解决ntp的错误：no server suitable for synchronization found

时间:2013-10-29 07:10:03      作者:vaster      标签: Linux ntp错误      分类: FQA Linux Linux服务

今天是VN_TLBB例行更新维护，早上项目组同学说，那些服务器中有一台不能进行时间同步，于是开始排查：

查看时区：

# date -RWed, 23 Oct 2013 09:07:37 +0700
Wed, 23 Oct 2013 09:07:37 +0700

尝试进行时间同步：

# /usr/sbin/ntpdate 180.148.132.254  
23 Oct 09:07:29 ntpdate[23389]: sendto(180.148.132.254): Success
23 Oct 09:07:30 ntpdate[23389]: sendto(180.148.132.254): Success
23 Oct 09:07:31 ntpdate[23389]: sendto(180.148.132.254): Success
23 Oct 09:07:32 ntpdate[23389]: sendto(180.148.132.254): Success23 Oct 09:07:33 ntpdate[23389]: no server suitable for synchronization found
23 Oct 09:07:33 ntpdate[23389]: no server suitable for synchronization found

查看一下防火墙，发现没有udp-123的出规则，把规则添加上

# iptables -nvL# iptables –A OUTPUT –p udp –m udp –dport 123
# iptables –A OUTPUT –p udp –m udp –dport 123

测试端口是否通，Succeeded表示通了，没有输出任何东西表示不通

# nc -zvuw 1 180.148.132.254 123        Connection to 180.148.132.254 123 port [udp/ntp] succeeded!
Connection to 180.148.132.254 123 port [udp/ntp] succeeded!

再次尝试时间同步：

# ntpdate  180.148.132.254                23 Oct 09:40:27 ntpdate[10627]: adjust time server 180.148.132.254 offset 0.056238 sec
23 Oct 09:40:27 ntpdate[10627]: adjust time server 180.148.132.254 offset 0.056238 sec

【扩展】

出现no server suitable for synchronization found 这个错误还有一种原因，就是ntp服务器与客户端版本不一致导致。（这种情况一般是自己搭建的ntp服务器）

查看ntp版本：# ntpq -c version

解决办法：（下面是来自ntp官方网站的说明）

The behavior of notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don't trust this host/subnet for time".In 4.2 (and later) notrust means "Ignore all NTP packets that are not cryptographically authenticated." This forces remote time servers to authenticate themselves to your (client) ntpd
In 4.2 (and later) notrust means "Ignore all NTP packets that are not cryptographically authenticated." This forces remote time servers to authenticate themselves to your (client) ntpd

在ntpserver的配置中的restrict的定义中，把notrust去掉。