środa, 11 kwietnia 2012

obiee Firefox 10 - FIX

Link
http://frankschmidt.blogspot.com/2012/02/obiee-firefox-10-obiee-11115.html

1. type "about:config" into an address bar
2. right click anywhere and choose New / String
3. name it "general.useragent.override"
4. put the value "Mozilla/5.0 (Windows; Windows NT 6.1; rv:10.0)Gecko/20100101 Firefox/9.0"
5. refresh OBIEE login screen

środa, 4 kwietnia 2012

OBIEE Presentation Services start ERROR

LINK
------------------------------------------------------------------
댓글: 7 - 페이지: 1 - 마지막 글: 2009-04-20 14:33 최종 작성자: user3318060
625466

글: 4
등록일: 08-03-14
The Oracle BI Presentation Server service terminated with service-specific
게시일: 2008-03-19 02:44
댓글
Hi All,

I have installed OBIEE on my machine and when trying to start the Presentation server i got the following error message in my system log .
The Oracle BI Presentation Server service terminated with service-specific error 4294967295 (0xFFFFFFFF).

On looking at the sawlog0.log found the following error as the root cause :

Type: Error
Severity: 10
Time: Wed Mar 19 14:31:16 2008
File: project/webcatalog/catalogimpl.cpp Line: 734
Properties: ThreadID-4800
Location:
saw.sqlNodeCacheMgr.loadCatalog
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.threads

Invalid item \\?\C:\OracleBIData\web\catalog\EPMMaster\root\system\mktgcache\siddsing-lap\sawguidstate.atr.
Type: Error
Severity: 10
Time: Wed Mar 19 14:31:16 2008
File: project/webcatalog/catalogimpl.cpp Line: 734
Properties: ThreadID-4800
Location:
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.threads

Invalid item \\?\C:\OracleBIData\web\catalog\EPMMaster\root\system\mktgcache\siddsing-lap\sawguidstate.atr.
Type: Error
Severity: 10
Time: Wed Mar 19 14:31:16 2008
File: project/webcatalog/catalogimpl.cpp Line: 379
Properties: ThreadID-4800
Location:
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.threads

Invalid item /system/mktgcache/SIDDSING-lap/sawguidstate.
Type: Error
Severity: 20
Time: Wed Mar 19 14:31:16 2008
File: project/sawserver/winmain.cpp Line: 74
Properties: ThreadID-4800
Location:
saw.sawserver.initializesawserver
saw.threads

Invalid item /system/mktgcache/SIDDSING-lap/sawguidstate.
Type: Error
Severity: 30
Time: Wed Mar 19 14:31:16 2008
File: project/webcomm/rpcserver.cpp Line: 145
Properties:
Location:
saw.unknown

Assertion failure: m_pImpl != 0 at line 145 of ./project/webcomm/rpcserver.cpp
Can you help me with this and let me know what might be causing this error .
I have checked the configuration files and the paths are set correctly too .

Thanks,
Sid
Christian Berg

글: 1,386
등록일: 08-01-11
Re: The Oracle BI Presentation Server service terminated with service-specific
게시일: 2008-03-19 03:14 625466님의 질문에 답변
댓글
Looks like your webcat is corrupt / not in the correct place.

From your log:
"Invalid item \\?\C:\OracleBIData\web\catalog\EPMMaster\root\system\mktgcache\siddsing-lap\sawguidstate.atr."
625466

글: 4
등록일: 08-03-14
Re: The Oracle BI Presentation Server service terminated with service-specific
게시일: 2008-03-19 07:06 Christian Berg님의 질문에 답변
댓글
I got the point and tried making some changes to the webcatalog and the instanceconfig file ....the sad part is that now i am facing a diff error

Type: Information
Severity: 30
Time: Wed Mar 19 19:34:07 2008
File: project/sawserver/sawserver.cpp Line: 348
Properties: ThreadID-2576
Location:
saw.sawserver
saw.sawserver.initializesawserver
saw.threads

Oracle BI Presentation Services 10.1.3.2.1 (Build 070411.1900) are starting up.
Type: Warning
Severity: 30
Time: Wed Mar 19 19:34:07 2008
File: project/websubsystems/webextensionbase.cpp Line: 356
Properties: ThreadID-2576
Location:
saw.webextensionbase.init.workstationCheck
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.threads

