ntpq -p n'imprime pas les résultats attendus


3

Je ne parviens pas à configurer la fonctionnalité client ntp sur le système Debian.

Lors de la saisie de ntpq -p, la sortie est toujours la même (tous les zéros et aucune statistique dans la sortie), ce qui ressemble à ceci:

sudo ntpq -p4
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 ntp2.mojsite.co .INIT.          16 -    - 1024    0    0.000    0.000   0.000
 panel1.web2.clu .INIT.          16 -    - 1024    0    0.000    0.000   0.000
 85.93.216.115   .INIT.          16 -    - 1024    0    0.000    0.000   0.000

Comme vous pouvez le constater, la portée, le délai, le décalage et la gigue sont tous nuls, ce qui ne change pas depuis quelques jours déjà.

Je pense que la configuration pourrait être mal configurée, voici mon fichier ntp.conf:

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

#complete guide at:
#http://doc.ntp.org/4.1.0/ntpd.htm

#######################
# Monitoring Options  #
#######################
#Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/

#what to log (keyword "statistics")
#clockstats: for reference clock
#peerstats: for peers (remote ntp servers)
#loopstats: Record clock discipline loop statistics
#raw stats: for raw output
statistics loopstats peerstats clockstats rawstats

#type: generate files per day(day), per NTP process (pid), single file (none)
#per month (month) ... (year), or 24 hours of server operation (age)
#enable/disable output and
#link/nolink convenient to be able to access the current element of a file
#generation set by a fixed name

#recording of loop filter statistics information.
filegen loopstats file loopstats.log type day nolink enable

#recording of peer statistics information.
filegen peerstats file peerstats.log type day nolink enable

#recording of clock driver statistics information.
filegen clockstats file clockstats.log type day nolink enable

#recording of raw-timestamp statistics information.
filegen rawstats file rawstats.log type day nolink disable

###########################
# Reference Clock Options #
###########################
#server 127.127.t.u [prefer] [mode int] [minpoll int] [maxpoll int]
#fudge 127.127.t.u [time1 sec] [stratum int] [refid string] [mode int] [flag1 0|1] [flag2 0|1] [flag3 0|1] [flag4 0|1]

##########
# SERVER #
##########

#interface and ip setup, wildcard equals to 0.0.0.0
#This  command  controls  which  network  addresses ntpd opens,
#and whether input is dropped without processing.
#ignore: don't listen on this address
#drop: listen but drop
#listen: listen and accept
interface ignore ipv6
interface listen 127.0.0.1
interface ignore 192.168.1.100
interface ignore wildcard

##########
# CLIENT #
##########

#The various operating  modes are determined by the command keyword
#and the type of the required IP address.
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>

#The iburst option is recommended, and sends a burst of packets only if
#it cannot obtain a connection with the first attempt.
#The burst option always does this, even on the first attempt,
#and should never be used without explicit permission
#and may result in blacklisting.

#this command mobilizes a persistent client mode association with the specified
#remote server or local radio clock.
#In this mode the local clock can synchronized to the remote server,
#but the remote server can never be synchronized to the local clock.

#The various operating modes are determined by the command keyword:
#server, peer, broadcast, manycastclient and the type of the required IP address.
server 1.hr.pool.ntp.org
server 0.europe.pool.ntp.org
server 3.europe.pool.ntp.org


##################
# Access Control #
##################

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.


# By default, exchange time with everybody, but don't allow configuration.
# restrict address mask / -4 -6 / default
# default: (everybody) equal to 0.0.0.0 255.255.255.255
# kod: If access is denied, send a kiss-of-death packet.
# let client know more about why is it blocked to fix the problem
# notrap: subsystem intended for remote event logging programs.
restrict -4 default kod notrap nomodify nopeer noquery noserve
restrict -6 default kod notrap nomodify nopeer noquery noserve

# Local users may interrogate the ntp server more closely.
# If ignoring interface on ipv6 run "ntpq -p -4" instead of just "-p" 
restrict 192.168.1.100      kod notrap nomodify nopeer noquery
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 172.16.1.1 mask 255.255.255.0 notrust

#########################
# Miscellaneous Options #
#########################

#Provides a way to enable or disable various server options.
disable bclient     #if not specified default is: disable
disable calibrate   #disable
enable kernel       #enable
enable monitor      #enable
enable stats        #enable
enable ntp      #enable

#This command controls the amount and type of output written to the system
#syslog facility or the alternate logfile.
logconfig=syncall +clockall +sysall +peerall
logfile /var/log/ntp.log

#This command specifies the name of the file used to record
#the frequency offset of the local clock oscillator.
driftfile /var/lib/ntp/ntp.drift

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
# broadcast 172.16.1.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

Les règles de pare-feu NTP sont configurées et les connexions bloquées sont consignées. Jusqu'à présent, rien n'est bloqué. Si nécessaire, je fournirai également des informations sur le pare-feu.

Réponses:


2

J'ai compris le problème:

interface ignore 192.168.1.100

devrait être

interface listen 192.168.1.100

et

restrict -4 default kod notrap nomodify nopeer noquery noserve

devrait être

restrict -4 default kod notrap nomodify nopeer noquery

Fondamentalement, nous devons écouter les paquets entrants provenant du serveur NTP, même s'il ne s'agit que d'une configuration client.


En utilisant notre site, vous reconnaissez avoir lu et compris notre politique liée aux cookies et notre politique de confidentialité.
Licensed under cc by-sa 3.0 with attribution required.