错误现象:
[root@magedu ~]# ntpdate 192.169.123.149
22 May 20:53:07 ntpdate[5580]: no server suitable for synchronization found
[root@magedu ~]# ntpdate -d 192.169.123.149
22 May 20:48:03 ntpdate[5487]: ntpdate [email protected] Wed Jun 18 21:20:36 UTC 2014 (1)
Looking for host 192.169.123.149 and service ntp
host found : 192-169-123-149-customer.oowvps.com
transmit(192.169.123.149)
transmit(192.169.123.149)
transmit(192.169.123.149)
transmit(192.169.123.149)
transmit(192.169.123.149)
192.169.123.149: Server dropped: no data
server 192.169.123.149, port 123
stratum 0, precision 0, leap 00, trust 000
refid [192.169.123.149], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Mon, Jan 1 1900 7:36:42.000
originate timestamp: 00000000.00000000 Mon, Jan 1 1900 7:36:42.000
transmit timestamp: d909a409.68167265 Fri, May 22 2015 20:48:09.406
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
22 May 20:48:11 ntpdate[5487]: no server suitable for synchronization found
错误原因:
(1)、检查ntp的版本,如果你使用的是ntp4.2(包括4.2)之后的版本,在restrict的定义中使用了notrust的话,会导致以上错误。
使用以下命令检查ntp的版本:
# ntpq -c version
下面是来自ntp官方网站的说明:
The behavior of notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don't trust this host/subnet for time".
In 4.2 (and later) notrust means "Ignore all NTP packets that are not cryptographically authenticated." This forces remote time servers to authenticate themselves to your (client) ntpd
解决:把notrust去掉。
(2)、检查ntp server的防火墙。可能是server的防火墙屏蔽了upd 123端口。
可以用命令:
# service iptables stop
或者
# iptables -I INPUT -m udp -p udp --dport 123 -j ACCEPT
(3)、ntpdate命令后面的IP地址写错了。。。