[Samba] Follow up info Re: SOLVED Re: ntpq -p ***Request timed out
L.P.H. van Belle
belle at bazuin.nl
Mon Mar 2 00:27:52 MST 2015
> The "ntp" portion is creating a 'interface ignore ipv6' entry in the
> /etc/ntp.conf file.
That is one of the options you can configure..
## restrict ntpd bind to which interfaces.
## choose, multple options are allowed.
## the options are: lo eth(0..9) wildcard ipv6
NTPD_RESTRICT_INTERFACE="lo eth0"
NTPD_RESTRICT_INTERFACE_IGNORE="wildcard ipv6"
I'll add more info here.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: bob at donelsontrophy.net
>[mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson Trophy
>Verzonden: zondag 1 maart 2015 15:58
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Follow up info Re: SOLVED Re: ntpq -p
>***Request timed out
>
>
>
>I have discovered specifically why this happens.
>
>Some parts of scripts have been shared and used back and forth. This
>issue is within the scripts.
>
>The "ntp" portion is creating a 'interface ignore ipv6' entry in the
>/etc/ntp.conf file.
>
>I think the issue is in this part of the code:
>
>## restrict ntpd to interfaces
>for i in ${NTPD_RESTRICT_INTERFACE} ; do
> echo " " >> /etc/ntp.conf
> echo "interface listen ${i}" >> /etc/ntp.conf
> done
>for i2 in ${NTPD_RESTRICT_INTERFACE_IGNORE} ; do
> echo "interface ignore ${i2}" >> /etc/ntp.conf
> done
>
>The "i2" portion of the code seems to create both a 'wildcard' and
>'ipv6' entry. Commenting out the 'ipv6' entry, restart 'ntp' and 'ntpq
>-p' then works properly. (I might be wrong.)
>
>Simply put, it is timing out because I do not have a "ipv6" setup on my
>machines.
>
>Just thought I should let someone know.
>
>---
>
>-------------------------
>
>Bob Wooden of Donelson Trophy
>
>615.885.2846 (main)
>www.donelsontrophy.com [1]
>
>"Everyone deserves an award!!"
>
>On 2015-02-13 13:48, Bob of Donelson Trophy wrote:
>
>> Thank you, Rowland.
>>
>> Copied your simpler ntp.conf file into my member server. Made the
>> appropriate changes. Restarted all the ntp service on all
>machines (just
>> in case.) Ran 'ntpq -p' (on member server) and got the
>correct answer.
>> Proper connection to DC's.
>> ---
>>
>> -------------------------
>>
>> Bob Wooden of Donelson Trophy
>>
>> 615.885.2846 (main)
>> www.donelsontrophy.com [1] [1 [1]]
>>
>> "Everyone deserves an award!!"
>>
>> On 2015-02-13 11:50, Rowland Penny wrote:
>>
>>> On 13/02/15 17:26, Bob of Donelson Trophy wrote: Copied
>Roweland's DC ntp.conf file into my two DC's. Restarted (all)
>ntp. Member still timing out! (I am starting to think that
>there is 'something' about the sernet packages that "they" do
>differently.) Rowland, Could I ask you to copy the ntp.conf
>from your client (appears to be your laptop) so I could review
>it's contents? --- ------------------------- Bob Wooden of
>Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1]
>[1 [1]] [1 [1]] "Everyone deserves an award!!" On 2015-02-13
>10:55, Rowland Penny wrote: On 13/02/15 16:43, Bob of Donelson
>Trophy wrote: Made the suggested adjustments (4 locations in
>the member server ntp.conf file) and restarted ntp. Still
>(member server) timing out. Not sure what you mean about
>removing "server 0.debian.pool.ntp.org iburst" lines. Those on
>the DC's. Aren't they necessary? Running 'ntpq -p' on DC's
>results in correct response. --- ------------------------- Bob
>Wooden of Donelson
> Trophy
>615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] [1
>>
>> [1]] [3
>> [1]] "Everyone deserves an award!!" On 2015-02-13 10:06,
>L.P.H. van Belle wrote: bob. server dc02.dts***m.lan. iburst
>prefer server dc01.dts***m.lan. iburst prefer remove the .
