Bootstrap FreeKB - NTP - Resolve "leap status not synchronised"
NTP - Resolve "leap status not synchronised"

Updated:   |  NTP articles

On the client

The client will probably be using the ntpd or chronyd daemon, but not both. The service or systemctl command can be used to determine if the client is using chrony or ntpd.

The ps command can be used to determine if your system is using init or systemd. If PID 1 is init, then you will use the service command. If PID 1 is systemd, then you will use the systemctl command.

If your system is using systemd, use the systemctl command to start and enable chrony.

systemctl enable chrony
systemctl start chrony
systemctl status chrony

systemctl enable ntp
systemctl start ntp
systemctl status ntp

 

If your system is using init, use the chkconfig and service commands to start and enable chrony.

chkconfig chrony on
service chrony start
service chrony status

chkconfig ntp on
service ntp start
service ntp status

 

If using the ntpd deamon, the ntpstat command can be used to determine if the client is synchronized to the ntpd server. 

ntpstat
. . .
synchronised to NTP server (10.0.0.9) at stratum 3 
   time correct to within 17 ms
   polling server every 1024 s

 

If using chrony, the chronyc tracking command can be used to determine if the Leap status is normal or not synchronised.

chronyc tracking
. . .
Leap status    : Not synchronised

 

Ensure the client has the correct entry in the /etc/ntp.conf or /etc/chrony.conf file. There should be an entry such as server ntp.example.com iburst, where ntp.example.com is the NTP server being used for time synchronization, and the 4 pool servers should be commented out.

cat /etc/chrony.conf | grep server
. . .
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp.example.com iburst

 

The allow directive should also be commented out on the client, where x.x.x.x/xx is an IP address and prefix.

#allow x.x.x.x/xx 

 

Ensure the ntpd or chronyd daemon is active and running on the client.

systemctl status chronyd
systemctl status ntpd

 

If iptables is being used on the client, ensure iptables has both the INPUT and OUTPUT listings on port 123.

cat /etc/sysconfig/iptables | grep 123
. . .
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT

 

If firewalld is being used on the client, ensure firewalld is configured to allow port 123.

firewall-cmd --list-all
. . .
  ports: 123/tcp

 


On the server

The server will probably be using ntpd or chronyd. Ensure the # character does not precede the word "server" in the /etc/ntp.conf or /etc/chrony.conf file. In another words, you want to ensure the "server" section is not commented out.

cat /etc/chrony.conf | grep server
. . .
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

 

The allow directive should also not be commented out, where x.x.x.x/xx is an IP address and prefix.

allow x.x.x.x/xx 

 

If iptables is being used on the server, ensure iptables has both the INPUT and OUTPUT listings on port 123.

cat /etc/sysconfig/iptables | grep 123
. . .
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT

 

If firewalld is being used on the server, ensure firewalld is configured to allow port 123.

firewall-cmd --list-all
. . .
  ports: 123/tcp

 

If the server is using chrony, use the chronyc activity command to ensure all 4 sources are online.

chronyc activity
. . .
200 OK
4 sources online
0 sources offline

 

If the server is using chrony, use the chronyc sources command to ensure chrony is able to talk to source clock NTP servers.

chronyc sources
. . .
210 Number of sources = 4
MS Name/IP address          Stratum Poll Reach LastRx Last sample
================================================================================
^* time.tritn.com           2       10   377   106    +4651us[+4599us] +/-  68ms
^+ ns2.uplogon.com          2       10   377   265    -2746us[-2435us] +/-  73ms
^+ time-b.nist.gov          2       10   377   836    -5634us[-5744us] +/- 106ms
^+ mail.coldnorthadmin.com  2       10   377   963    -6522us[-6123us] +/- 143ms

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


October 16 2017 by Mo
Hey, I am unable to get my chronyd sync, I have followed the steps and unfortunately I am failing to get '*'

October 17 2017 by Jeremy (moderator)
If the chronyc sources command does not contain a record that begins with *, this means your chronyd service is not synchronised to an NTP reference clock. If "number of sources" is 0, this suggests some configuration issue with your /etc/chrony.conf file. It would be surprising if "number of sources" is 1 or more and the * symbol is not displayed.

October 17 2017 by Mo
[root@osctr ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^? controller 0 10 0 - +0ns[ +0ns] +/- 0ns [root@osctr ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server 10.0.0.11 iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. allow 10.0.0.0/24 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking [root@osctr ~]#

October 17 2017 by Jeremy (moderator)
I am not quite sure if the /etc/chrony.conf file is the configuration file from your NTP server or NTP client. It looks like you have commented out the 4 CentOS pool servers, and have added "server 10.0.0.11 iburst". This is what you would do to configure a client to connect to a local NTP server. It looks like you have also removed the comment from "allow 10.0.0.0/24", which is what you would do to configure an NTP server so that clients in the 10.0.0.0/24 domain are allowed. In another words, it looks like your configurations is a mixture of both client side and server side setup. I have update the article with these details, so that there is a better distinction between client side config and server side config. Does this help?

Add a Comment


Please enter 9f86fc in the box below so that we can be sure you are a human.