WARNING: The Oracle BI Presentation Server is running on a workstation class machine (Windows 2000 Workstation, Windows XP Professional, etc.). Number of concurrent users may be severely limited by the operating system.
Type: Error
Severity: 42
Time: Wed Mar 19 19:34:07 2008
File: project/websecurity/securitymanager.cpp Line: 99
Properties: ThreadID-2576
Location:
saw.catalog.local.loadCatalog
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.threads

Error loading security privilege /system/privs/catalog/ChangePermissionsPrivilege.
Type: Error
Severity: 20
Time: Wed Mar 19 19:34:07 2008
File: project/sawserver/winmain.cpp Line: 74
Properties: ThreadID-2576
Location:
saw.sawserver.initializesawserver
saw.threads

Error loading security privilege /system/privs/catalog/ChangePermissionsPrivilege.
Type: Error
Severity: 30
Time: Wed Mar 19 19:34:07 2008
File: project/webcomm/rpcserver.cpp Line: 145
Properties:
Location:
saw.unknown

Assertion failure: m_pImpl != 0 at line 145 of ./project/webcomm/rpcserver.cpp
Any suggestions ???
Christian Berg

글: 1,386
등록일: 08-01-11
Re: The Oracle BI Presentation Server service terminated with service-specific
게시일: 2008-03-19 08:08 625466님의 질문에 답변
댓글
Yes. Stop the server, rename your web catalog and start the server again. See whether it come sup correctly and creates the blank web catalog as it should.
Basically, your web catalog seem sto be corrupt.
SShah

글: 8
등록일: 08-04-07
Re: The Oracle BI Presentation Server service terminated with service-specific
게시일: 2008-04-07 13:15 625466님의 질문에 답변
댓글
Are you trying to set Impersonator
user507530

글: 47
등록일: 06-05-03
Re: The Oracle BI Presentation Server service terminated with service-specific
게시일: 2008-10-21 07:03 625466님의 질문에 답변
댓글
I had restore my system registry and I stared facing this problem. And at the same time I had use initial blocks and session variable to set the default portal path.

I am not sure what was the exact cause of catelog correctption from above two or both?
Feedback will be appreciated.

The good news is:
Renaming the web catelog has solved the problem.

Thanks all for help..
nimish

글: 18
등록일: 08-01-06
Re: The Oracle BI Presentation Server service terminated with service-specific
게시일: 2009-02-11 14:50 user507530님의 질문에 답변
댓글
This happened to me when my machine's ip address changed, although it shouldn't. I had to replace the nshah sawguidstate and sawguidstate.atr files in the C:\OracleBIData\web\catalog\\root\system\mktgcache\ folder with the same files from another working installation. Before replacing the files, make sure all OBIEE services are shut down, after replacing the files and restarting the services, the problem disappeared for me.
user3318060

글: 4
등록일: 09-04-20
Re: The Oracle BI Presentation Server service terminated with service-specific
게시일: 2009-04-20 14:33 625466님의 질문에 답변
댓글
I had the same issue previously. Try this...

1. Stop BI Server Service > Start BI Server Service > Start BI Presentation Service. If that doesn't work...
2. Restart machine and follow step 1. If that doesn't work...
3. Check instantconfig.ini file and check syntax is correct. Also check java directory path mentioned is the valid one. If that doesn't work...
4. Rename the catalog folder to something else and follow step 1. It will create new catalog folder. Then copy _Shared from old catalog folder and you are good to go.

Hope this will help.

poniedziałek, 2 kwietnia 2012

SSH key authentication


4. SSH with Keys in a console window

This first short wil learn us how to generate a key without a passphrase, and use it in a console.

4.1 Creating A Key

When you want to use ssh with keys, the first thing that you will need is a key. If you want to know more about how this mechanism works you can have a look in chapter 3, SSH essentials. Hence there are 2 versions, we will show examples for the both of them.

4.2 Protocol version 1 key generation

To create the most simple key, with the default encryption, open up a console, and enter the following command :

[dave@caprice dave]$ ssh-keygen
Wil output the following :

Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/dave/.ssh/identity): /home/dave/.ssh/identity
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dave/.ssh/identity.
Your public key has been saved in /home/dave/.ssh/identity.pub.
The key fingerprint is:
22:bc:0b:fe:f5:06:1d:c0:05:ea:59:09:e3:07:8a:8c dave@caprice
When asked for a "passphrase", we won't enter one. Just press enter twice.

