"synchronisation lost" errors for Solaris NTP server Post: 303042092

Sponsored Content

Operating Systems Solaris "synchronisation lost" errors for Solaris NTP server Post 303042092 by Neo on Friday 13th of December 2019 11:36:03 PM

12-14-2019

Administrator

Quote:

Originally Posted by jlliagre

NTP might be the least of the security issues here.

Running such an outdated and unpatched version of Solaris (17 years old!) in production is quite unreasonable. There are certainly hundreds of major vulnerabilities on that server. Moreover, assuming a firewall is protecting the server and NTP is the only visible service, you might have issues compiling a recent version of chrony for Solaris 9 anyway.

Well stated.

Let me be more to the point.

It is a total waste of time to be replying to anyone who is running a 17 year old OS (with a seriously flawed and out-of-date version of NTP), which could be replaced in a day for free with a modern OS (more secure, more reliable, not seriously flawed, and do a much better job for a NTP application).

The original poster is wasting our time, showing a lack of concern for our time, to ask us to sort out a problem on a 17 year old operating system (and not telling us before hand the version(s) they are running), which could be replaced by any "normal" system admin in less than a hour (for free, and do a better and more reliable job).

This is why I wish everyone here at unix.com would slow down (including myself at times) and stop answering questions from posters until the posters first describe the operation system, version numbers, etc. Some here are good at this, some of us are good at this sometimes and then forgot to ask, others seem to like to bypass the "understanding" phase and just post answers without any concern for the user's OS, versions, etc.

Everyone here (including me sometimes, but not often) needs to slow down and ask people who post questions to describe the OS, version, etc. before providing "quick" answers to questions. Jumping to "answers" before having the "right understanding" is not teaching people how to solve problems, it is contributing to the problem (in my view).

Perhaps I need to change the forum rules and make this a posting requirement in 2020?

Editorial Comment:

As a side note, the reason that most computers are hacked with ransomware or other easily acquired malware (easily purchased on the dark web) is that they are running unpatched, antiquated systems and obsolete code. Every system admin, organization and company must keep their computer operating systems up-to-date, fully patched and upgraded to the latest versions. This is very basic. Do not run vulnerable, obsolete code and antiquated operating systems. Update your operation systems, update your apps, make and maintain backups (onsite and offsite). Manage your IT systems, please.

Neo

View Public Profile for Neo

Visit Neo's homepage!

Find all posts by Neo

9 More Discussions You Might Find Interesting

1. Filesystems, Disks and Memory

Restoring back files from "lost+found" directory

Hi Friends, How can I Restore the Files present under "lost+found" Directory of a FileSystem (in Solaris & Tru64 OS) to their original Locations. Now-a-days I am loosing lots of files in 2 of my Machines, One running Solaris8 and other Tru64(Digital) Unix. Thanx in...

2. UNIX for Dummies Questions & Answers

Can you force local NTP server to be accepted as "suitable"?

Is there some way to force the NTP server on a brand-new install to be "suitable" to sync other servers from? (I'm more concerned with synchronization between machines, and less concerned with what the actual time they sync to is) For example, whenever I install fresh from the Fedora DVDs and...

3. Linux

NTP treshold "synchronisation lost"

does anyone know how to change the treshold of 128ms in NTP. in order to ignore these alarms: Oct 27 14:44:15 rt1 ntpd: synchronisation lost Oct 27 15:08:25 rt1 ntpd: time reset 0.688591 s Oct 27 15:08:25 rt1 ntpd: synchronisation lost Oct 27 15:28:45 rt1 ntpd: time reset 0.462257 s

4. UNIX for Advanced & Expert Users

All alias in .profile lost when "script" command is called

Hi, I was trying to call "script <an ip add>" command from .profile file to log everything whenever anyone logs in to this user. I did the following at the end of .profile. 1) Extracted the IP address who logged in 2) Called script < ip add> . The problem I am facing is all, aliases etc. written...

5. AIX

"too big" and "not enough memory" errors in shell script

Hi, This is odd, however here goes. There are several shell scripts that run in our production environment AIX 595 LPAR m/c, which has sufficient memory 14GB (physical memory) and horsepower 5CPUs. However from time to time we get the following errors in these shell scripts. The time when these...

6. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone...

7. Solaris

Printer configuration Migration from Solaris 10 "LP" to Solaris 11 "CUPS"

Need to find a way to import an LP printers.conf file to CUPS. I have some new Solaris 11.1 boxes that need to have 300 printers added.

8. UNIX for Dummies Questions & Answers

"Help with bash script" - "License Server and Patch Updates"

Hi All, I'm completely new to bash scripting and still learning my way through albeit vey slowly. I need to know where to insert my server names', my ip address numbers through out the script alas to no avail. I'm also searching on how to save .sh (bash shell) script properly....

9. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing...

LEARN ABOUT OSX

ntpdate

NTPDATE(8)						    BSD System Manager's Manual 						NTPDATE(8)

NAME

     ntpdate -- set the date and time via NTP

SYNOPSIS

     ntpdate [-bBdoqsuv] [-a key] [-e authdelay] [-k keyfile] [-o version] [-p samples] [-t timeout] server ...

DESCRIPTION

     Note: The functionality of this program is now available in the ntpd(8) program.  See the -q command line option in the ntpd(8) page.  After
     a suitable period of mourning, the ntpdate utility is to be retired from this distribution.

     The ntpdate utility sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the server arguments to deter-
     mine the correct time.  It must be run as root on the local host.	A number of samples are obtained from each of the servers specified and a
     subset of the NTP clock filter and selection algorithms are applied to select the best of these.  Note that the accuracy and reliability of
     ntpdate depends on the number of servers, the number of polls each time it is run and the interval between runs.

     The following options are available:

     -a key  Enable the authentication function and specify the key identifier to be used for authentication as the argument key.  The keys and
	     key identifiers must match in both the client and server key files.  The default is to disable the authentication function.

     -B      Force the time to always be slewed using the adjtime(2) system call, even if the measured offset is greater than +-128 ms.  The
	     default is to step the time using settimeofday(2) if the offset is greater than +-128 ms.	Note that, if the offset is much greater
	     than +-128 ms in this case, it can take a long time (hours) to slew the clock to the correct value.  During this time, the host
	     should not be used to synchronize clients.

     -b      Force the time to be stepped using the settimeofday(2) system call, rather than slewed (default) using the adjtime(2) system call.
	     This option should be used when called from a startup file at boot time.

     -d      Enable the debugging mode, in which ntpdate will go through all the steps, but not adjust the local clock.  Information useful for
	     general debugging will also be printed.

     -e authdelay
	     Specify the processing delay to perform an authentication function as the value authdelay, in seconds and fraction (see ntpd(8) for
	     details).	This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping
	     on very slow CPU's.

     -k keyfile
	     Specify the path for the authentication key file as the string keyfile.  The default is /etc/ntp.keys.  This file should be in the
	     format described in ntpd(8).

     -o version
	     Specify the NTP version for outgoint packets as the integer version, which can be 1 or 2.	The default is 3.  This allows ntpdate to
	     be used with older NTP versions.

     -p samples
	     Specify the number of samples to be acquired from each server as the integer samples, with values from 1 to 8 inclusive.  The default
	     is 4.

     -q      Query only - don't set the clock.

     -s      Divert logging output from the standard output (default) to the system syslog(3) facility.  This is designed primarily for conve-
	     nience of cron(8) scripts.

     -t timeout
	     Specify the maximum time waiting for a server response as the value timeout, in seconds and fraction.  The value is rounded to a mul-
	     tiple of 0.2 seconds.  The default is 1 second, a value suitable for polling across a LAN.

     -u      Direct ntpdate to use an unprivileged port for outgoing packets.  This is most useful when behind a firewall that blocks incoming
	     traffic to privileged ports, and you want to synchronise with hosts beyond the firewall.  Note that the -d option always uses unpriv-
	     ileged ports.

     -v      Be verbose.  This option will cause ntpdate's version identification string to be logged.

     The ntpdate utility can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at
     boot time.  This is useful in some cases to set the clock initially before starting the NTP daemon ntpd(8).  It is also possible to run
     ntpdate from a cron(8) script.  However, it is important to note that ntpdate with contrived cron(8) scripts is no substitute for the NTP
     daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use.  Finally, since ntpdate does
     not discipline the host clock frequency as does ntpd(8), the accuracy using ntpdate is limited.

     Time adjustments are made by ntpdate in one of two ways.  If ntpdate determines the clock is in error more than 0.5 second it will simply
     step the time by calling the system settimeofday(2) routine.  If the error is less than 0.5 seconds, it will slew the time by calling the
     system adjtime(2) routine.  The latter technique is less disruptive and more accurate when the error is small, and works quite well when
     ntpdate is run by cron(8) every hour or two.

     The ntpdate utility will decline to set the date if an NTP server daemon (e.g., ntpd(8)) is running on the same host.  When running ntpdate
     on a regular basis from cron(8) as an alternative to running a daemon, doing so once every hour or two will result in precise enough time-
     keeping to avoid stepping the clock.  ntpd(8).

FILES

     /etc/ntp.keys  contains the encryption keys used by ntpdate.

SEE ALSO

     ntpd(8)

BUGS

     The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more
     accurate.	This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables kern.clockrate.tick and
     kern.clockrate.tickadj.

BSD
								  January 6, 2000							       BSD