Monday, January 09, 2006

ntp primer (not really)

There are dozens of great FAQs for NTP. But, here's an issue that took me a while to figure out.

I had a server with ntp configuration that would not synchronize with the ntp server.
The configuraiton was the default ntp.conf file, and I added one line for my ntp server . Something along the lines of:
server 10.11.12.13

Btw, to check who you are synchronizing with you can issue : "ntpstat". Also "ntpq -p" is very useful (the active server is marked with a "*").

after much research, I discovered that Fedora (and RedHat enterprise) comes with ntp.conf that has the following line : restrict default ignore
This command causes all the ntp responses to be ignored!!

The solution was to add the line:
restrict 10.11.12.13
which caused the server to allow this specific address to answer. You can add additional limitations, but I didn't bother.
Moreover, you can just get rid of the global ignore line, but just be aware that it will open your server up to ntp traffic from other places..

one more quick note. If you want to synchronize your server right now, and not wait for ntp to do it slowly .. do the following:
1. stop ntpd
2. issue the command : ntpdate
3. start ntpd

This will align your clock with your server immidiately, and then you can let ntpd be "on-guard".

ok, now you have no excuse to be out of sync..

crazy ulimit / ssh issue

This is one of this crazy ones .. which you don't ask about, you just do the workaround ! :)

Sometimes (thus far I have seen it on FC-2 and RH-9) when you try to set ulimit for a user, you get a weird error and the ulimit settings failed.

When looking in /var/log/secure you will see entries like this one:
su: pam_succeed_if: requirement "uid < 100" not met by user "myuser"

even though you have the right settings in /etc/security/limits.conf (meaning you designated your desired user to have limit above the default)

This is some bug with SSH.. not sure what is it.
The workaround I found was :
1. sudo into root, issue the same ulimit command you tried to issue for the user.
2. sudo into the desired user (this time ulimit will work)
3. exit back to root and restart SSHd.
4. completely logout, and log back in as the desired user

The issue is gone..
voodoo .. but it worked for me. :-)