Problem with using Oes 24.1 as Ntp-source for network

Hi,

the network (Novell Netware, Windows Server and Clients) so far relies on Netware as ntp-time-source.

I set up an additional Oes-server in my network, which also with installation was pointed to the netware-server as ntp-time-source.

For moving the services from Netware to Oes I wanted to start with ntp, but while Oes seems to sync with some public time-sources all stations inside do not sync with Oes.

I. e. when manually adding the Oes into the timesync-parameters in Netware (as secondary) Netware is not able to poll the Oes.

Firewall on the Oes is set to zone=public, so port 123 should be open for poll.

Any ideas?

Regards

Karl

  • Verified Answer

    +1  

    Karl.

    Yes. OEs2023 and newer uses Chrony for time services, and unfortunately, the default settings are, to put it blunt, ridicolous for an OES server. Because they do not allow the server to be a time source.

    You need to edit /etc/chrony.conf, and enable the "allow" line with your local network added. You should also enable (uncomment) the "local stratum 10" line, as well as remove the default "include" statement at the end, which adds undesired time sources nobody asked for by default.

    Then restart chronyd.

  • 0 in reply to   

    Wouldn't it be interesting to do the following ?

    create a file in /etc/chrony.d/,

    e.g.

    /etc/chrony.d/MyCompany.conf

    then commenting all lines or deleting following file :

    /etc/chrony.d/pool.conf

    restart chrony daemon

    Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid. [A. Einstein]

  • 0   in reply to 

    Of course. There always are several ways. I'm afraid though the pool.conf would come back with the next zypper run, latest when chrony gets an update. *Usually*, editing the default .conf doesn't get overwritten. YMMV.

  • 0 in reply to   

     

    Thanks for the heads up!  I had just bumped my server that runs time services from OES 2018 to OES 24.1 and had not caught that change.  Verified all the other services that ran on it, but did not realize ntpd was no longer active.

  • 0 in reply to   

    Massimo,

    did as advised, but still no success.

    For testing I changed a NW6.5-SP8-server from syncing with the actual ntp-source to the OES-server in question and the NW6.5-SP8-server was not able to poll the OES-server with changed chrony.conf and restarted chronyd.

    Any further suggestion?

    Regards

    Karl

  • 0   in reply to 

    Frankly, I don't know if Netware is a good and valid test for NTP services any more. Are you sure you properly added your network to the "allow" line in chrony.conf? 
    What does "ss -nlp | grep 123" come back with?
    You can also enter "chronyc", and then "accheck <anyserverip>" That should return "208 access allowed"

  • 0 in reply to   

    At least Netware syncs everything here for ages till today. ;)

    "ss ..." gives

    udp   UNCONN 0      0     0.0.0.0:123              0.0.0.0:*      users:(("chronyd",pid=7435,fd=7))                                                                                                                                                                                                                                                                      
    tcp   LISTEN 0      1     [::ffff:127.0.0.1]:9005        *:*      users:(("java",pid=1830,fd=123)) 

    "accheck" for the Netware-server-ip gives "208 access allowed".

    Sigh.
  • 0 in reply to   

    Problem seems to be solved. When returning today and resuming tests Netware was able to poll and sync with OES. No idea why.

    Thank you for giving the right hint with the chrony.conf-changes.

    One last question: Why stratum=10? From my understanding  the main-time-source of my network connected to ptb.de should level at stratum=2?

    Regards

    Karl

  • 0 in reply to 

    I think, something like :

    timesync restart flag = on

    would have done the trick directly

    Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid. [A. Einstein]

  • 0   in reply to   

    The chrony topic is somewhat more complex and there may be information in this thread that needs to be considered in much greater depth.
    Therefore, we would like to refer you to the man pages on Chrony, the RFCs contained therein and a small diagnosis. One thing I can confirm at first is that OES patches (but here it needs a precise definition of what that is) change the ntp/chrony configuration for everyone, which is annoying.

    One thing is important though, any OES can serve as a time provider, the chronyd can be configured as NTP server and peer according to RFC1305

    The diagnosis of ntp is best started with a tcpdump. The dump provides really deep information on how NTP is handled on an OES. The dump informs about the timestamps, the leap indicator shows the stratum, the reference, the poll interval and other things that are important for a diagnosis. The udp checksum in the dump is initially unimportant, but it should be noted that bad checksum udp packets are actually discarded.

    The config which this oes server uses is based on an internal time source which is set with iBurst. The internal source is an "NTP proxy", port 123 tcp/udp is deliberately blocked at the firewall from the inside to the outside.

    The pool.conf file is available, it contains the suse ntp source.  

    In the dump you can see external ntp sources from the pool.ntp.org project which are delivered by the "ntp-proxy". It is clear to see that there are "unclean" time sources that provide incorrect time information, but you can also see that the time of the OES system is "wobbly"  

    An "unclean" time on OES has an influence on the NDS, with DSfW or other configs that use Keberos as well. It is therefore necessary to consider how a clean time can really be configured. My experience here is to actually use time server appliances. (Mainberg Time Server)

    the few lines were just a small insight into what chrony does in the suse / oes standard config. To get a stable time more is necessary. In the network in which the OES systems run, there is a time provider group that uses the DFC 77 signal and other time sources. In Europe DCF 77 is a good option, in the USA and Canada there are also stable radio time sources or organizations that have atomic clocks and propagate the time. It is a task to ensure a stable time and unfortunately it is also the case that OT / SUSE overwrite correct settings with defaults again and again and it has to be reworked.

    # chronyc sources

    MS Name/IP address         Stratum Poll Reach LastRx Last sample
    ===============================================================================
    ^* intern-time-source.domain.com             3   6   377    37    +30us[  +37us] +/-   39ms
    ^? y.ns.gin.ntt.net              0  10     0     -     +0ns[   +0ns] +/-    0ns
    ^? stratum2-4.ntp.techfak.u>     0  10     0     -     +0ns[   +0ns] +/-    0ns
    ^? mail.sassmann.nrw             0  10     0     -     +0ns[   +0ns] +/-    0ns
    ^? 158.101.188.125               0  10     0     -     +0ns[   +0ns] +/-    0ns

    # chronyc tracking
    Reference ID    : C0A80A15 (intern-time-source.domain.com)
    Stratum         : 4
    Ref time (UTC)  : Thu Mar 28 09:53:48 2024
    System time     : 0.000000084 seconds fast of NTP time
    Last offset     : -0.000088394 seconds
    RMS offset      : 0.000044800 seconds
    Frequency       : 87.204 ppm slow
    Residual freq   : -0.321 ppm
    Skew            : 0.583 ppm
    Root delay      : 0.026387626 seconds
    Root dispersion : 0.006964427 seconds
    Update interval : 64.2 seconds
    Leap status     : Normal

    chronyc sourcestats

    Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
    ==============================================================================
    intern-time-source.domain.com           6   3   323     -0.191      0.746  -8788ns    22us
    y.ns.gin.ntt.net            0   0     0     +0.000   2000.000     +0ns  4000ms
    stratum2-4.ntp.techfak.u>   0   0     0     +0.000   2000.000     +0ns  4000ms
    mail.sassmann.nrw           0   0     0     +0.000   2000.000     +0ns  4000ms
    mail.mapetr.moe             0   0     0     +0.000   2000.000     +0ns  4000ms



