CentOS 7 ntpd not synchronize with AD domain controller
i've a problem with time syncronization of a CentOS 7 host with a Windows 2008 R2 Domain controller.
If I use the command ntpdate -u host.domain
the synchronization is ok.
But using ntpd the time is always the same, here the result of the command ntpq -p:
10.10.10.221 .LOCL. 1 u 65 64 377 1.740 965414. 4.054 10.10.10.220 10.10.10.221 2 u 62 64 377 1.912 965408. 12.899
and the ntp.conf is the following:
driftfile /var/lib/ntp/drift restrict default nomodify notrap nopeer noquery restrict 127.0.0.1 restrict ::1 server 10.10.10.221 iburst prefer server 10.10.10.220 iburst includefile /etc/ntp/crypto/pw keys /etc/ntp/keys disable monitor logfile /var/log/ntp.log
I managed to find the solution after digging in more to a very similar issue on my end (different OS but same problem).
Windows NTP Servers (at times for various reaons), will report a large root dispersion. This in turn causes chronyd/ntpd to ignore the ntp server fpr inaccurate data.
In order to resolve I needed to add:
tos maxdist 16
to my /etc/ntp.conf. After restarting the service everything began working.
This article helped gave a simple explanation.
https://access.redhat.com/solutions/4652771
I also stumbled upon this post regarding inadequate times which further helped troubleshoot and identify the issue.
Why is NTP considering my server inadequate?