Re: [chrony-users] How to set chrony on a remote server with always on internet

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 6 Apr 2010 at 8:28, J. Bakshi wrote:

> On 04/05/2010 04:15 PM, David Lord wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 5 Apr 2010 at 12:13, J. Bakshi wrote:
> >
> >   
> >> On 04/05/2010 10:30 AM, Bill Unruh wrote:
> >>     
> >>> On Mon, 5 Apr 2010, J. Bakshi wrote:
> >>>
> >>>       
> >>>> Thanks for your response. I have followed the tcpdump method with both
> >>>> firewall enable and disable mode and both the time the output is
> >>>> same; like
> >>>>
> >>>> ``````````````````````
> >>>>         
> >>> ...
> >>>       
> >>>> 08:32:53.164293 IP 192.168.1.1.44835 > localhost.323: UDP, length 40
> >>>> 08:32:53.164309 IP 192.168.1.1.323 > 192.168.1.1.44835: UDP, length 44
> >>>> ````````````````````````````
> >>>> you can see here that port 323 is accessible but still I get the
> >>>> error as
> >>>>
> >>>> ````````````
> >>>> chronyc> tracking
> >>>> 506 Cannot talk to daemon
> >>>> `````````````````
> >>>>         
> > What is your chrony.conf?
> >
> > In particular the key and allow/deny settings
> >
> >
> > David
> >
> >
> >   
> 
> ```````````````````````````
> server 0.debian.pool.ntp.org auto_offline minpoll 8
> server 1.debian.pool.ntp.org auto_offline minpoll 8
> server 2.debian.pool.ntp.org auto_offline minpoll 8
> server 3.debian.pool.ntp.org auto_offline minpoll 8
> 
> # Look here for the admin password needed for chronyc. The initial
> # password is generated by a random process at install time. You may
> # change it if you wish.
> 
> keyfile /etc/chrony/chrony.keys
> 
> # Set runtime command key. Note that if you change the key (not the
> # password) to anything other than 1 you will need to edit
> # /etc/ppp/ip-up.d/chrony, /etc/ppp/ip-down.d/chrony, /etc/init.d/chrony
> # and /etc/cron.weekly/chrony as these scripts use it to get the password.
> 
> commandkey 1
> 
> # I moved the driftfile to /var/lib/chrony to comply with the Debian
> # filesystem standard.
> 
> driftfile /var/lib/chrony/chrony.drift
> 
> # Comment this line out to turn off logging.
> 
> log tracking measurements statistics
> logdir /var/log/chrony
> 
> # Stop bad estimates upsetting machine clock.
> 
> maxupdateskew 100.0
> 
> # Dump measurements when daemon exits.
> 
> dumponexit
> 
> # Specify directory for dumping measurements.
> 
> dumpdir /var/lib/chrony
> 
> # Let computer be a server when it is unsynchronised.
> 
> local stratum 10
> 
> # Allow computers on the unrouted nets to use the server.
> 
> allow 10/8
> allow 192.168/16
> allow 172.16/12
> 
> # This directive forces `chronyd' to send a message to syslog if it
> # makes a system clock adjustment larger than a threshold value in seconds.
> 
> logchange 0.5
> 
> # This directive defines an email address to which mail should be sent
> # if chronyd applies a correction exceeding a particular threshold to the
> # system clock.
> 
> #mailonchange root@localhost 0.5
> 
> # This directive tells chrony to regulate the real-time clock and tells it
> # Where to store related data. It may not work on some newer motherboards
> # that use the HPET real-time clock. It requires enhanced real-time
> # support in the kernel. I've commented it out because with certain
> # combinations of motherboard and kernel it is reported to cause lockups.
> 
> # rtcfile /var/lib/chrony/chrony.rtc
> 
> # If the last line of this file reads 'rtconutc' chrony will assume that
> # the CMOS clock is on UTC (GMT). If it reads '# rtconutc' or is absent
> # chrony will assume local time. The line (if any) was written by the
> # chrony postinst based on what it found in /etc/default/rcS. You may
> # change it if necessary.
> rtconutc
> 
> ````````````````````

Main difference from mine is I have extra lines for cmdallow

allow 192.168/16
.....
cmdallow 192.168/16
.....


Other than that it looks ok. I don't have chrony running 
on any system at moment to check if cmdallow is needed 
for use of chronyc


David
 


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4 -- QDPGP 2.65 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBS7sA+q2RmIodDo7KEQKvvACgqPlD/Q1HWVbvj8NDqdU37zsvJGoAn0gU
zRjBRlFJy6/QNh22dr07NLaC
=7SWZ
-----END PGP SIGNATURE-----

---
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/