Debian NTP Server cant synchronize

Question

I have Debian 8 and NTP server. Problem is that, NTP Server use only "self" IP server and I don't know why

ntpq -p:

 remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.1.100.11     .INIT.          16 u    -   64    0    0.000    0.000   0.000

ntp.conf:

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
tinker panic 0 

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable


# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#server 0.debian.pool.ntp.org iburst
#server 1.debian.pool.ntp.org iburst
#server 2.debian.pool.ntp.org iburst
#server 3.debian.pool.ntp.org iburst

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org


#server tempus1.gum.gov.pl iburst
#server tempus2.gum.gov.pl iburst


# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
restrict 192.168.11.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.255.0 mask 255.255.255.0 nomodify notrap
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

Do you see any errors when running the command manually, and/or in your logs? — iwaseatenbyagrue, Apr 04 '17 at 18:26

score 1 · Answer 1 · answered Mar 28 '17 at 05:49

Here's a sanitised diff of the default Debian 8 NTP configuration against your config (excluding comments):

0a1
> tinker panic 0 
1a3
> statsdir /var/log/ntpstats/
6,9c8,11
< server 0.debian.pool.ntp.org iburst
< server 1.debian.pool.ntp.org iburst
< server 2.debian.pool.ntp.org iburst
< server 3.debian.pool.ntp.org iburst
---
> server 0.pool.ntp.org
> server 1.pool.ntp.org
> server 2.pool.ntp.org
> server 3.pool.ntp.org
11a14,17
> restrict 192.168.11.0 mask 255.255.255.0 nomodify notrap
> restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap
> restrict 192.168.255.0 mask 255.255.255.0 nomodify notrap
> restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
13d18
< restrict ::1

None of these changes are likely to have caused issues with upstream connectivity. When I put your configuration in place on a VM, it resulted in a working configuration (although I'd recommend keeping the default server lines in place rather than your replacements).

So it seems that whatever is causing your problem is external to this particular machine. Some suggestions for narrowing down the issue:

Confirm that DNS resolves the NTP server names correctly (i.e. not resolving to your server):

host 0.pool.ntp.org
grep 0.pool.ntp.org /etc/hosts

These overrides are the most likely cause of your problem, since there seems to be nothing else in your configuration which would cause your system to use 10.1.100.11 as an NTP server.

Check that you have connectivity to the NTP pool with ntpdate or sntp:

ntpdate -d 0.pool.ntp.org
sntp 0.pool.ntp.org

Or restart ntp while sniffing for packets with tcpdump, tshark, or wireshark:

tshark -i eth0 -n -f 'udp port 123' &
service ntp restart

If any of those fails, or you see your requests going out without replies coming back, there's probably a firewall somewhere blocking your requests.

If you need further help tracking it down, post the output of:

tail /var/log/ntpstats/peerstats

Debian NTP Server cant synchronize

1 Answers1