>after lan and try like this server dc02.dts***m.lan server
>dc01.dts***m.lan and optional, i advice, remove all lines :
>server 0.debian.pool.ntp.org iburst Louis '
>-----Oorspronkelijk bericht----- Van: bob at donelsontrophy.net
>[mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson
>Trophy Verzonden: vrijdag 13 februari 2015 16:56 Aan: SAMBA
>MailList Onderwerp: [Samba] ntpq -p ***Re
>>
>> q
>> uest timed out I have two DC's running Version
>4.1.16-SerNet-Debian-9.wheezy and a member server running
>Version 4.1.11-Debian. When I 'ntpq -p' from the member server
>I get: localhost: timed out, nothing received ***Request timed
>out Member server ntp.conf file: cat /etc/ntp.conf # Local
>clock (this is not the localhost address!) server 127.127.1.0
>fudge 127.127.1.0 stratum 10 # The source, where we are
>receiving the time from (PDC) server dc02.dts***m.lan. iburst
>prefer server dc01.dts***m.lan. iburst prefer driftfile
>/var/lib/ntp/ntp.drift logfile /var/log/ntp # Access control #
>Default restriction restrict default ignore # Allow everything
>from localhost restrict 127.0.0.1 # Allow that our time source
>can only provide time and do nothing else rest r ict
>dc02.dts***m.lan. mask 255.255.255.255 nomodify notrap nopeer
>noquery restrict dc01.dts***m.lan. mask 255.255.255.255
>nomodify notrap nopeer noquery The ntp.conf from one of the
>DC's: cat /etc/ntp.conf # /etc/ntp.conf,
>configuration for ntpd; see ntp.conf(5) for help driftfile
>/var/lib/ntp/ntp.drift # Enable this if you want statistics to
>be logged. #statsdir /var/log/ntpstats/ statistics loopstats
>peerstats clockstats filegen loopstats file loopstats type day
>enable filegen peerstats file peerstats type day enable
>filegen clockstats file clockstats type day enable # You do
>need to talk to an NTP server or two (or three). #server
>ntp.your-provider.example # pool.ntp.org maps to about 1000
>low-stratum NTP servers. Your server will # pick a different
>set every time it starts up. Please consider joining the #
>pool: <http://www.pool.ntp.org/join.html [2] [2 [2]] [2 [2]]
>[1 [2]]> server 0.debian.pool.ntp.org iburst server
>1.debian.pool.ntp.org iburst server 2.debian.pool.ntp.org ib
>
> urst ser
>
>v
>
>> er 3.debian.pool.ntp.org iburst # Access control
>configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
># details. The web page
><http://support.ntp.org/bin/view/Support/AccessRestrictions
>[3] [3 [3]] [3 [3]] [2 [3]]> # might also be helpful. # # Note
>that "restrict" applies to both servers and clients, so a
>configuration # that might be intended to block requests from
>certain clients could also end # up blocking replies from your
>own upstream servers. # By default, exchange time with
>everybody, but don't allow configuration. restrict -4 default
>kod notrap nomodify nopeer noquery restrict -6 default kod
>notrap nomodify nopeer noquery # Local users may interrogate
>the ntp server more closely. restrict 127.0.0.1 restrict ::1 #
>Clients from this (example!) subnet have unlimited access, but
>only if # cryptographically authenticated. restrict
>192.168.1*6.0 mask 255.255.255.0 notrust # If you want to
>provide time to your local subnet, change the next line. #
>(Again, the ad
> dress is
>
> an
>example
>
> o
>
>> nly.) br oadcast 192.168.1*6.255 # If you want to listen to
>time broadcasts on your local subnet, de-comment the # next
>lines. Please do this only if you trust everybody on the
