Intro
I was experiencing some strange issues with one of my Debian boxes when trying to set up NTP client to synchronize against one of the Domain Controllers in my Active Directory infrastructure. After long time spent on troubleshooting and looking for a solution in the Internet I have finally found that it's a bug in ntp Debian package version 4.2.6.p2. To sum up, my infrastructure consists of the following boxes:
- NTP client: Debian 6.0 i386
- NTP server: Windows Server 2012 amd64
The following steps describe a detailed troubleshooting process both with a solution.
Symptoms
- When running ntpdate command in the regular mode the following output is thrown:
- When running ntpdate command in the debug mode the following output is thrown:
server:~# ntpdate -d 1.2.3.4
10 Apr 06:19:55 ntpdate[1005]: ntpdate 4.2.6p2@1.2194-o Sun Oct 17 13:45:14 UTC 2010 (1)
transmit(1.2.3.4)
receive(1.2.3.4)
transmit(1.2.3.4)
receive(1.2.3.4)
transmit(1.2.3.4)
receive(1.2.3.4)
transmit(1.2.3.4)
receive(1.2.3.4)
transmit(1.2.3.4)
1.2.3.4: Server dropped: no data
server 1.2.3.4, port 123
stratum 4, precision -6, leap 00, trust 000
refid [1.2.3.4], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: d50f73c8.1f5e08c9 Wed, Apr 10 2013 6:14:48.122
originate timestamp: d50f7501.3b86fe8c Wed, Apr 10 2013 6:20:01.232
transmit timestamp: d50f7501.3a373fb2 Wed, Apr 10 2013 6:20:01.227
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
10 Apr 06:20:03 ntpdate[1005]: no server suitable for synchronization found
Troubleshooting
- Check the version of ntp package installed by running the following command:
server:~# dpkg-query -l ntp
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-===============================-===============================-==============================================================================
ii ntp 1:4.2.6.p2+dfsg-1+b1 Network Time Protocol daemon and utility programs
- If the ntp version is 4.2.6.p2 then you're most probably affected by the bug mentioned above.
Solution
What's the most frustrating here is that there's no newer version of ntp available in stable repository. I've checked that and it's not even downloadable from the wheezy-backports repository while the wheezy release utilizes ntp version 4.2.6.p5 (details here). The only way for me to fix the issue was to upgrade from squeeze into wheezy then.
Debian upgrade itself is beyond the scope of this post. There are a lot of good HowTos that you may find in the Internet regarding the upgrade anyway. Attaching link into one of the simplest in my opinion.
During the upgrade process my ntp package was successfully upgraded into the 4.2.6.p5 version and now my NTP client works fine back:
server:~# ntpdate 1.2.3.4
10 Apr 07:35:47 ntpdate[16136]: step time server 1.2.3.4 offset 0.053471 sec
server:~# ntpdate -d 1.2.3.4
10 Apr 07:35:58 ntpdate[16263]: ntpdate 4.2.6p5@1.2349-o Sat May 12 09:07:19 UTC 2012 (1)
transmit(1.2.3.4)
receive(1.2.3.4)
transmit(1.2.3.4)
receive(1.2.3.4)
transmit(1.2.3.4)
receive(1.2.3.4)
transmit(1.2.3.4)
receive(1.2.3.4)
server 1.2.3.4, port 123
stratum 4, precision -6, leap 00, trust 000
refid [1.2.3.4], delay 0.04175, dispersion 0.00439
transmitted 4, in filter 4
reference time: d50f77c8.236e6e72 Wed, Apr 10 2013 7:31:52.138
originate timestamp: d50f78c4.8c643102 Wed, Apr 10 2013 7:36:04.548
transmit timestamp: d50f78c4.8b70c9ac Wed, Apr 10 2013 7:36:04.544
filter delay: 0.04175 0.04176 0.04187 0.04179
0.00000 0.00000 0.00000 0.00000
filter offset: -0.00309 -0.00623 0.006514 0.003438
0.000000 0.000000 0.000000 0.000000
delay 0.04175, dispersion 0.00439
offset -0.003097
10 Apr 07:36:04 ntpdate[16263]: adjust time server 1.2.3.4 offset -0.003097 sec
Hi guy,
ReplyDeleteYou saved my life; I wrote a procedure to my servers.
Thanks.
Paulo Deolindo
No need to dist-upgrade - this is not a bug in the package, but a simple security restriction in the default ntp.conf file.
ReplyDeleteSolution is easy: in /etc/ntp.conf just remove "nopeer" from the lines
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
Then restart ntpd:
service ntp restart
Now watch your server time syncing with the peers:
ntpq -np
@Anonymous:
DeleteThank you very much for your insight. Unfortunately I have no way to confirm your solution as I've already upgraded all my Debian instances to Wheezy. I have never forced such an issues before, neither on Debian, nor on Ubuntu.
FYI, I just did a fresh Wheezy installation and had to modify another default setting to get ntp running properly there.
ReplyDeleteSo, in addition to my instructions above, in /etc/default/ntp
change
NTPD_OPTS='-g -I lo'
to
NTPD_OPTS='-g'
and restart ntp.
I found solution without upgrade
ReplyDeletehttp://pkgs.org/debian-wheezy/debian-proposed-updates-main-amd64/ntpdate_4.2.6.p5+dfsg-2+deb7u3_amd64.deb.html
Add the following line to /etc/apt/sources.list:
deb http://ftp.debian.org/debian/ wheezy-proposed-updates main
Update the package index:
# sudo apt-get update
Install ntpdate deb package:
# sudo apt-get install ntpdate
But i had to do
# apt-get -f install
before install ntpdate. It seems all work right in system and time sync normal.