LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2017

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2017

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: clock skew too great EXTERNAL
From:	Stephen Isard <[log in to unmask]>
Reply To:	Stephen Isard <[log in to unmask]>
Date:	Thu, 19 Oct 2017 10:48:03 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (76 lines)

On Thu, 19 Oct 2017 09:09:32 -0500, Pat Riehecky <[log in to unmask]> wrote:

>If memory serves, SL7 has "Less Brittle Kerberos"[1] where as SL6 does 
>not.  This could account for why one works and the other does not.
>
>Pat
>
>[1] https://fedoraproject.org/wiki/Features/LessBrittleKerberos

That looks promising as an explanation.

The problem has been "solved", or at least it has gone away, although I don't really understand why.  Without any clear hypothesis as to why it might help, I decided to run "kdestroy -A" on the affected machine to clear expired tickets out of my local cache.  That did it.  No more clock skew messages.  So it looks as if it was a kerberos issue, rather than an ntp one, and the error message wasn't really explaining what was wrong.

Thanks to everyone for their advice.

Stephen Isard
>
>On 10/18/2017 07:10 PM, Stephen Isard wrote:
>> On Wed, 18 Oct 2017 17:12:46 -0400, R P Herrold <[log in to unmask]> wrote:
>>
>>> On Wed, 18 Oct 2017, Howard, Chris wrote:
>>>
>>>> Is it possible the two boxes are talking to two different servers?
>>> as the initial post mentioned and showed it was using remote
>>> host lists to a pool alias, almost certainly --
>> Oh, I took the question to be about the kerberos server.  Yes, you are right,
>> ntpd -q returns different results on the two machines.  However, as I said in the original post, the time on the two machines is the same to within a very small amount., well within the five minute tolerance used by kerberos.  So I don't understand why it should matter that the two machines have arrived at the same time by syncing with different servers.
>>
>>> as a way around, set up ONE unit to act as the local master,
>>> and then sync against it, to get 'site coherent' time
>> Could you tell me how to do this, or point me at a document that does?
>>
>> Thanks.
>>
>>> [a person with more than one clock is never quite _sure_ what
>>> time is correct ;) ]
>>>
>>>
>>> for extra geek points, spend $25 on AMZN, and get a GPS USB
>>> dongle; run a local top strata server (the first three
>>> lintes of the following)
>>>
>>> [root@router etc]# ntpq -p
>>>      remote           refid      st t when poll reach   delay
>>> offset  jitter
>>> =============================================================================
>>> GPS_NMEA(0)     .GPS.            0 l    -   16    0    0.000
>>> 0.000   0.000
>>> SHM(0)          .GPS.            0 l    -   16    0    0.000
>>> 0.000   0.000
>>> SHM(1)          .PPS.            0 l    -   16    0    0.000
>>> 0.000   0.000
>>> +ntp1.versadns.c .PPS.            1 u  665 1024  377   51.817
>>> -12.510  19.938
>>> *tock.usshc.com  .GPS.            1 u  294 1024  377   34.608
>>> -8.108  10.644
>>> +clmbs-ntp1.eng. 130.207.244.240  2 u  429 1024  377   31.520
>>> -5.674   7.484
>>> +ntp2.sbcglobal. 151.164.108.15   2 u  272 1024  377   23.117
>>> -6.825  10.479
>>> +ntp3.tamu.edu   165.91.23.54     2 u 1063 1024  377   63.723
>>> -3.319  16.813
>>> [root@router etc]#
>>>
>>>
>>> configuring ntp.conf is not all that hard
>>>
>>> -- Russ herrold
>
>-- 
>Pat Riehecky
>
>Fermi National Accelerator Laboratory
>www.fnal.gov
>www.scientificlinux.org

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV