On Thu, 19 Oct 2017 09:09:32 -0500, Pat Riehecky <[log in to unmask]> wrote:
>If memory serves, SL7 has "Less Brittle Kerberos"[1] where as SL6 does
>not. This could account for why one works and the other does not.
>
>Pat
>
>[1] https://fedoraproject.org/wiki/Features/LessBrittleKerberos
That looks promising as an explanation.
The problem has been "solved", or at least it has gone away, although I don't really understand why. Without any clear hypothesis as to why it might help, I decided to run "kdestroy -A" on the affected machine to clear expired tickets out of my local cache. That did it. No more clock skew messages. So it looks as if it was a kerberos issue, rather than an ntp one, and the error message wasn't really explaining what was wrong.
Thanks to everyone for their advice.
Stephen Isard
>
>On 10/18/2017 07:10 PM, Stephen Isard wrote:
>> On Wed, 18 Oct 2017 17:12:46 -0400, R P Herrold <[log in to unmask]> wrote:
>>
>>> On Wed, 18 Oct 2017, Howard, Chris wrote:
>>>
>>>> Is it possible the two boxes are talking to two different servers?
>>> as the initial post mentioned and showed it was using remote
>>> host lists to a pool alias, almost certainly --
>> Oh, I took the question to be about the kerberos server. Yes, you are right,
>> ntpd -q returns different results on the two machines. However, as I said in the original post, the time on the two machines is the same to within a very small amount., well within the five minute tolerance used by kerberos. So I don't understand why it should matter that the two machines have arrived at the same time by syncing with different servers.
>>
>>> as a way around, set up ONE unit to act as the local master,
>>> and then sync against it, to get 'site coherent' time
>> Could you tell me how to do this, or point me at a document that does?
>>
>> Thanks.
>>
>>> [a person with more than one clock is never quite _sure_ what
>>> time is correct ;) ]
>>>
>>>
>>> for extra geek points, spend $25 on AMZN, and get a GPS USB
>>> dongle; run a local top strata server (the first three
>>> lintes of the following)
>>>
>>> [root@router etc]# ntpq -p
>>> remote refid st t when poll reach delay
>>> offset jitter
>>> =============================================================================
>>> GPS_NMEA(0) .GPS. 0 l - 16 0 0.000
>>> 0.000 0.000
>>> SHM(0) .GPS. 0 l - 16 0 0.000
>>> 0.000 0.000
>>> SHM(1) .PPS. 0 l - 16 0 0.000
>>> 0.000 0.000
>>> +ntp1.versadns.c .PPS. 1 u 665 1024 377 51.817
>>> -12.510 19.938
>>> *tock.usshc.com .GPS. 1 u 294 1024 377 34.608
>>> -8.108 10.644
>>> +clmbs-ntp1.eng. 130.207.244.240 2 u 429 1024 377 31.520
>>> -5.674 7.484
>>> +ntp2.sbcglobal. 151.164.108.15 2 u 272 1024 377 23.117
>>> -6.825 10.479
>>> +ntp3.tamu.edu 165.91.23.54 2 u 1063 1024 377 63.723
>>> -3.319 16.813
>>> [root@router etc]#
>>>
>>>
>>> configuring ntp.conf is not all that hard
>>>
>>> -- Russ herrold
>
>--
>Pat Riehecky
>
>Fermi National Accelerator Laboratory
>www.fnal.gov
>www.scientificlinux.org
|