From owner-freebsd-stable Sat Nov 25 13: 0:22 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 7F66837B479 for ; Sat, 25 Nov 2000 13:00:19 -0800 (PST) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sat, 25 Nov 2000 12:58:44 -0800 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eAPL0Da95564; Sat, 25 Nov 2000 13:00:13 -0800 (PST) (envelope-from cjc) Date: Sat, 25 Nov 2000 13:00:12 -0800 From: "Crist J . Clark" To: Lowell Gilbert , me@mine.com Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ntpdate and date fail to change clock by more than 1 second... Message-ID: <20001125130012.X12190@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <8vml5e$moe@dispatch.concentric.net> <44n1eoqeko.fsf@lowellg.ne.mediaone.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <44n1eoqeko.fsf@lowellg.ne.mediaone.net>; from lowell@lowellg.ne.mediaone.net on Sat, Nov 25, 2000 at 10:03:19AM -0500 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Nov 25, 2000 at 10:03:19AM -0500, Lowell Gilbert wrote: > "news.cncdsl.com" writes: > > > I have a fresh cvsup, make world and kernel from 4.2-S. > > > > Whenever I try to change the date using 'ntpdate' or even 'date' it doesn't > > change my clock although the output seems ok: > > > > mls2:~ -12:56:45- # ntpdate tick.cs.unlv.edu > > 23 Nov 12:56:48 ntpdate[6352]: step time server 131.216.16.9 > > offset -6859.012166 sec > > > > At the same time, /var/log/messages shows the following line: > > > > Time adjustment clamped to -1 second > > > > The only think new I've noticed while booting since this box was installed > > is: > > > > Raising kernel security level > > kern.securelevel: -1 -> 2 > > > > Are these related? How do I fix this? > > Yes, they are related. In elevated securelevels, you are not allowed > to change the system clock (reasons left as exercise for the reader). > Change your rc.conf to not elevate your securelevel, or reboot every > time you want to adjust your clock (and do the adjustment at startup; > if you enable the automatic boot-time ntpdate (ntpdate_enable), this > should occur *before* the securelevel is raised. You can adjust the clock, just not at greater than one second increments. From init(8), 2 Highly secure mode - ... In addition, kernel time changes are restricted to less than or equal to one second. Attempts to change the time by more than this will log the message ``Time adjustment clamped to +1 second''. Run an ntpdate during boot before upping the securelevel. Provided you don't gain/lose more than a second between updates once you are up, you will be fine running at a securelevel and doing NTP updates. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message