>network! disable auth broadcastclient Went to ntp.org to see
>if I could troubleshoot. Did as they suggested and got same
>result. Their troubleshooting page indicated that most issues
>are connected to DNS issues between machines. Did some
>'nslookup' from each DC to the member and vise versa. DNS
>returns correct results. Looked to confirm I do NOT have a
>firewall running on any device. Not at this time. Member
>server time keeps drifting and I need to correct this. Any
>ideas? -- ------------------------- Bob Wooden of Donelson
>Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]]
>[1 [1]] [3 [1]] [1 [3]] "Everyone deserves an award!!" Links:
>------ [1] http://www.donelsontrophy.com [1] [1 [1]] [1 [1]]
>[3 [1]] -- To unsubscribe from this list go to the following
>URL and read the instructions:
>
>https://lists.samba.org/mailman/options/samba [4] [4 [4]]
>
> [
>
>> 4] [4 [4]] Links: ------ [1]
>http://www.pool.ntp.org/join.html [2] [2 [2]] [2 [2]] [2]
>http://support.ntp.org/bin/view/Support/AccessRestrictions [3]
>[3 [3]] [3 [3]] [3] http://www.donelsontrophy.com [1] [1 [1]]
>[1 [1]] [4] https://lists.samba.org/mailman/options/samba [4]
>[4 [4]] [4 [4]] You do not seem to have this line in your
>ntp.conf: ntpsigndsocket /var/lib/samba/ntp_signd/ and what is
>the '*' doing in these lines ? restrict 192.168.1*6.0 mask
>255.255.255.0 notrust broadcast 192.168.1*6.255 This is my
>ntp.conf from a DC: server 127.127.1.0 fudge 127.127.1.0
>stratum 10 server 0.pool.ntp.org iburst prefer driftfile
>/var/lib/ntp/ntp.drift logfile /var/log/ntp ntpsigndsocket
>/var/lib/samba/ntp_signd/ restrict default kod nomodify notrap
>nopeer mssntp restrict 127.0.0.1 restrict ::1 restrict
>0.pool.ntp.org mask 255.255.255.255 nomodify notrap nopeer
>noquery and with this, I get this from a linux client:
>rowland at ThinkPad ~/test $ ntpq -p remote refid st t when poll reach de
> lay
>offset jitter
>
>===============================================================
>===============
>*dc01.example.com 79.132.231.104 3 u 94 128 377 0.960 -1.772 2.521
>+dc02.example.com 108.61.56.35 3 u 101 128 377 0.942 2.210
>2.457 Rowland
>Links: ------ [1] http://www.donelsontrophy.com [1] [1 [1]] [2]
>http://www.pool.ntp.org/join.html [2] [2 [2]] [3]
>http://support.ntp.org/bin/view/Support/AccessRestrictions [3] [3 [3]]
>[4] https://lists.samba.org/mailman/options/samba [4] [4 [4]]
>
>OK, only changed the domain name
>
>driftfile /var/lib/ntp/ntp.drift
>statistics loopstats peerstats clockstats
>filegen loopstats file loopstats type day enable
>filegen peerstats file peerstats type day enable
>filegen clockstats file clockstats type day enable
>server dc01.example.com.
>server dc02.example.com.
># By default, exchange time with everybody, but don't allow
>configuration.
>restrict -4 default kod notrap nomodify nopeer noquery
>restrict -6 default kod notrap nomodify nopeer noquery
>
># Local users may interrogate the ntp server more closely.
>restrict 127.0.0.1
>restrict ::1
>
>Rowland
>
>Links:
>------
>[1] http://www.donelsontrophy.com [1]
>[2] http://www.pool.ntp.org/join.html [2]
>[3] http://support.ntp.org/bin/view/Support/AccessRestrictions [3]
>[4] https://lists.samba.org/mailman/options/samba [4]
>
>
>Links:
>------
>[1] http://www.donelsontrophy.com
>[2] http://www.pool.ntp.org/join.html
>[3] http://support.ntp.org/bin/view/Support/AccessRestrictions
>[4] https://lists.samba.org/mailman/options/samba
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list