web-dev-qa-db-ja.com

NTP:Linuxクライアントは(w32timeではなく)ntpdを実行しているWin7サーバーと同期しません

Win7ホストにのみ接続された内部ネットワーク上で実行されているLinuxホストを備えたボットがあります。 Win7ホストにはインターネットアクセスがありますが、Linuxホストにはありません。 (歴史的理由)

Win7ボックスにMeinbergからNTPDをロードすると、ネットワークサーバーと正常に同期します(w32タイムサービスは無効になっています)。ただし、Linuxクライアントはそのwin7サーバーと同期できません。インターネットと同期するデスクトップLinuxも、そのwin7サーバーと同期できません。

**trying from Linux to Windows**
root@os-linux:~# ntpdate -dvu 192.168.128.118
15 Dec 14:30:13 ntpdate[2124]: ntpdate [email protected] Fri Oct 23 16:45:28 UTC 2015 (1)
Looking for Host 192.168.128.118 and service ntp
Host found : robot-10424.ith.local
transmit(192.168.128.118)
transmit(192.168.128.118)
transmit(192.168.128.118)
transmit(192.168.128.118)
transmit(192.168.128.118)
192.168.128.118: Server dropped: no data
server 192.168.128.118, port 123
stratum 0, precision 0, leap 00, trust 000
refid [192.168.128.118], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time:    00000000.00000000  Sun, Dec 31 1899 16:00:00.000
originate timestamp: 00000000.00000000  Sun, Dec 31 1899 16:00:00.000
transmit timestamp:  da1b12fb.91411c7f  Tue, Dec 15 2015 14:30:19.567
filter delay:  0.00000  0.00000  0.00000  0.00000 
         0.00000  0.00000  0.00000  0.00000 
filter offset: 0.000000 0.000000 0.000000 0.000000
         0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
15 Dec 14:30:21 ntpdate[2124]: no server suitable for synchronization found

ここではwin7(NTPDサーバー)のconfコンテンツ....

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
#server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
server 192.168.128.118
# Use Ubuntu's ntp server as a fallback.
server ntp.ubuntu.com

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

win7 ntp.conf

# NTP Network Time Protocol 
# **** ATTENTION ****: *You have to restart the NTP service when you change this file to activate the changes* 
# PLEASE CHECK THIS FILE CAREFULLY AND MODIFY IT IF REQUIRED 
# Configuration File created by Windows Binary Distribution Installer Rev.: 1.27  mbg
# please check http://www.ntp.org for additional documentation and background information
# restrict access to avoid abuse of NTP for traffic amplification attacks 
# see http://news.meinberg.de/244 for details  
#restrict default noquery nopeer nomodify notrap  
#restrict -6 default noquery nopeer nomodify notrap  

# allow status queries and everything else from localhost 
restrict 127.0.0.1 
restrict -6 ::1 

# if you need to allow access from a remote Host, you can add lines like this: 
restrict 192.168.128.36 mask 255.255.0.0 

# Use drift file 
driftfile "c:\Program Files\NTP\etc\ntp.drift"

# your local system clock, could be used as a backup
# (this is only useful if you need to distribute time no matter how good or bad it is)
#server 127.127.1.0
# but it should operate at a high stratum level to let the clients know and force them to
# use any other timesource they may have.
#fudge 127.127.1.0 stratum 12

# Use a NTP server from the ntp pool project (see http://www.pool.ntp.org)
# Please note that you need at least four different servers to be at least protected against
# one falseticker. If you only rely on internet time, it is highly recommended to add
# additional servers here. 
# The 'iburst' keyword speeds up initial synchronization, please check the documentation for more details!
 server 0.pool.ntp.org iburst minpoll 6 maxpoll 7
 server 1.pool.ntp.org iburst minpoll 6 maxpoll 7
 server 2.pool.ntp.org iburst minpoll 6 maxpoll 7
 server 3.pool.ntp.org iburst minpoll 6 maxpoll 7
 server 4.pool.ntp.org iburst minpoll 6 maxpoll 7

# Use specific NTP servers
server 3.north-america.pool.ntp.org iburst minpoll 6 maxpoll 7
3
John Fisher

ライアンのおかげで、ntpdをWindowsファイアウォールのリストに追加する必要がありました。後から考えると明らかですが、Windowsの初心者にはわかりません。

1
John Fisher