PDA

View Full Version : Configure NTP host as coexistent server and client



Stefanik74
10-Apr-2013, 13:17
Hi all,
I've suse11-sp1 on a HP-blade.
I'd like to know if it's possible to configure it as NTP-server and client.
I explain better. This blade get the clock synchronization from an external server, but it should also give its synchronized clock to another node, that can be connect just to it.

So, the blade should be a client for its synchronization, but in the same time should be a server for the other node.

Is it possible to execute this kind of NTP configuration?

Many thanks,
Stefano

ab
10-Apr-2013, 14:08
Yes, and that is even the default. The reason that most SLES machines are
not accessible for NTP client is, I'm pretty sure, because the firewall
blocks UDP port 123. Use Yast to un-block it and it is suddenly a server
as well as a client.

Code:
----------
sudo /sbin/yast firewall
----------

To verify your service is listening even if the firewall is blocking
access to it:

Code:
----------
netstat -planeu | grep :123
----------

You should see lines like this:

Code:
----------
udp 0 0 127.0.0.1:123 0.0.0.0:* 0 17920 -
udp 0 0 0.0.0.0:123 0.0.0.0:* 0 17914 -
udp 0 0 :::123 :::* 0 17915 -
----------


Good luck.

Stefanik74
10-Apr-2013, 17:01
Hi ab, thanks for your answer.
Really my server now is already configured as client. I configure it with yast.
What configuration should I execute to enable the blade also as NTP-server?

Thanks

jmozdzen
10-Apr-2013, 17:10
Hi ab, thanks for your answer.
Really my server now is already configured as client. I configure it with yast.
What configuration should I execute to enable the blade also as NTP-server?

Thanks

Hi Stefano,

what ab was trying to tell you is that your machine already *is* a NTP server, once ntpd is running.

What is your exact problem you're facing? What error message do you get, and where?

Regards,
Jens

Stefanik74
10-Apr-2013, 20:51
ops, I didn't understand! :)
I haven't any error, because I didn't try to check NTP-server role.
I'll try and I let you know.

Thank you,
Ste

Stefanik74
10-Apr-2013, 21:27
sorry again, I just check client-node doesn't support NTP, but just SNTP or timeP protocols.
Suse supports these protocols?

Ste

jmozdzen
10-Apr-2013, 22:54
sorry again, I just check client-node doesn't support NTP, but just SNTP or timeP protocols.
Suse supports these protocols?

Ste

Hi Ste,

have you just tried? SNTP (simplified ntp) was designed to be able to work against full ntp servers, AFAIR.

Regards,
Jens

ab
10-Apr-2013, 23:10
> have you just tried? SNTP (simplified ntp) was designed to be able to
> work against full ntp servers, AFAIR.

Agreed; for example, some inferior OS's (which use the simplified version
of full NTP) can still get time from real systems like SLES. It'll
probably just work. If it doesn't, fix the clients to support the
standard since basically online you have NTP as your source of time for
the whole world. The simplified version just makes implementations easier
for vendors who can't implement the whole spec, I was told.

Good luck.

Stefanik74
11-Apr-2013, 08:39
Hi, I just tried but it doesn't work. :(

jmozdzen
11-Apr-2013, 13:09
Hi Stefano,


Hi, I just tried but it doesn't work. :(

it's hard to spot the actual cause in this overwhelming mass of details ;)

As ab had pointed out, it might be that SuSEfirewall is active on your NTP server, blocking all queries. It might be something totally different though. You haven't even hinted why you think it failed... perhaps everything actually worked?

Please, if you want us to help you, give some details:

- What did you try to do?
- What exactly have you done?
- What has happened?
- What had you expected to happen?
- What have you done to track down why it happend differently?

We're eager to help you, but most of our crystal balls have a limited range...

Regards,
Jens

Stefanik74
15-Apr-2013, 18:13
Hi Jens,
sorry for little details, what I mean is that it seems external node ("S"NTP client) can't get configuration from the Suse-server (NTP server).
I try to configure on the external sntp client the server ip without the time syncronization, but analyze the client it seems there is any wrong configuration on it.

Thanks again,
Ste

jmozdzen
15-Apr-2013, 18:38
Hi Stefano,

have you done any checks so far, other than verifying the time on your external client?

Regards,
Jens

Stefanik74
16-Apr-2013, 07:30
We're verifing with hp support the external client (it's an hp switch).
They told me SNTP can't be syncronized from a NTP server, but from RFC reference it seems not correct, so I try to get a deeper analysis.

Ste

jmozdzen
16-Apr-2013, 08:03
Hi Stephano,


We're verifing with hp support the external client (it's an hp switch).
They told me SNTP can't be syncronized from a NTP server, but from RFC reference it seems not correct, so I try to get a deeper analysis.

Ste

yes, that should indeed be possible - what have you set up in the switch, for sntp (output of "sh sntp")? Especially, have you set it up to use udp? And have you verified, as per ab's recommendation, that no firewall interferes on the SLES server?

I'd recommend to use tcpdump on the SLES server to further diagnose this, filtering for 123/udp and/or the switch ip address. That way we'll know more of what is going on.

Regards,
Jens

jmozdzen
18-Apr-2013, 15:24
To the casual reader:

offline discussion has indicated that the main problem is caused by communications between the switch and it's management station (the NTP requests never even made it from the switch to the NTP server) and that the remaining problems are checked by HP support.

Regards,
Jens