The ssh-keygen program will now generate both your public and your private key. For the sake of this first simple tutorial I will call these files by their default names "identity" and the public key "identity.pub".

Your keys are stored in the .ssh/ directory in your home directory, but you can store them where ever you'd like. Good practice is to backup your keys on a floppy. If you do so, guard this floppy with your life!

Lets have a look at your keys.

cd ~.ssh; ls -l
-rw------- 1 dave dave 526 Nov 2 01:33 identity
-rw-r--r-- 1 dave dave 330 Nov 2 01:33 identity.pub
The file identity contains your private key. YOU SHOULD GUARD THIS KEY WITH YOUR LIFE! This key is used to gain access on systems which have your private key listed in their authorized keys file. I cannot stress this enough, dont have your keys drifting around. Also, make sure your private key always is chmod 600, so other users on the system won't have access to it.

The file identity.pub contains your public key, which can be added to other system's authorized keys files. We will get to adding keys later.

4.3 Protocol version 2 key generation

Creating a version 2 keypair is much like creating a version 1 keypair. Except for the fact that the SSH protocol version 2 uses different encryption algorithms for its encryption. In this case we can even choos it ourselves! Huray! To find out which versions are available on your system I'd advise you to have a look in the ssh-keygen manpage.

In our example we wil create a keypair using dsa encryption. This can be done by passing the key encryption method type to ssh-keygen. This is done in the following way :

[dave@caprice dave]$ ssh-keygen -t dsa
Which will output the following :

[dave@caprice dave]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/dave/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dave/.ssh/id_dsa.
Your public key has been saved in /home/dave/.ssh/id_dsa.pub.
The key fingerprint is:
7b:ab:75:32:9e:b6:6c:4b:29:dc:2a:2b:8c:2f:4e:37 dave@caprice
Again, we will retain the default locations, and we will not use a passphrase either.

Your keys are stored in the .ssh/ directory in your home directory.

Lets have a look at your keys.

cd ~.ssh; ls -l
-rw------- 1 dave dave 526 Nov 3 01:21 id_dsa
-rw-r--r-- 1 dave dave 330 Nov 3 01:21 id_dsa.pub
The file id_dsa contains your version 2 private key.

The file id_dsa.pub contains your version 2 public key, which can be added to other system's authorized keys file.

Again, I have listed a full ls -l with permissions, make sure you have the permissions set up correctly, otherwise other users may be able to snatch it from you. It is also a good idea to give your keys a non-standard name, since it makes guessing the name of your keypair files more easy.

4.4 Placing the public key on the remote server

To be able to log in to remote systems using your pair of keys, you will first have to add your public key on the remote server to the authorized_keys (for version 1) file, and the authorized_keys2 (for version2) file in the .ssh/ directory in your home directory on the remote machine.

In our example we will assume you don't have any keys in the authorized_keys files on the remote server. (Hint: If you do not have a remote shell, you can always use your own useraccount on your local machine as a remote shell (ssh localhost))

First we will upload the public keys to the remote server :

[dave@capricedave]$ cd .ssh/
[dave@caprice .ssh]$ scp identity.pub dave@192.168.1.3:./identity.pub
identity.pub 100% |*****************************************************| 526 00:00
[dave@caprice .ssh]$ scp id_dsa.pub dave@192.168.1.3:./id_dsa.pub
identity.pub 100% |*****************************************************| 614 00:00
This will place your keys in your home directory on the remote server. After that we will login on the remote server using ssh or telnet the conventional way... with a password.

When you are logged in you should create a .ssh directory, and inside the .ssh/ directory create an authorized_keys and an authorized_keys2 file and add the keys to the files. Make sure the files are not readable for other users/groups. chmod 600 authorized_keys* does the trick.

Adding the public key for version 1 works like this:

[dave@caprice dave]$ ssh 192.168.1.3 -v
[I edited out the verbose output, and entered the password]
[Remember kids, always use -v so dont try this at home :) ]

[dave@julia dave]$ mkdir .ssh
[dave@julia dave]$ chmod 700 .ssh
[dave@julia dave]$ cd .ssh
[dave@julia .ssh]$ touch authorized_keys
[dave@julia .ssh]$ chmod 600 authorized_keys
[dave@julia .ssh]$ cat ../identity.pub >> authorized_keys
[dave@julia .ssh]$ rm ../identity.pub
Placing the key for version 2 works about the same :

[dave@julia dave]$ cd .ssh
[dave@julia .ssh]$ touch authorized_keys2
[dave@julia .ssh]$ chmod 600 authorized_keys2
[dave@julia .ssh]$ cat ../id_dsa.pub >> authorized_keys2
[dave@julia .ssh]$ rm ../id_dsa.pub
If you take a little peek inside your public key files, you will find it to be a bunch of crypto, separated over a couple of rules. The public key is *1 line*. It is worth to note that the entire public key file should be one line in the authorized_keys files. So using >> is preferred over copying and pasting it from one document to another. This could put line breaks in your key which makes it useless.

