I didn’t think that in 2022 I would have to make a write up like this but here goes…
I have a client’s Linux PBX server that gives time information to all the IP phones in the company.
Thing is, NTP isn’t working.
From the server I can ping any NTP pool like:
linux-server:/var/lib/ntpdate# ping pool.ntp.org
PING pool.ntp.org (193.136.152.71) 56(84) bytes of data.
64 bytes from ntp1.tecnico.ulisboa.pt (193.136.152.71): icmp_req=1 ttl=54 time=10.3 ms
64 bytes from ntp1.tecnico.ulisboa.pt (193.136.152.71): icmp_req=2 ttl=54 time=10.2 ms
64 bytes from ntp1.tecnico.ulisboa.pt (193.136.152.71): icmp_req=3 ttl=54 time=9.91 ms
64 bytes from ntp1.tecnico.ulisboa.pt (193.136.152.71): icmp_req=4 ttl=54 time=9.62 ms
I can also use nmap to confirm port 123 works:
linux-server:/var/lib/ntpdate# nmap -p 123 -sU pool.ntp.org
Starting Nmap 6.00 ( http://nmap.org ) at 2022-05-18 16:33 WEST
Nmap scan report for pool.ntp.org (193.136.152.71)
Host is up (0.00014s latency).
Other addresses for pool.ntp.org (not scanned): 193.136.152.72 51.77.89.237 135.125.157.35
rDNS record for 193.136.152.71: ntp1.tecnico.ulisboa.pt
PORT STATE SERVICE
123/udp open|filtered ntp
Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
I can confirm NTP is running with ps aux, which gives me this:
ntp 3776 0.0 0.0 33636 4252 ? Ss May17 0:10 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:111
Despite all this, the ntp server is stuck at INIT:
linux-server:/var/lib/ntpdate# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
ntp21.kashra-se .INIT. 16 u - 1024 0 0.000 0.000 0.000
And whenever I try syncronize time manually through ntpdate I get this:
linux-server:/var/lib/ntpdate# ntpdate pool.ntp.org
18 May 16:36:46 ntpdate[27945]: no server suitable for synchronization found
And if I add the -q flag which is just to query the pool, I can see that ntpdate can reach the servers but every single one returns with every parameter set to 0:
linux-server:/var/lib/ntpdate# ntpdate -q pool.ntp.org
server 51.89.13.34, stratum 0, offset 0.000000, delay 0.00000
server 178.33.203.115, stratum 0, offset 0.000000, delay 0.00000
server 195.22.17.7, stratum 0, offset 0.000000, delay 0.00000
server 51.77.89.236, stratum 0, offset 0.000000, delay 0.00000
18 May 16:38:02 ntpdate[28030]: no server suitable for synchronization found
I get the exact same result if I use the -u flag to force the communication through a non privileged port like 123.
Turning off the firewall does nothing.
Any ideias before I hurl this machine into the closest river?