Hello, I've read in a bug report[1] that the "notrust" option must not be used with ntp since doing so wouldn't sync clocks. In the past weeks, I was wondering why the hell my home network had unsynced clocks and that bug had the answer: the "notrust" option. Now, since I use dhcpcd, it automaticaly generates this file: $ cat /etc/ntp.conf restrict default noquery notrust nomodify restrict 127.0.0.1 restrict 192.168.1.0 mask 255.255.255.0 restrict 192.168.1.254 server 192.168.1.254 driftfile /var/lib/ntp/ntp.drift logfile /var/log/ntp.log With that file, my boxes didn't sync. Removing the "notrust" option and adding "-N" to dhcpcd options in /etc/conf.d/net fixed the problem. *BUT* it could be a pain to maintain every /etc/ntp.conf manualy so I suggest to patch dhcpcd to get rid of "notrust" (dhcpconfig.c, line 420) I'm not an expert, but that change works here (well, together with iburst in the server line to make in sync faster ;-) Best regards, Norberto [1] http://bugs.gentoo.org/show_bug.cgi?id=41827
notrust can be used as long as you properly setup ntpd on all the machines there is also a warning in /etc/conf.d/net that says if you dont want dhcp killing your ntp.conf file to use the -N option ... that warning seems to have been lost in the newer versions of baselayout so i'll have agriffis re-add it ... but otherwise, i'm not patching dhcpcd
No, I don't want -N in /etc/conf.d/net Are there any howto I could read to configure ntp to work with dhcpcd (or dhcpcd with ntp)? Thanks, Norberto
manpage is all i can think of
I think that ntp's ebuild should somehow add the -N option in the appropriate line /etc/conf.d/net (maybe with some sort of grepping/sedding?). I'm not sure what are the guidelines for an ebuild going to modify the config file of something as crucial as networking, though. However, it's a fact that posts about ntpd not working properly are swarming in the forums, and most of the times it's the -N option thing. This is a problem that _has_ to be addressed and fixed. If adding automatically the -N option to dhcp with ntp's ebuild is not feasible, there should at the VERY LEAST be an einfo or ewarn to tell users that they must add the -N option to have a working ntp. Otherwise it will just be a big source of stress for users.
patch dhcp and get rid of notrust. -N is not an option; I don't want to manually maintain /etc/ntp.conf.
the ntp ebuild will not automatically add options for the user; that's just bad behavior patching wont happen either; some people use this feature the default ntp.conf already has a warning about adding -N to conf.d/net the only other visible place to add a warning is conf.d/net itself
the documentation of ntp is hard to understand. i read it for quite a while now in order to understand what was going wrong on my site here. the notrust option as set by dhcpcd is no problem, since it is just in the "default" case. your servers instead match one of the other lines, probably the subnet masking line: restrict 192.168.1.0 mask 255.255.255.0 always only one line matches. ntpd does not accumulate options! it looks for a matching line. if none matches, he uses the default entry. you can also do restrict default ignore you will see that still your ntp is working, since the default case is not used here. for that reason the "notrust" option just like all other options on the default line do not matter at all. on the other hand, using notrust implies copying a secret file from the server to the clients!!! read the ntp docs. i am sure no machine configured by dhcp uses encrypted ntp communication! it is very easy to get everything wrong on ntp configuration, since the docs are bad and the debugging also. anyway the generated ntp.conf file is not very intelligent :) i will submit another bug in few minutes.
fixed in cvs via 'peer_ntp' variable