Either way, your keys are in place, you are ready to go to the final step and log in using your keys.

4.5 Log in using your key

To log in using your key use the ssh command. We will add -1 to make sure we are using SSH Protocol version 1.

ssh -1 -v dave@192.168.1.3
This logs you into a system using your version 1 key.

Try it again, now for version 2

ssh -2 -v dave@192.168.1.3
Have a look in the output of both ssh logins and you will be able to see some differences between version 1 and 2.
Introduction to NTP



Overview

NTP (Network Time Protocol) provides accurate and syncronised time across the Internet. This introductory article will try to show you how to use NTP to control and synchronize your system clock.

First approach

NTP is organised in a hierarchical client-server model. In the top of this hierarchy there are a small number of machines known as reference clocks. A reference clock is known as stratum 0 and is typically a cesium clock or a Global Positioning System (GPS) that receives time from satellites. Attached to these machines there are the so-called stratum 1 servers (that is, stratum 0 clients), which are the top level time servers available to the Internet, that is, they are the best NTP servers available.

Note: in the NTP lingo measure for synchronization distance is termed as stratum: the number of steps that a system lies from a primary time source.

Following this hierarchy, the next level in the structure are the stratum 2 servers which in turn are the clients for stratum 1 servers. The lowest level of the hierarchy is made up by stratum 16 servers. Generally speaking, every server syncronized with a stratum n server is termed as being at stratum n+1 level. So, there are a few stratum 1 servers which are referenced by stratum 2 servers, wich in turn are refenced by stratum 3 servers, which are referenced by stratum 4 and so on.

NTP servers operating in the same stratum may be associated with others in a peer to peer basis, so they may decide who has the higher quality of time and then can synchronise to the most accurate.

In addition to the client-server model and the peer to peer model, a server may broadcast time to a broadcast or multicast IP addresses and clients may be configured to synchronise to these broadcast time signals.

So, at this point we know that NTP clients can operate with NTP servers in three ways:

in a client-server basis
in a peer to peer mode
sending the time using broadcast/multicast
How does it work

Whenever ntpd starts it checks its configuration file (/etc/ntp.conf) to determine syncronization sources, authentication options, monitoring options, access control and other operating options. It also checks the frequency file (/etc/ntp/drift) that contains the latest estimate of clock frequency error. If specified, it will also look for a file containing the authentication keys (/etc/ntp/keys).

Note that the path and/or name of these configuration files may vary in your system. Check the -c command line option.

Once the NTP daemon is up and running, it will operate by exchanging packets (time and sanity check exchanges) with its configured servers at poll intervals and its behaviour will depend on the delay between the local time and its reference servers. Basically, the process starts when the NTP client sends a packet containing its timestamp to a server. When the server receives such a packet, it will in turn store its own timestamp and a transmit timestamp into the packet and send it back to the client. When the client receives the packet it will log its receipt time in order to estimate the travelling time of the packet.

The packet exchange takes place until a NTP server is accepted as a synchronization source, which take about five minutes. The NTP daemon tries to adjust the clock in small steps and will continue until the client gets the accurate time. If the delay between both the server and client is big enough the daemon will terminate and you will need to adjust the time manually and start the daemon again.

Sample ntp.conf configuration file

server 134.214.100.6
server swisstime.ee.ethz.ch

peer 192.168.100.125
peer 192.168.100.126
peer 192.168.100.127

driftfile /etc/ntp/drift
#multicastclient # listen on default 224.0.1.1
#broadcastdelay 0.008

authenticate no

#keys /etc/ntp/keys
#trustedkey 65535
#requestkey 65535
#controlkey 65535

# by default ignore all ntp packets
restrict 0.0.0.0 mask 0.0.0.0 ignore

# allow localhost
restrict 127.0.0.1 mask 255.255.255.255

# accept packets from...
restrict 192.168.100.125 mask 255.255.255.255
restrict 192.168.100.126 mask 255.255.255.255
restrict 192.168.100.127 mask 255.255.255.255


Take a look at references below to understand the configuration options.

