aug 21:20:53 ntpd[3623]: Listen and drop on 1 v4wildcard 0.0.0.0:123
27 Aug 21:20:53 ntpd[3623]: Listen normally on 2 lo 127.0.0.1:123
27 Aug 21:20:53 ntpd[3623]: Listen normally on 3 eth0 192.168.111.8:123
27 Aug 21:20:53 ntpd[3623]: Listen normally on 4 lo [::1]:123
27 Aug 21:20:53 ntpd[3623]: Listen normally on 5 eth0 [fe80::227:eff:fe08:1726%2]:123
27 Aug 21:20:53 ntpd[3623]: Listening on routing socket on fd #22 for interface updates

but ntpq -p 192.168.111.8 gives

No association ID's returned

and I see no additional entries in log

Last edited by theking2 (2015-08-29 11:47:27)

Painless · 2015-08-27 19:56:51

The package ntp uses /etc/ntp.conf, not /etc/ntpd.conf (which is used by openntpd). Which service do you actually have running?

theking2 · 2015-08-29 10:16:48

That was a typo: all config is done in /etc/ntp.conf

ntpd 4.2.8p3@1.3265-o Wed Jul  1 15:59:39 UTC 2015 (1)

Painless · 2015-08-29 11:30:04

There was a similar problem reported a while back - does this help you?

theking2 · 2015-08-29 11:48:16

Thanks painless, yes I looked at that to. But the thread contains quite some false pointers.

reinstalling had no effect
setting the owner of ntp.conf to ntp:ntp no effect
setting mod to 644 no effect
removing "-g" from the command line in ntpd.service no effect

I have not made any change to the ntp.conf file since installation and it worked for over a decade.

What might have caused a problem was installing squid, the only major change to the server, but I've removed it again just to be sure. I rather have the correct time than an unnoticeable faster internet.

Last edited by theking2 (2015-08-29 12:38:46)

ratcheer · 2015-08-29 13:54:27

I fought the problem for weeks (several months ago). No suggested solution worked for me. I finally gave in and switched to systemd-timesyncd.

What was so weird, to me, was that I could run a one time shot of ntp to any of the time servers with no failures. But, the daemon would not associate to them.

Tim

Last edited by ratcheer (2015-08-29 13:57:04)

Painless · 2015-08-29 14:24:51

The only significant difference in my ntp.conf file is the fudge line:

fudge  127.127.1.0 stratum 10

(Using a localhost address instead of a NIC IP address)

Other than that, the only thing I can think of is to check your NTP server's networking - DNS/internet access/routing.

ghen · 2015-08-29 16:44:19

127.127.1.0 refers to ntpd's local clock driver and is not a real network address. (The "fudge" line puts that time source in a higher stratum in case you'd lose your network time sources and end up serving your local clock to the network. So not relevant to your problem.)

Is ntpd listening on the network at all? What does "netstat -lnp | grep :123" (as root) show?

"telnet 123" is not relevant - NTP is a udp service, telnet is tcp.

Last edited by ghen (2015-08-29 16:46:32)

theking2 · 2015-08-30 08:37:37

Thanks Ghen

Ports are used:

udp        0      0 192.168.111.8:123       0.0.0.0:*                           -
udp        0      0 127.0.0.1:123           0.0.0.0:*                           -
udp        0      0 0.0.0.0:123             0.0.0.0:*                           -
udp6       0      0 fe80::227:eff:fe08::123 :::*                                -
udp6       0      0 ::1:123                 :::*                                -
udp6       0      0 :::123                  :::*                                -

Painless · 2015-09-04 18:53:48

I have similar output for netstat (you didn't run it as root, I guess). ntpd seems fine anyway. Could it be a firewall or network issue?

theking2 · 2015-09-06 07:41:35

output for netstat as root:

udp        0      0 192.168.111.8:123       0.0.0.0:*                           813/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           813/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           813/ntpd
udp6       0      0 fe80::227:eff:fe08::123 :::*                                813/ntpd
udp6       0      0 ::1:123                 :::*                                813/ntpd
udp6       0      0 :::123                  :::*                                813/ntpd

I don't think it is a f/w issue as the command

ntpdate pool.ntp.org

responses with

 6 Sep 09:32:35 ntpdate[12099]: step time server 192.33.96.102 offset 12.557004 sec

I had to stop the ntpd in order to run the command. That means, the NTP socket was in use. It also means that ntpd did not sync the time for a while as the time was off by more that 12 sec (!).

Painless · 2015-09-06 09:55:30

Sorry, I wasn't very clear. What I meant was, do you have a firewall running on your NTP server? What is the output (as root) of:

iptables -S

theking2 · 2015-10-02 16:18:05

iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Arch Linux

#1 2015-08-26 18:22:22

ntpd refusing connections

#2 2015-08-27 18:58:56

Re: ntpd refusing connections

#3 2015-08-27 19:23:20

Re: ntpd refusing connections

#4 2015-08-27 19:56:51

Re: ntpd refusing connections

#5 2015-08-29 10:16:48

Re: ntpd refusing connections

#6 2015-08-29 11:30:04

Re: ntpd refusing connections

#7 2015-08-29 11:48:16

Re: ntpd refusing connections

#8 2015-08-29 13:54:27

Re: ntpd refusing connections

#9 2015-08-29 14:24:51

Re: ntpd refusing connections

#10 2015-08-29 16:44:19

Re: ntpd refusing connections

#11 2015-08-30 08:37:37

Re: ntpd refusing connections

#12 2015-09-04 18:53:48

Re: ntpd refusing connections

#13 2015-09-06 07:41:35

Re: ntpd refusing connections

#14 2015-09-06 09:55:30

Re: ntpd refusing connections

#15 2015-10-02 16:18:05

Re: ntpd refusing connections

Board footer