Trying to get chrony working on a LAN, in RHEL-8.10. The service on either my chrony server or a client appears to be functional as reported by a service chronyd status -l
. However I cannot get time to sync between the two, they are off by a couple minutes.
# this command is performed on a time client server, having ip 192.168.1.4 for example
chronyc> sources -a -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 192.168.1.1 3 6 377 5 -1500us[-1705us] +/- 500ms
# I edited the name/ip here for posting, it resolves to the hostname via dns in our little LAN
And chronyc tracking
reports all zeros, versus on another server that is online [intranet] is sync's to a dedicated time server and here the time matches that from time.gov to the second, and chronyc tracking
reports with things like System time : 0.000830548 seconds fast of NTP time
and not all zeros.
on my LAN systems, I have tried setenforce 0
and service firewalld stop
and neither helped.
What causes the '?' = unusable
in chronyc sources
? This seems to be the most obvious problem comparing between a working setup versus non-working.
I feel like my error is on my RHEL-8.10 server that I am trying to make a chrony time server that others sync to, is there anything special in that /etc/chrony.conf
that is needed that isn't obviously already documented in that default file as provided by redhat? Below is my /etc/chrony.conf
from the server I want to be the time server on my LAN having ip 192.168.1.1
, which does not time sync to anything else. Am I missing anything below that would cause the '?' = unusable
to happen when doing chronyc sources -a -v
from a time client on my LAN?
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.1.0/24
# Serve time even if not synchronized to a time source.
local stratum 10
# Specify file containing keys for NTP authentication.
keyfile /etc/chrony.keys
# Get TAI-UTC offset and leap seconds from the system tz database.
leapsectz right/UTC
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
And on my clients their chrony.conf
simply has server 192.168.1.1 iburst
at the top.