References

NTP homepage
ntpd
Network time protocol (version 3) specification
Public NTP Time Servers
NTP Basics

NTP stands for Network Time Protocol, and it is an Internet protocol used to synchronize the clocks of computers to some time reference. NTP is an Internet standard protocol originally developed by Professor David L. Mills at the University of Delaware.


SNTP (Simple Network Time Protocol) is basically also NTP, but lacks some internal algorithms that are not needed for all types of servers.

Time should be synchronized

Time usually just advances. If you have communicating programs running on different computers, time still should even advance if you switch from one computer to another. Obviously if one system is ahead of the others, the others are behind that particular one. From the perspective of an external observer, switching between these systems would cause time to jump forward and back, a non-desirable effect.

As a consequence, isolated networks may run their own wrong time, but as soon as you connect to the Internet, effects will be visible. Just imagine some EMail message arrived five minutes before it was sent, and there even was a reply two minutes before the message was sent.

Basic features of NTP

NTP needs some reference clock that defines the true time to operate. All clocks are set towards that true time. (It will not just make all systems agree on some time, but will make them agree upon the true time as defined by some standard.)


NTP uses UTC as reference time


NTP is a fault-tolerant protocol that will automatically select the best of several available time sources to synchronize to. Multiple candidates can be combined to minimize the accumulated error. Temporarily or permanently insane time sources will be detected and avoided.


NTP is highly scalable: A synchronization network may consist of several reference clocks. Each node of such a network can exchange time information either bidirectional or unidirectional. Propagating time from one node to another forms a hierarchical graph with reference clocks at the top.


Having available several time sources, NTP can select the best candidates to build its estimate of the current time. The protocol is highly accurate, using a resolution of less than a nanosecond (about 2^-32 seconds). (The popular protocol used by rdate and defined in [RFC 868] only uses a resolution of one second).


Even when a network connection is temporarily unavailable, NTP can use measurements from the past to estimate current time and error.

UTC (Universal Time Coordinated)

UTC (Universal Time Coordinated, Temps Universel Coordonné) is an official standard for the current time. UTC evolved from the former GMT (Greenwich Mean Time) that once was used to set the clocks on ships before they left for a long journey. Later GMT had been adopted as the world's standard time. One of the reasons that GMT had been replaced as official standard time was the fact that it was based on the mean solar time. Newer methods of time measurement showed that the mean solar time varied a lot by itself.The following list will explain the main components of UTC:

Universal means that the time can be used everywhere in the world, meaning that it is independent from time zones (i.e. it's not local time). To convert UTC to local time, one would have to add or subtract the local time zone.


Coordinated means that several institutions contribute their estimate of the current time, and UTC is built by combining these estimates.

NTP on Unix and Windows 2000

In this example we show, how to synchronize your Linux, Solaris and Windows 2000 Server (Primary Domain Controller) with the Public NTP Time Server: swisstime.ethz.ch

Public NTP Server in Switzerland

swisstime.ethz.ch (129.132.2.21)
Location: Integrated Systems Laboratory, Swiss Fed. Inst. of Technology,
CH 8092 Zurich, Switzerland
Geographic Coordinates: 47:23N, 8:32E
Synchronization: NTP primary (DCF77 clock), Sun-4/SunOS 4.1.4
Service Area: Switzerland/Europe
Access Policy: open access
Contact: Christoph Wicki (time@iis.ee.ethz.ch)




Configuration on Unix

Unix Workstation as NTP Client

The NTP client program ntpdate sets the system clock once. As real clocks drift, you need periodic corrections. Basically you can run ntpdate in a cron job hourly or daily, but your machine won't be an NTP server then.

Crontab entry to update the system clock once a day

0 2 * * * /usr/sbin/ntpdate -s -b -p 8 -u 129.132.2.21

-b

Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.

-p samples

Specify the number of samples to be acquired from each server as the integer samples, with values from 1 to 8 inclusive. The default is 4.

-s

Divert logging output from the standard output (default) to the system syslog facility. This is designed primarily for convenience of cron scripts.

-u

Direct ntpdate to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the -d option always uses unprivileged ports.

Unix Workstation as NTP Server

First of all you have to download the NTP sources from www.ntp.org. On RedHat Linux 7.0 / 7.1 the NTP server ntpd is already included in the distribution.

