On Tue, 2005-04-19 at 17:34, Jason Dixon wrote:> Running CentOS 3.4, I enabled the ntpd service and noticed that it
> opens up a hole in the firewall for ntp from 127.127.1.0. I look in
> the ntpd initscript and see that it's reading in servers from
> /etc/ntp/step-tickers. However, that file is empty...
> /etc/ntp/ntpservers contains clock.redhat.com and clock2.redhat.com,
> but ntpservers isn't used *anywhere*.
> This looks like a bug, but maybe I'm overlooking something stupid. I
> reviewed the RHEL manuals, but they only reference the GUI utilities
> now (grrr).
>
> Any ideas a) where 127.127.1.0 is coming from (parsing bug?), or b) why
> the initscript doesn't reference /etc/ntp/ntpservers?
>
check /etc/ntp.conf, that's the default config file for the ntp daemon.
There you'll find "127.127.0.1" being the local ip for the local
clock
of your system. It's used as fallback timeserver if you don't provide a
regular one in /etc/ntp.conf. Add your favorite timeserver(s) in the
section:
# --- OUR TIMESERVERS -----
# or remove the default restrict line
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify \
notrap noquery
# server mytrustedtimeserverip
if you're using a hostname instead of ip, remove "mask
255.255.255.255"
or ntpd will not start (at least the last time I checked...)
If you configured the default redhat firewall the initscript
/etc/init.d/ntpd will open the ntp port for all servers configured in
/etc/ntp.conf (local clock and remote servers)
/etc/ntp/step-tickers is used to compensate an offset of more than the
default sanity limit of 1000s when starting ntpd by setting the time
hard once. Put the ip or hostname of your favorite timeserver(s) in the
file, one per line and the initscript will set the time to the one from
the server regardless which offset your system time has when starting.
If your time offset is more than 1000s to your configured ntpservers in
/etc/ntp.conf and you don't set any step-tickers, start of ntpd will
fail.
--
Jens Grigel
Citysavingsbank Munich, Germany
Dep. of Network and Security