ntpd - I'm sure I'm setting it up wrong, but I can't figure out
how.
Jon Radel
jon at radel.com
Mon May 26 19:54:47 UTC 2008
Jim Stapleton wrote:
> On Mon, May 26, 2008 at 2:02 PM, Chuck Swiger <cswiger at mac.com> wrote:
>> On May 26, 2008, at 10:02 AM, Jim Stapleton wrote:
>>> I'm trying to run ntpd to auto-update my computer's time (since I'm
>>> not supposed to use ntpdate).
>>>
>>> /etc/ntp.conf (I've tried without the restrict line):
>>> ========================================
>>> server sushi.lyon.edu
>>> restrict default ignore
>>> driftfile /var/db/ntp.drift
>>> ========================================
>> Your configuration is blocking all NTP traffic and commands, even from
>> localhost. See:
>
> Thanks, that fixed the issue.
I was also going to point out that I don't believe that the -f option
does you much good unless, at some point, you've run ntpd as a daemon
for a minimum of several hours or have otherwise put a decent drift
value for your specific hardware into the file you reference. If you
care about accurate time, you may wish to just go ahead and run ntpd the
"normal" way with a bunch of servers; an earlier reply gave you what to
put into into /etc/rc.conf.
If so, I'd suggest
restrict default nomodify notrap nopeer
restrict -6 default nomodify notrap nopeer
where the 2nd line is a really good idea if you've got any ipv6 at all,
instead of just removing the restrict line entirely. This will block
the worst abuse. (Yes, the 1st line has no effect on what ntpd does
with packets that arrive via ipv6 and, if I had to guess, I'd say there
are an awful lot of FreeBSD servers out there that can have their ntpd
"twiddled" from the local network. ;-)
--Jon Radel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3283 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080526/8a393557/smime.bin
More information about the freebsd-questions
mailing list