I'm trying to get a system with no outside internet access (A) to get the time from another system on the LAN that does (B).
In A's ntp.conf (the whole thing is at bottom), I've added:
server 192.168.2.102
restrict 192.168.2.102
Referring to B's IP. After an hour of reading man pages, looking at online examples, etc., as far as I can tell this should mean it will use that local server, and trust it for anything.
However, it doesn't work. I can watch the two exchange times in wireshark, and running ntpq -p on A shows:
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.2.102 .INIT. 16 u 16 64 0 0.000 0.000 0.000
If I stop ntpd on A and try ntpd -gq, I can again watch a back and forth in wireshark, but after a minute or two the command times out with "No servers found".
I've even tried adding to A's conf:
fudge 192.168.2.102 stratum 1
Doesn't make any difference.
How can I force ntpd to set the time from a specific server? It looks like this used to be easy enough using ntpdate — which is depreciated and does not exist on the system.
Here's the entire ntp.conf for machine A. This is stock Debian wheezy. The only changes I made were to add the lines involving 192.168.2.102, and comment out the debian pool servers to try and eliminate confusion there, so they are unreachable anyway.
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
server 192.168.2.102
restrict 192.168.2.102
fudge 192.168.2.102 stratum 1
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#server 0.debian.pool.ntp.org iburst
#server 1.debian.pool.ntp.org iburst
#server 2.debian.pool.ntp.org iburst
#server 3.debian.pool.ntp.org iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
Best Answer
Something like the following should work.