The ntpstat command output shows “unsynchronised”:
# ntpstat unsynchronised time server re-starting
The “ntpq -p ” command output shows none of ntp servers is chosen:
# ntpq -p ========================================== remote refid st t when poll reach delay offset jitter =============================================== ntp-server .INIT. 16 u - 16 0 0.000 0.000 0.000 ntp-server .INIT. 16 u - 16 0 0.000 0.000 0.000
The as command output shows both ntp servers are rejected:
# ntpq> as ind assID status conf reach auth condition last_event cnt =========================================================== 1 54459 8000 yes yes none reject 2 54460 8000 yes yes none reject
The rv command output shows both ntp servers are in “unreach” status:
# ntpq> rv 54459 assID=54459 status=8000 unreach, conf, no events, srcadr=, srcport=123, dstadr=x.x.x.x, dstport=123, leap=11, ..........
# ntpq> rv 54460 assID=54460 status=8000 unreach, conf, no events, srcadr=, srcport=123, dstadr=x.x.x.x, dstport=123, leap=11, ..........
The Solution
“restrict default ignore” in ntp configuration file prevents the access from remote ntp server. The ntp configuration file is as following:
# cat /etc/ntp.conf restrict default kod nomodify notrap nopeer noquery ignore restrict -6 default kod nomodify notrap nopeer noquery ignore ...
“restrict default ignore” will prevent access not only from all clients but also from all remote ntp servers.
Solution 1
1. Edit /etc/ntp.conf and modify the configuration to allow unrestricted access from all machines:
Change from:
restrict default kod nomodify notrap nopeer noquery ignore restrict -6 default kod nomodify notrap nopeer noquery ignore
To
restrict default restrict -6 default
2. Restart ntpd service:
# service ntpd restart
3. Wait for a few minutes, then run “ntpq -p” to check if it works.
Solution 2
1. Edit /etc/ntp.conf and modify the configuration to allow unrestricted access from a specific ntp server:
Change from:
restrict default kod nomodify notrap nopeer noquery ignore restrict -6 default kod nomodify notrap nopeer noquery ignore
To
restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict xxx.xxx.xxx.xxx (IP address of a specific ntp server)
2. Restart ntpd service:
# service ntpd restart
3. Wait for a few minutes, then run “ntpq -p” to check if it works.