    # tcpdump port 123 -vv


    10:19:01.713134 IP (tos 0x0, ttl 64, id 41462, offset 0, flags [DF], proto UDP (17), length 76)
        oes-server.domain.com.42087 > intern-time-source.domain.com.ntp: [bad udp cksum 0x95cf -> 0xb991!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 6 (64s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   2431308794.766200622 (1977-01-17T03:33:14Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 2431308794.766200622 (1977-01-17T03:33:14Z)
    10:19:01.713658 IP (tos 0xb8, ttl 64, id 8809, offset 0, flags [DF], proto UDP (17), length 76)
        intern-time-source.domain.com.ntp >  oes-server.domain.com.42087: [udp sum ok] NTPv4, Server, length 48
            Leap indicator:  (0), Stratum 3 (secondary reference), poll 6 (64s), precision -22
            Root Delay: 0.026046, Root dispersion: 0.025939, Reference-ID: 0x9e65bc7d
              Reference Timestamp:  3920606053.068343151 (2024-03-28T09:14:13Z)
              Originator Timestamp: 2431308794.766200622 (1977-01-17T03:33:14Z)
              Receive Timestamp:    3920606341.713193611 (2024-03-28T09:19:01Z)
              Transmit Timestamp:   3920606341.713476064 (2024-03-28T09:19:01Z)
                Originator - Receive Timestamp:  +1489297546.946992989
                Originator - Transmit Timestamp: +1489297546.947275441
    10:19:05.565127 IP (tos 0x0, ttl 64, id 44014, offset 0, flags [DF], proto UDP (17), length 76)
         oes-server.domain.com.47454 > time.cloudflare.com.ntp: [bad udp cksum 0x362d -> 0xf4cd!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   1715396392.437274603 (1954-05-12T02:59:52Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 1715396392.437274603 (1954-05-12T02:59:52Z)
    10:19:05.763035 IP (tos 0x0, ttl 64, id 5205, offset 0, flags [DF], proto UDP (17), length 76)
     oes-server.domain.com.43842 > electrode.felixc.at.ntp: [bad udp cksum 0x7ff4 -> 0x0520!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   2214742483.965162212 (1970-03-08T14:14:43Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 2214742483.965162212 (1970-03-08T14:14:43Z)
    10:19:09.541068 IP (tos 0x0, ttl 64, id 47216, offset 0, flags [DF], proto UDP (17), length 76)
         oes-server.domain.com.46189 > ntp3.rrze.uni-erlangen.de.ntp: [bad udp cksum 0x52ad -> 0xda10!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   1867869881.630530567 (1959-03-11T20:44:41Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 1867869881.630530567 (1959-03-11T20:44:41Z)
    10:19:10.338272 IP (tos 0x0, ttl 64, id 12787, offset 0, flags [DF], proto UDP (17), length 76)
        oes-server.domain.com.44164 > 185.13.148.71.ntp: [bad udp cksum 0x1867 -> 0x67f3!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   3879270900.438176509 (2022-12-05T23:15:00Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 3879270900.438176509 (2022-12-05T23:15:00Z)
    10:19:34.477643 IP (tos 0x0, ttl 64, id 20287, offset 0, flags [DF], proto UDP (17), length 76)
         oes-server.domain.com.48539 > de-fra2-ntp1.level66.network.ntp: [bad udp cksum 0xe0c7 -> 0x59d0!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   3352156399.702476942 (2006-03-24T02:33:19Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 3352156399.702476942 (2006-03-24T02:33:19Z)
    10:19:34.662929 IP (tos 0x0, ttl 64, id 19532, offset 0, flags [DF], proto UDP (17), length 76)
        oes-server.domain.com.53111 > formularfetischisten.de.ntp: [bad udp cksum 0x111a -> 0x4c0b!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   97973059.190955971 (1903-02-08T22:44:19Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 97973059.190955971 (1903-02-08T22:44:19Z)
    10:19:34.863084 IP (tos 0x0, ttl 64, id 19042, offset 0, flags [DF], proto UDP (17), length 76)
         oes-server.domain.com.44233 > jumpbox.sarik.tech.ntp: [bad udp cksum 0x5f23 -> 0x30e7!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   671772393.334116629 (1921-04-16T03:26:33Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 671772393.334116629 (1921-04-16T03:26:33Z)
    10:19:37.009060 IP (tos 0x0, ttl 64, id 27536, offset 0, flags [DF], proto UDP (17), length 76)
         oes-server.domain.com.48306 > time.ontobi.com.ntp: [bad udp cksum 0x69a8 -> 0x45a7!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 8 (256s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   1770138599.552433331 (1956-02-04T17:09:59Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 1770138599.552433331 (1956-02-04T17:09:59Z)
    10:20:06.117178 IP (tos 0x0, ttl 64, id 1378, offset 0, flags [DF], proto UDP (17), length 76)
         oes-server.domain.com 41627 > interrn-time-source.domain.com.ntp: [bad udp cksum 0x95cf -> 0x9fd7!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 6 (64s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   4187299627.416968966 (2032-09-09T02:47:07Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 4187299627.416968966 (2032-09-09T02:47:07Z)
    10:20:06.117728 IP (tos 0xb8, ttl 64, id 9965, offset 0, flags [DF], proto UDP (17), length 76)
        intern-time-soruce.domain.com.ntp > oes-server.domain.com.41627: [udp sum ok] NTPv4, Server, length 48
            Leap indicator:  (0), Stratum 3 (secondary reference), poll 6 (64s), precision -22
            Root Delay: 0.026046, Root dispersion: 0.026916, Reference-ID: 0x9e65bc7d
              Reference Timestamp:  3920606053.068343151 (2024-03-28T09:14:13Z)
              Originator Timestamp: 4187299627.416968966 (2032-09-09T02:47:07Z)
              Receive Timestamp:    3920606406.117217275 (2024-03-28T09:20:06Z)
              Transmit Timestamp:   3920606406.117529915 (2024-03-28T09:20:06Z)
                Originator - Receive Timestamp:  -266693221.299751690
                Originator - Transmit Timestamp: -266693221.299439050
    10:21:10.505131 IP (tos 0x0, ttl 64, id 36923, offset 0, flags [DF], proto UDP (17), length 76)
        oes-server.domain.com.39150 > intern-time-source.domain.com.ntp: [bad udp cksum 0x95cf -> 0x35e9!] NTPv4, Client, length 48
            Leap indicator:  (0), Stratum 0 (unspecified), poll 6 (64s), precision 32
            Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
              Reference Timestamp:  0.000000000
              Originator Timestamp: 0.000000000
              Receive Timestamp:    0.000000000
              Transmit Timestamp:   3728697698.151550477 (2018-02-27T05:21:38Z)
                Originator - Receive Timestamp:  0.000000000
                Originator - Transmit Timestamp: 3728697698.151550477 (2018-02-27T05:21:38Z)
    10:21:10.505570 IP (tos 0xb8, ttl 64, id 21483, offset 0, flags [DF], proto UDP (17), length 76)
        interne-timesourve.com.ntp > oes-server.domain.com.39150: [udp sum ok] NTPv4, Server, length 48
            Leap indicator:  (0), Stratum 3 (secondary reference), poll 6 (64s), precision -22
            Root Delay: 0.026046, Root dispersion: 0.027862, Reference-ID: 0x9e65bc7d
              Reference Timestamp:  3920606053.068343151 (2024-03-28T09:14:13Z)
              Originator Timestamp: 3728697698.151550477 (2018-02-27T05:21:38Z)
              Receive Timestamp:    3920606470.505111113 (2024-03-28T09:21:10Z)
              Transmit Timestamp:   3920606470.505354259 (2024-03-28T09:21:10Z)
                Originator - Receive Timestamp:  +191908772.353560636
                Originator - Transmit Timestamp: +191908772.353803782

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei