I need clarification on these synchronizing results,
[root@rockyidm1a etc]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-04-05 15:18:23 MDT; 20min ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 1116 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1150 (chronyd)
Tasks: 1 (limit: 48624)
Memory: 3.7M
CPU: 61ms
CGroup: /system.slice/chronyd.service
└─1150 /usr/sbin/chronyd -F 2
Apr 05 15:18:23 rockyidm1a systemd[1]: Starting NTP client/server...
Apr 05 15:18:23 rockyidm1a chronyd[1150]: chronyd version 4.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DEBUG)
Apr 05 15:18:23 rockyidm1a chronyd[1150]: Frequency 8.230 +/- 0.248 ppm read from /var/lib/chrony/drift
Apr 05 15:18:23 rockyidm1a chronyd[1150]: Using right/UTC timezone to obtain leap second data
Apr 05 15:18:23 rockyidm1a chronyd[1150]: Loaded seccomp filter (level 2)
Apr 05 15:18:23 rockyidm1a systemd[1]: Started NTP client/server.
Apr 05 15:18:32 rockyidm1a chronyd[1150]: Selected source 107.155.79.3 (2.rocky.pool.ntp.org)
Apr 05 15:18:32 rockyidm1a chronyd[1150]: System clock TAI offset set to 37 seconds
Apr 05 15:32:35 rockyidm1a chronyd[1150]: Selected source 165.140.142.118 (2.rocky.pool.ntp.org)
the selected sources are,
Selected source 107.155.79.3 (2.rocky.pool.ntp.org)
Selected source 165.140.142.118 (2.rocky.pool.ntp.org)
however,
[root@rockyidm1a etc]# chronyc tracking
Reference ID : A58C8E76 (ns.august.tw)
Stratum : 3
Ref time (UTC) : Wed Apr 05 21:40:08 2023
System time : 0.000143721 seconds fast of NTP time
Last offset : +0.000076564 seconds
RMS offset : 0.000085321 seconds
Frequency : 8.221 ppm fast
Residual freq : +0.011 ppm
Skew : 0.230 ppm
Root delay : 0.057729453 seconds
Root dispersion : 0.017027335 seconds
Update interval : 259.2 seconds
Leap status : Normal
Reference ID is
Reference ID : A58C8E76 (ns.august.tw)
This is the reference ID and name (or IP address) if available, of the server to which the computer is
currently synchronized.
and the selected sources of Ricky is not listed here,
[root@rockyidm1a etc]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ 108.61.23.93.vultruserco> 2 7 377 67 +521us[ +521us] +/- 67ms
^+ mail.trafficsystem.com.mx 2 6 377 5 +56us[ +56us] +/- 49ms
^* ns.august.tw 2 7 265 73 -900us[-1046us] +/- 58ms
^+ 143-42-229-154.ip.linode> 2 8 377 11 +742us[ +742us] +/- 88ms
What is causing the different select source results and if not normal, how can this be corrected? I need this to be correct before installing FreeIPA.
UPDATE:
After further research, configuring chronyd on the IDM Server and some clients to sync with pfSense NTP Server, it appears good, pfSense NTP UI is all I need to make any adjustments and I don’t need any SRV record look-ups, because the IDM will default to using chronyd configuration.
[root@idmserver1c etc]# systemctl status chronyd
● chronyd.service - NTP client/server
Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2023-04-03 12:39:42 MDT; 2 days ago
Docs: man:chronyd(8)
man:chrony.conf(5)
Process: 7166 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 7168 (chronyd)
Tasks: 1 (limit: 48621)
Memory: 1.3M
CPU: 569ms
CGroup: /system.slice/chronyd.service
└─7168 /usr/sbin/chronyd -F 2
Apr 03 12:39:42 idmserver1c.kbbn-7.com systemd[1]: Starting NTP client/server...
Apr 03 12:39:42 idmserver1c.kbbn-7.com chronyd[7168]: chronyd version 4.2 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DEBUG)
Apr 03 12:39:42 idmserver1c.kbbn-7.com chronyd[7168]: Frequency 7.995 +/- 0.113 ppm read from /var/lib/chrony/drift
Apr 03 12:39:42 idmserver1c.kbbn-7.com systemd[1]: Started NTP client/server.
Apr 03 12:39:42 idmserver1c.kbbn-7.com chronyd[7168]: Using right/UTC timezone to obtain leap second data
Apr 03 12:39:42 idmserver1c.kbbn-7.com chronyd[7168]: Loaded seccomp filter (level 2)
Apr 03 12:39:46 idmserver1c.kbbn-7.com chronyd[7168]: Selected source 10.30.70.1
Apr 03 12:39:46 idmserver1c.kbbn-7.com chronyd[7168]: System clock TAI offset set to 37 seconds
selected source
Apr 03 12:39:46 idmserver1c.kbbn-7.com chronyd[7168]: Selected source 10.30.70.1
[root@idmserver1c etc]# chronyc tracking
Reference ID : 0A1E4601 (pfSense.kbbn-7.com)
Stratum : 4
Ref time (UTC) : Thu Apr 06 02:32:55 2023
System time : 0.000002979 seconds fast of NTP time
Last offset : -0.000001970 seconds
RMS offset : 0.000022135 seconds
Frequency : 8.331 ppm fast
Residual freq : -0.000 ppm
Skew : 0.027 ppm
Root delay : 0.050869167 seconds
Root dispersion : 0.028909940 seconds
Update interval : 256.4 seconds
Leap status : Normal
Reference ID
Reference ID : 0A1E4601 (pfSense.kbbn-7.com)
and
[root@idmserver1c etc]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* pfSense.kbbn-7.com 3 9 377 265 -13us[ -15us] +/- 71ms
finally
[root@idmserver1c etc]# chronyc sourcestats
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
pfSense.kbbn-7.com 20 11 58m -0.000 0.026 -28ns 30us
Any thoughts?
P.S. I can’t load an .jpg to show my network topology…
This is a pool of servers. So whilst your configuration shows this, the chronyc sources will show the members of the pool. This is normal, and it’s not a problem.
Otherwise, I’m having difficulty actually understanding what your problem is? As far as I see, it’s working how it should.
Okay sounds good, I’m knew at this part of my learning curve and just needed a clarification. I removed that setting inside chrony.conf, and set the server directive to point to pfSense LAN Gateway for its NTP Server and added the pools there. This way I will just have a single configuration to deal with.
1 Like