The NTP server ntpd will learn and remember the clock drift and it will correct it autonomously, even if there is no reachable server. Therefore large clock steps can be avoided while the machine is synchronized to some reference clock. In addition ntpd will maintain error estimates and statistics, and finally it can offer NTP service for other machines.

Look at the Startup Script in /etc/rc.d/init.d/ntpd

start() {
# Adjust time to make life easy for ntpd
if [ -f /etc/ntp/step-tickers ]; then
echo -n $"Synchronizing with time server: "
/usr/sbin/ntpdate -s -b -p 8 -u \
`/bin/sed -e 's/#.*//' /etc/ntp/step-tickers`
success
echo
fi
# Start daemons.
echo -n $"Starting $prog: "
daemon ntpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ntpd
return $RETVAL
}

Insert swisstime.ethz.ch or more NTP Servers to /etc/ntp/step-tickers

129.132.2.21

Edit the configuration file /etc/ntp.conf

server 127.127.1.0 # local clock
server 129.132.2.21 # swisstime.ethz.ch (stratum 1)
driftfile /etc/ntp/drift
multicastclient # listen on default 224.0.1.1
broadcastdelay 0.008

Start NTP Server and check /var/log/messages

# /etc/rc.d/init.d/ntpd start

Troubleshooting

One of the quickest commands to verify that ntpd is still up and running as desired is ntpq -p. That command will show all peers used and configured together with their corner performance data.

# ntpq -p

remote refid st t when poll reach delay offset jitter
=====================================================================
LOCAL(0) LOCAL(0) 3 l 9 64 377 0.000 0.000 0.000
*swisstime.ethz. .DCFa. 1 u 17 64 377 25.088 -10.040 1.071

To obtain a current list peers of the server, along with a summary of each peer's state. Summary information includes the address of the remote peer, the reference ID (0.0.0.0 if this is unknown), the stratum of the remote peer, the type of the peer (local, unicast, multicast or broadcast), when the last packet was received, the polling interval, in seconds, the reachability register, in octal, and the current estimated delay, offset and dispersion of the peer, all in milliseconds.

# ntpq -c pee swisstime.ethz.ch

remote refid st t when poll reach delay offset jitter
====================================================================
*GENERIC(0) .DCFa. 0 l 14 16 377 0.000 0.126 0.170
LOCAL(0) LOCAL(0) 6 l 13 64 377 0.000 0.000 10.010
sns2-tss2.unige lantime 2 u 323 1024 377 11.000 0.014 1.770
+nz11.rz.uni-kar .DCF. 1 u 40 64 376 353.290 18.088 17.120
xjane.planNET.de .DCFa. 1 u 80 256 377 125.050 -38.018 0.210
+sombrero.cs.tu- .GPS. 1 u 49 64 377 36.070 1.159 0.790

# ntpdc

ntpdc> peers

Be sure that there is an entry for the the swisstime.ethz.ch server, and that there is an entry for your local net. The "st" (stratum) column for the ITD time servers should be "1" or "2", indicating that the time server are stratum-1/2 servers, e.g. they obtain their time from stratum-1 servers, which are directly connected to external time reference sources. If the stratum for any server is "16" then this server is not synchronizing successfully.

remote local st poll reach delay offset disp
====================================================================
=LOCAL(0) 127.0.0.1 3 64 377 0.00000 0.000000 0.00095
=cosmos.hsz.akad 5.0.0.0 16 64 0 0.00000 0.000000 0.00000
*swisstime.ethz. 192.168.138.29 1 128 377 0.02658 -0.001197 0.00215

Debian NTP- serwer czasu2 - ntpdate-debian


NTP, the Network Time Protocol, is used to keep computer clocks accurate over the Internet, or by following an accurate hardware receiver which interprets GPS, DCF-77, NIST or similar time signals.
ntpdate is a simple NTP client which allows a system’s clock to be set to match the time obtained by communicating with one or more servers.

ntpdate is optional (but recommended) if you’re running an NTP server, because initially setting the system clock to an almost-correct time will help the NTP server synchronize faster.

The ntpdate client by itself is useful for occasionally setting the time on machines that are not on the net full-time, such as laptops.

Install ntp client in Debian

#apt-get install ntpdate

Install ntp client in Ubuntu

sudo apt-get install ntpdate

ntpdate will automatically run while bboting your system. Ubuntu stores script at /etc/network/if-up.d/ntpdate location.

