From owner-freebsd-questions@freebsd.org Thu Oct 12 16:51:58 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9FE3FE2EB34 for ; Thu, 12 Oct 2017 16:51:58 +0000 (UTC) (envelope-from kent.kuriyama@gmail.com) Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 32A0983B11 for ; Thu, 12 Oct 2017 16:51:58 +0000 (UTC) (envelope-from kent.kuriyama@gmail.com) Received: by mail-wm0-x22c.google.com with SMTP id b189so14772598wmd.4 for ; Thu, 12 Oct 2017 09:51:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=PJtfFEuX8IY0OBXJIwtJN1QNGtDpee80DX7ZJCqsSPY=; b=d0LMgabEb7azmR1Qn5RM5+NBBr4wwJn9dPsES866J1y8BimGQVaCH0YJAXcIBIZfnP iAN+r1z7G70KnAZXt3r1E3FBNU3lppk9uKgIwiZ6Hh4KW/JblOAVDV6NXM8b5bYordJL q9nHnWWQuMqHVXn7dzmm2gtJElSOcrBTs1RhLk//3kqnlJG+Vs73Pv/l4QmPxxuspx/o 7MPnuOdTRuSKRfuqa+wvp7G0JBhnnpAT7BnoXgcX8daMdmLYiOkm9V8VB5ExZ98HJs0Y 8UIQ1XVybl377qLTi1ped6BKa/qfTV6x5DwBCEMaNc8YJVLU07HfxeUZ151Hs9Zs0wIB gdsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=PJtfFEuX8IY0OBXJIwtJN1QNGtDpee80DX7ZJCqsSPY=; b=Wx77obIW1Kkg2t5X8rbHgSEt9IDRfX8NoUyNL8Pl+DeZ6mXOhpqPMd42hesUOLmG/f Fxmd3MeZzyPVpvYtQtDfbw7ToF5ymIGBeivM1x2SCSg/npGWe6aMiktlRiHezQJbWupA 5p19oe2yTsqE46YR/LMitshdaVetezkCJoqUgTigZCgD9AExhOSqCsSm+b61bUJCjlaN KA71raznqnzne1Ft71lqEpqJ9VSeG0BGuchXgExkEJyNOaTQixKXIYqIwbn9bD/8bzRw AD1p81Fv5OMs01oUZRLsqrxpRqDGg23K1S4y2ztEH2bi8Onu6xqiYr92pToTKggYwRsF AvLA== X-Gm-Message-State: AMCzsaX7xOQae7rlpEre1aZ0bABxe2VqnkJU3j0Tgs6Xt+toBg6zxrEo I9SDsUIkh1wvN18rgFk7k2WFnjRYizQQt2DVR1A= X-Google-Smtp-Source: AOwi7QDSvLSKRCYHfkvSZASRJdqYx7RlYM21cPJoaFUti82I4sASwWZXxBMIdqOVx0tahVEQSKDk28ftAB1x3O8Wz68= X-Received: by 10.223.135.90 with SMTP id 26mr2474078wrz.114.1507827116219; Thu, 12 Oct 2017 09:51:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.197.196 with HTTP; Thu, 12 Oct 2017 09:51:55 -0700 (PDT) In-Reply-To: <3967.1507825257@segfault.tristatelogic.com> References: <3967.1507825257@segfault.tristatelogic.com> From: Kent Kuriyama Date: Thu, 12 Oct 2017 06:51:55 -1000 Message-ID: Subject: Re: Another 11.1-RELEASE install minor annoyance (ntpd) To: "Ronald F. Guilmette" Cc: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2017 16:51:58 -0000 The danger of enabling ntpdate (or configuring ntpd to accept large time deltas) is that you are putting a great deal of trust in the ntp time source. If the time source is off, in-correct time will be propagated to your entire network. This actually happened to a large Windows enterprise. The GPS linked ntp server freaked out and advanced 17 years into the future. Because the Windows domain controllers were configured to blindly accept the ntp server time, everyone's clock was advanced 17 years. This caused all kinds of problems since certificates were now considered expired. Enabling ntpdate must be done knowing what the possible consequences are. In my case I don't run a large enterprise ;-). On Thu, Oct 12, 2017 at 6:20 AM, Ronald F. Guilmette wrote: > > In message gmcRD_KO6gzAA@mail.gmail.com> > Kent Kuriyama wrote: > > >What is happening is that your system clock is so far off that ntpd starts > >up and then shutdown because the time delta is too great. > > > >I just enable ntpdate. In /etc/rc.conf I have the lines: > > > >ntpdate_enable="YES" > >ntpdate_flags="-b" # Causes ntpdate to step the time regardless of > delta > > > >Reboot the system, this should fix your problem. > > > Ah, yep. That certainly cleared up the problem. Thanks. > > > P.S. One cannot help but wonder why ntpdate isn't enabled by default, > since it is clearly so useful. Should I file a formal PR to make this > suggestion? > -- Kent, kent.kuriyama@gmail.com (858) 522 9582