Re: Connect problem 4.1.2-4 redhat server

---

• From: "Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx>
• Date: Tue, 16 Aug 2005 13:30:44 -0400

---

t_pascal@xxxxxxxxxxx wrote:

Steve Kostecke wrote:

On 2005-08-15, t_pascal@xxxxxxxxxxx <t_pascal@xxxxxxxxxxx> wrote:

Please see http://ntp.isc.org/Support/AccessRestrictions for information
about how to control access to your ntpd.

This was a good resource, and I was hopeful it would fix a strange
problem I have.

Server: RedHat ES3, ntp 4.1.2-4, address 192.168.100.a
Per the suggestion in the document, I tried this "restrict 192.168.0.0
mask 255.255.0.0 nomodify"

Why do you feel that you need this restriction?

I was following the suggestions of the last section of the document.  I
even tried "restrict 192.168.0.0 mask 255.255.0.0" to allow all (the
"restrict default ignore" is in place)  Also, see this web page (a
little further down) on "Linux NTP clients can't connect" refers to
Fedora Core 2, but might be a proxy for ES 3:

http://www.linuxhomenetworking.com/linux-hn/ntp.htm#_Toc91350038

I'm pretty sure the RedHat distributions are broken.  I'm going to find
the latest package and see if it works.  Sorry to bother y'all with
these minor problems.

Client1:  RedHat 7.3 kernel 2.4.30, ntp 4.1.1-2 address 192.168.100.b
Client2:  RedHat ES3, ntp 4.1.2-4, address 192.168.101.c
Client3:  RedHat 7.3 kernel 2.4.30, ntp 4.1.1-2 address 192.168.101.d

Server connects to external (internet) servers and synchs well via
firewall.
Client1 connects to Server perfectly and syncs well, with or without
"notrust" option.

The meaning of "notrust" has changed. Please see
http://ntp.isc.org/bin/view/Support/AccessRestrictions#Section_6.4.3.1.

I'm using 4.1 on all systems, not 4.2.

Sorry to self-followup, but I reversed Client2 and Client3. Basically,
the two versions cooperate fully on the same subnet. The 4.1.2 server
will reply to a 4.1.2 client via ntpdate ONLY (across a different
subnet). The 4.1.1 clients are totally ignored across subnets (but
work fine on the same subnet as noted).

It is possible that ntpdate is being invoked with '-u', for "use an
unprivileged source port. That would explain why ntpdate works even
though port 123/UDP is not completely open between the two sub-nets.

No, I'm not using the -u option.

It would be helpful to see the ntp.conf files for all 4 systems.

I will post if I can't get 4.2 working.  They are all standard, vanilla
conf files, the client files are exactly the same; the only difference
is the "server" definitions and the "restrict" lines I mentioned above
on the server.

Do the clients work without any restrict statements?
.

---

• Follow-Ups:
  • Re: Connect problem 4.1.2-4 redhat server
    • From: t_pascal

• References:
  • Connect problem 4.1.2-4 redhat server
    • From: t_pascal
  • Re: Connect problem 4.1.2-4 redhat server
    • From: t_pascal
  • Re: Connect problem 4.1.2-4 redhat server
    • From: Steve Kostecke
  • Re: Connect problem 4.1.2-4 redhat server
    • From: t_pascal

• Prev by Date: Re: Comparing offset of multiple refclock/servers
• Next by Date: Re: Connect problem 4.1.2-4 redhat server
• Previous by thread: Solved (was Re: Connect problem 4.1.2-4 redhat server)
• Next by thread: Re: Connect problem 4.1.2-4 redhat server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: windows 2003 active directory and slow logons ... so WHY not create a subnet in AD that covers that. ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... DHCP provided by linux box and clients get ip addresses from the ... The remote site has a local DC that is also a DNS for the AD DNS ... (microsoft.public.windows.server.active_directory) Re: windows 2003 active directory and slow logons ... so WHY not create a subnet in AD that covers that. ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... DHCP provided by linux box and clients get ip addresses from the ... The remote site has a local DC that is also a DNS for the AD DNS ... (microsoft.public.windows.server.active_directory) Re: windows 2003 active directory and slow logons ... and what is the subnet mask for clients and servers? ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... DHCP provided by linux box and clients get ip addresses from the following ... The ip address range for the server is 10.30.254.x ... (microsoft.public.windows.server.active_directory) Re: windows 2003 active directory and slow logons ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... so WHY not create a subnet in AD that covers that. ... DHCP provided by linux box and clients get ip addresses from the ... The remote site has a local DC that is also a DNS for the AD ... (microsoft.public.windows.server.active_directory) Re: Connect problem 4.1.2-4 redhat server ... > Client1 connects to Server perfectly and syncs well, ... > Client3 can sync the time with ntpdate, ... > the two versions cooperate fully on the same subnet. ... The 4.1.1 clients are totally ignored across subnets (but ... (comp.protocols.time.ntp)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)