ntpd fails to synchronize on FreeBSD 6.3-STABLE

Tue Feb 26 16:44:32 UTC 2008

On Tue, Feb 26, 2008 at 10:09:10PM +0700, Pongthep Kulkrisada wrote:
> > Please do not define driftfile in /etc/ntp.conf.  The /etc/rc.d/ntpd
> > framework will take care of that for you by using -f /var/db/ntpd.drift.
> I have tried it, still not work.

I was pointing this out not as "this will fix your problem", but "this
will cause you problems when it comes to driftfile usage".  So, keep it
the way I said, otherwise you'll need to override some ntp_* settings in
rc.conf.

> > If I were you, I'd try sniffing traffic on your LAN segment to see if
> > you're even getting responses from the remote NTP servers.  Using
> > tcpdump, you should be able to achieve this by doing:
> > 
> > # tcpdump -l -n -s 8192 -p "port 123"
> > 
> > I'm willing to bet you're not even getting responses from the remote
> > servers, which would imply firewall rules on your gateway, or the
> > machine itself.
> # tcpdump -l -n -s 8192 -p "port 123"
> tcpdump: listening on fxp0, link-type EN10MB (Ethernet), capture size 8182 bytes
> 
> 0 packets captured
> 12 packets received by filter
> 0 packets dropped by kernel
> ^C
> (after awaiting around 20secs then hits interrupt)

This isn't enough time.  Please try this instead.

# /etc/rc.d/ntpd stop
# /etc/rc.d/ntpdate start

This should set your clock, even if only by a few milliseconds.
Assuming the ntpdate part is successful, continue on:

# tcpdump -l -n -s 8192 -p "port 123"

Now, in another window, execute:

# /etc/rc.d/ntpd start

Then let the tcpdump go for about 15 minutes.  You aren't using the
"iburst" feature on any of the servers, so it will take some time before
they try to sync up.

> You are right, I didn't get any responses.
> I have doubly checked. Firewall on my router/gateway is disabled, not active.
> I have also tried disabling firewall on my machine.
> It still doesn't work.
> Actually I am not suspecting my /etc/ipfw.rules, which has been being used
> for long since FreeBSD 5.4. ntpd has never encountered any problems for such
> ipfw configuration with dial-up (both 5.4-RELEASE and 6.2-RELEASE).
> (I also didn't forget to change interface name from dial-up to ethernet.)

tcpdump has priority over any firewalling layer, so even if you had ipfw
or ipfilter or pf rules blocking NTP traffic, tcpdump would still show
the packets coming in across the wire.  You're simply not seeing
traffic, probably because you didn't wait long enough.  ntpd *does not*
sync every 20 seconds, or even every 60.  Like I said: try 15 minutes.

> > # find /usr/share/man/cat* -type f -exec rm -f {} \;
> or
> > # find /usr/share/man/cat* -type f -delete
> I have tested it, I still get outdated man pages.
> I even dive into /usr/src/share/man.
> Man pages over there are all FreeBSD 6.2.
> But some timestamps dated Feb 13, 2008; but footer is still FreeBSD 6.2

I can confirm this on my RELENG_6 box (using 6.3).  I wouldn't worry
about the footer saying 6.2.

> > Finally, when you upgraded from 6.2 to 6.3, did you follow all of the
> > instructions in /usr/src/Makefile perfectly?  See the 10-11 steps
> > listed under "For individuals wanting to upgrade their sources...".
> > I'm left wondering if you didn't do the mergemaster step.
> No, but I perfectly followed instruction in handbook.
> 
> # cvsup -g -L 2 /usr/share/examples/cvsup/stable-supfile
> backup data and /etc
> read /usr/src/UPDATING
> # mergemaster -p
> # shutdown now (drop to single user)
> # fsck -p
> # mount -u /
> # mount -a -t ufs
> # swapon -a
> # adjkerntz -i
> 
> # cd /usr/obj
> # chflags -R noschg *
> # rm -rf *
> 
> # cd /usr/src
> # make [-j4] buildworld
> # make buildkernel KERNCONF=SMP
> # make installkernel KERNCONF=SMP
> # shutdown -r now (reboot the new kernel in single user mode)
> # make installworld
> # mergemaster
> # shutdown -r now (reboot the new system)
> # uname -a (show the new kernel)
> 
> And I also look in some forums.
> I think that the procedure above is correct.

The procedure is documented in /usr/src/Makefile, and you should really
follow that.  I haven't read the Handbook's documentation on what to do,
but the above seems awfully extensive for something that is described in
the Makefile (which I have used since the days of 4.x without issue).

I can't help you with anything relating to updating doc-all or your
/usr/doc tree.  I'm not familiar with that, sorry.

-- 
| Jeremy Chadwick                                    jdc at parodius.com |
| Parodius Networking                           http://www.parodius.com/ |
| UNIX Systems Administrator                      Mountain View, CA, USA |
| Making life hard for others since 1977.                  PGP: 4BD6C0CB |