NTP Stratum Won't "Fudge"

Question

I have two servers, blue and green. I want blue to pull time from green but it won't because the stratum on green is too high. Green has a regular internet connection. Blue does not. In googling the topic, I should be able to "fudge" the stratum value, but it doesn't seem to take.

At the bottom of the code, the client affirms that the stratum is too high.

Recommendations to force the ntp server to lie?

Ubuntu 18.04.2

root@ntpserver:/home/green# ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 10.1.150.93     .INIT.          16 u    -   64    0    0.000    0.000   0.000
+2610:20:6f97:97 .NIST.           1 u   14   64   17  102.882  -34.929  35.299
+2001:67c:1560:8 17.253.34.253    2 u   16   64   17  161.268  -13.182  12.489
root@ntpserver:/home/green# cat /etc/ntp.conf
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
logfile /var/log/ntp.log


# You must create /var/log/ntpstats (owned by ntp:ntp) to enable logging.
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Comment this out if you have a refclock and want it to be able to discipline
# the clock by itself (e.g. if the system is not connected to the network).
tos minclock 4 minsane 3

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
server time.nist.gov

server   10.1.150.93
fudge    10.1.150.93 stratum 8

# Use Ubuntu's ntp server as a fallback.
server ntp.ubuntu.com preempt

# Access control configuration; see /usr/share/doc/ntpsec-doc/html/accopt.html
# for details.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict default kod nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
root@ntpserver:/home/green#



root@blue:/etc# ntpdate -dv 10.1.150.93
 1 Mar 18:13:34 ntpdate[122014]: ntpdate 4.2.6p5@1.2349-o Fri Jul 22 17:30:52 UTC 2016 (1)
transmit(10.1.150.93)
receive(10.1.150.93)
transmit(10.1.150.93)
receive(10.1.150.93)
transmit(10.1.150.93)
receive(10.1.150.93)
transmit(10.1.150.93)
receive(10.1.150.93)
10.1.150.93: Server dropped: strata too high
server 10.1.150.93, port 123
stratum 16, precision -23, leap 11, trust 000
refid [10.1.150.93], delay 0.02589, dispersion 0.00005
transmitted 4, in filter 4
reference time:    00000000.00000000  Mon, Jan  1 1900  0:00:00.000
originate timestamp: e023f4ea.f1a932d2  Fri, Mar  1 2019 18:14:02.943
transmit timestamp:  e023f4d4.5f61696f  Fri, Mar  1 2019 18:13:40.372
filter delay:  0.02594  0.02596  0.02611  0.02589
         0.00000  0.00000  0.00000  0.00000
filter offset: 22.57128 22.57129 22.57125 22.57120
         0.000000 0.000000 0.000000 0.000000
delay 0.02589, dispersion 0.00005
offset 22.571203

 1 Mar 18:13:40 ntpdate[122014]: no server suitable for synchronization found
root@blue:/etc#

Answer 1

Are your server and fudge lines wrong, i.e., the stratum option should be on the fudge line? I've been using this configuration for several years, but to synch time on my home machines.

Main host, Centos 6, 192.168.1.200 (Naturally it's different!):

driftfile /var/lib/ntp/drift

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1 
restrict -6 ::1

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

fudge server 127.127.1.0 stratum 10

Client, Ubuntu 18.04:

driftfile /var/lib/ntp/ntp.drift

leapfile /usr/share/zoneinfo/leap-seconds.list

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

server 192.168.1.200 iburst

server 127.127.1.0
fudge 127.127.1.0 stratum 10

restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

restrict 127.0.0.1
restrict ::1

restrict source notrap nomodify noquery

Another client, Ubuntu 16.04:

driftfile /var/lib/ntp/ntp.drift

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

server 192.168.1.200 iburst

server 127.127.1.0
fudge   127.127.1.0 stratum 10

restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

restrict 127.0.0.1
restrict ::1

restrict source notrap nomodify noquery

Answer 2

The answer was: remove the local server IP and fudge entry. They were creating the stratum 16 entry which was causing my problem.

This is sort of confusing as old answers to this similar problem use:

server x.x.x.x stratum 10
fudge  x.x.x.x

in ntp.conf. Something has changed where that no longer works.