今天使用虛擬你需要同步時間結果報錯了。系統RHEL6.4。報錯如下
# ntpdate asia.pool.ntp.org 8 Aug 06:00:11 ntpdate[7451]: no server suitable for synchronization found
出現問題後檢查防火牆是否關閉
# service iptables status iptables: Firewall is not running.
結果是關閉的
使用-d查看原因
# ntpdate -d asia.pool.ntp.org 8 Aug 05:55:05 ntpdate[7400]: ntpdate [email protected] Thu May 13 14:38:23 UTC 2010 (1) Looking for host asia.pool.ntp.org and service ntp host found : bera.learn.ac.lk transmit(192.248.1.162) transmit(27.114.150.13) transmit(120.88.46.10) transmit(157.7.203.102) receive(192.248.1.162) transmit(192.248.1.162) receive(157.7.203.102) transmit(157.7.203.102) receive(157.7.203.102) transmit(157.7.203.102) receive(120.88.46.10) transmit(120.88.46.10) receive(157.7.203.102) transmit(157.7.203.102) receive(120.88.46.10) transmit(120.88.46.10) receive(192.248.1.162) transmit(192.248.1.162) transmit(27.114.150.13) receive(120.88.46.10) transmit(120.88.46.10) transmit(157.7.203.102) receive(192.248.1.162) transmit(192.248.1.162) receive(120.88.46.10) transmit(120.88.46.10) transmit(27.114.150.13) receive(192.248.1.162) transmit(192.248.1.162) transmit(27.114.150.13) transmit(27.114.150.13) 27.114.150.13: Server dropped: no data server 192.248.1.162, port 123 stratum 2, precision -19, leap 00, trust 000 refid [192.248.1.162], delay 0.57085, dispersion 0.00000 transmitted 4, in filter 4 reference time: d792e8a1.e443f4ea Mon, Aug 11 2014 15:00:49.891 originate timestamp: d792e90d.f6534dec Mon, Aug 11 2014 15:02:37.962 transmit timestamp: d78e7440.05071cd0 Fri, Aug 8 2014 5:55:12.019 filter delay: 0.64255 0.57982 0.57956 0.57085 0.00000 0.00000 0.00000 0.00000 filter offset: 292045.6 292045.6 292045.6 292045.6 0.000000 0.000000 0.000000 0.000000 delay 0.57085, dispersion 0.00000 offset 292045.669938 server 27.114.150.13, port 123 stratum 0, precision 0, leap 00, trust 000 refid [27.114.150.13], delay 0.00000, dispersion 64.00000 transmitted 4, in filter 4 reference time: 00000000.00000000 Thu, Feb 7 2036 14:28:16.000 originate timestamp: 00000000.00000000 Thu, Feb 7 2036 14:28:16.000 transmit timestamp: d78e7441.7eccc431 Fri, Aug 8 2014 5:55:13.495 filter delay: 0.00000 0.00000 0.00000 0.00000 0.00000 0.00000 0.00000 0.00000 filter offset: 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 0.000000 delay 0.00000, dispersion 64.00000 offset 0.000000 server 120.88.46.10, port 123 stratum 2, precision -21, leap 00, trust 000 refid [120.88.46.10], delay 0.40349, dispersion 0.00000 transmitted 4, in filter 4 reference time: d792e1d9.fc2eb479 Mon, Aug 11 2014 14:31:53.985 originate timestamp: d792e90d.a75fc42e Mon, Aug 11 2014 15:02:37.653 transmit timestamp: d78e743f.d624447e Fri, Aug 8 2014 5:55:11.836 filter delay: 0.40744 0.40784 0.40349 0.40726 0.00000 0.00000 0.00000 0.00000 filter offset: 292045.6 292045.6 292045.6 292045.6 0.000000 0.000000 0.000000 0.000000 delay 0.40349, dispersion 0.00000 offset 292045.627397 server 157.7.203.102, port 123 stratum 3, precision -17, leap 00, trust 000 refid [157.7.203.102], delay 0.08058, dispersion 8.00000 transmitted 4, in filter 4 reference time: d792e2dd.06f9d551 Mon, Aug 11 2014 14:36:13.027 originate timestamp: d792e90c.bc5d0818 Mon, Aug 11 2014 15:02:36.735 transmit timestamp: d78e743f.15508c16 Fri, Aug 8 2014 5:55:11.083 filter delay: 0.10025 0.08405 0.08058 0.00000 0.00000 0.00000 0.00000 0.00000 filter offset: 292045.6 292045.6 292045.6 0.000000 0.000000 0.000000 0.000000 0.000000 delay 0.08058, dispersion 8.00000 offset 292045.680068 8 Aug 05:55:14 ntpdate[7400]: step time server 120.88.46.10 offset 292045.627397 sec
以上信息證明網絡沒有問題。還是繼續查看本機問題。突然在官網查到了
The behavior of notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don't trust this host/subnet for time".
In 4.2 (and later) notrust means "Ignore all NTP packets that are not cryptographically authenticated." This forces remote time servers to authenticate themselves to your (client) ntpd
查看下版本信息
# ntpd --version ntpd - NTP daemon program - Ver. 4.2.4p8
原因找到了
找配置文件
# vim /etc/ntp.conf # For more information about this file, see the man pages # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery #發現了將這兩行修改或註釋 # Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1 restrict -6 ::1
我將這兩行註釋掉了
再次測試ntp
# ntpdate asia.pool.ntp.org 11 Aug 15:13:14 ntpdate[7477]: step time server 211.233.84.186 offset 292045.698832 sec 成功了
# 1. 關於權限設定部分
# 權限的設定主要以 restrict 這個參數來設定,主要的語法爲:
# restrict IP mask netmask_IP parameter
# 其中 IP 可以是軟件地址,也可以是 default ,default 就類似 0.0.0.0
# 至於 paramter 則有:
# ignore :關閉所有的 NTP 聯機服務
# nomodify:表示 Client 端不能更改 Server 端的時間參數,不過,
# Client 端仍然可以透過 Server 端來進行網絡校時。
# notrust :該 Client 除非通過認證,否則該 Client 來源將被視爲不信任網域
# noquery :不提供 Client 端的時間查詢
# notrap :不提供trap這個遠程事件登入
# 如果 paramter 完全沒有設定,那就表示該 IP (或網域)“沒有任何限制”
restrict default nomodify notrap noquery # 關閉所有的 NTP 要求封包
restrict 127.0.0.1 #這是允許本級查詢
restrict 192.168.0.1 mask 255.255.255.0 nomodify
#在192.168.0.1/24網段內的服務器就可以通過這臺NTP Server進行時間同步了
# 2. 上層主機的設定
# 要設定上層主機主要以 server 這個參數來設定,語法爲:
# server [IP|HOST Name] [prefer]
# Server 後面接的就是我們上層 Time Server 囉!而如果 Server 參數
# 後面加上 perfer 的話,那表示我們的 NTP 主機主要以該部主機來作爲
# 時間校正的對應。另外,爲了解決更新時間封包的傳送延遲動作,
# 所以可以使用 driftfile 來規定我們的主機
# 在與 Time Server 溝通時所花費的時間,可以記錄在 driftfile
# 後面接的文件內,例如下面的範例中,我們的 NTP server 與
# cn.pool.ntp.org聯機時所花費的時間會記錄在 /etc/ntp/drift文件內