If you wish to just run script again just type command

sudo /etc/network/if-up.d/ntpdate

sudo ntpdate pool.ntp.org

If you want to use you own ntp servers you need to edit the /etc/default/ntpdate file using the following command

sudo vi /etc/default/ntpdate

File looks like below

# servers to check. (Separate multiple servers with spaces.)
NTPSERVERS=”0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org”
#
# additional options for ntpdate
#NTPOPTIONS=”-v”
NTPOPTIONS=”-u”
NTPSERVERS=”ntp.ubuntu.com”

If you wan to use your own NTP server enter the list of NTP servers under NTPSERVERS

To avoid stepping the clock you must run ntpdate every 1 or 2 hours using cronjob

crontab -e

#Setup NTPDATE

@hourly /etc/network/if-up.d/ntpdate

Save and close the file.

You can also use the following script to run every hour from your cronjob

#!/bin/bash

/usr/sbin/ntpdate -s

/sbin/hwclock --adjust

/sbin/hwclock --systohc

Debian NTP - SERWER CZASU 1


The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123 as its transport layer. It is designed particularly to resist the effects of variable latency (Jitter).
Using NTP is a great way to keep your system clock set correctly. It works by contacting a number of servers around the world, asking them for the time and then calculating what the correct local time is from their responses.

Install NTP server in Debian

#apt-get install ntp ntpdate ntp-server

This will install all the required packages for NTP

Configuring NTP Server

By Default main configuration file located at /etc/ntp.conf

Default configuration file looks like below


#/etc/ntp.conf, configuration for ntpd

driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example

# pool.ntp.org maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
# *** Please consider joining the pool! ***
# *** ***
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst

# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access,
# but only if cryptographically authenticated
#restrict 192.168.123.0 mask 255.255.255.0 notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth
#broadcastclient

Example Configuration

You need to add a number of servers to the server list. The Debian default is pool.ntp.org which works but isn't always amazingly accurate because it makes no attempt to use time servers near you. If you want more accuracy use the time servers either on your continent (for instance europe.pool.ntp.org) or your country (for instance uk.pool.ntp.org) one of your local country servers.The optimal number of servers to listen to is three but two will also give a good accuracy. If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.

I am using the following two servers for my configuration

server ntp0.pipex.net
server ntp1.pipex.net

Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery

The mask 255.255.255.255 statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.

If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you'll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server. The syntax is:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.

We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords

restrict 127.0.0.1

Save the file and exit

Now you need to run the ntpdate command against your server

#ntpdate ntp0.pipex.net

restart NTP for these settings to take effect using the following command

#/etc/init.d/ntp restart

You can now configure other Linux hosts on your network to synchronize with this new master NTP server in a similar fashion.

Determining If NTP Is Synchronized Properly

Use the ntpq command to see the servers with which you are synchronized. It provided you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.

#ntpq -p

Output looks like below


A star by any one of the names means that the system clock is synchronising with the NTP clock. If you don't have a star (as in the example above) it means that the clocks are unreachable, already synchronized to this server or has an outrageous synchronization distance. Try running ntpdate (you will need to stop the ntp server) with your first ntp server as an argument. This will set your system clock fairly accuratly and mean that the server will be able to choose a clock to synchronize with.

Firewall Configuration for NTP

NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn't a high port (above 1023), but 123 also. You'll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.

NTP Client Configuration

If you want to configure ntp client you need to install the following packages

#apt-get install ntp ntp-simple ntpdate

Configuring NTP client

You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address

Server configuration settings

server 192.168.1.1

Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

restrict default notrust nomodify nopeer

Localhost configuration

restrict 192.168.1.1

In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.

We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords

restrict 127.0.0.1

Now you need to save and exit the file

run ntpdate command against your server

ntpdate 192.168.1.1

Restart ntp service using the following command

/etc/init.d/ntp restart

If you use the date command to change time, it is worth setting also the hardware clock to the correct time. Otherwise, the time is wrong after the next reboot, since the hardware clock keeps the time when power is turned off. When the clock in the operating system shows the correct time, set the hardware clock like this

#hwclock --systohc

se the ntpq command to see the servers with which you are synchronized

#ntpq
#ntpdc -p

Ginekolog dr n. med. Piotr Siwek

Gabinet ginekologiczny specjalista ginekolog - położnik dr n. med. Piotr Siwek