TurnKey Linux Virtual Appliance Library

NTP time synchronization failed : sh: ntpdate: not found (solved)

christian's picture

This is probably a stupid question, but I tried to search your forum for anything regarding setting up ntp.

Our company only allows one specific ntp server and when i edit the time sync tab, i get the above msg.

Thanks! no rush

Alon Swartz's picture

ntpdate is not installed by default, ntp is

The package ntpdate is not installed by default, but ntp (Network Time Protocol daemon and utility programs) is.

Installing ntpdate should be as simple as:
apt-get update
apt-get install ntpdate
I am assuming you are referring to the Webmin Time Sync tab. If you are, then this is a bug in the webmin packaging (webmin-time), and it should depend, or atleast recommend ntpdate, if configuring webmin-time to use the ntp package is not an option. If its not an option, and this is a bug, then we will include ntpdate in future appliance releases, and thanks for reporting it.
Guest's picture



  Thanks for the "apt-get update" and "apt-get install ntpdate" commands...



Christian Reina, CISSP's picture

problem continues...

You are correct. I'm referring to the Webmin Time Sync. I installed ntpdate and made changes to the ntp.conf file to point to the ip address.

ntpq -p shows the correct ntp server, but ntpdate -d ipaddress gives me the following error: 

Nov 13:26:00 ntpdate[11724]: no server suitable for synchronization found

The above error is identical to the one I get on webmin if I manually add the ip address or if I go in the module config and enter the ip as the default time server.

Thank you for your support

Christian Reina, CISSP | Security Professional

888.338.3666 | christian[at]christianreina.com

W W W . C H R I S T I A N R E I N A . C O M

Guest's picture

hello sir, Have u find any

hello sir,

Have u find any solution for this.

I am also facing the same problem.

Alon Swartz's picture

ntpdate seems to work on my side

ntpdate seems to work on my side, both ntpdate pool.ntp.org and by specifying and IP address.

It sounds like a connectivity issue. Have you setup the firewall on the appliance? Maybe the firewall/router on your LAN is limiting traffic? Can you connect to the NTP server with netcat, port 123?

Maybe its time to break out the sniffer :)
Christian Reina, CISSP's picture


no issues with the firewall but web content filtering was blocking it.

Christian Reina, CISSP | Security Professional

888.338.3666 | christian[at]christianreina.com

W W W . C H R I S T I A N R E I N A . C O M

Peter Goodall's picture

I needed to install ntupdate

Just to confirm - I have the current Mediawiki appliance 2009.10, and needed to install ntupdate to get time synchronization to work.

Thanks for all the great work.

--Peter Goodall

Alon Swartz's picture

Updated webmin-time to depend on ntpdate

Thanks for the confirmation. I have just updated webmin-time to depend on ntpdate, so it will be included in future appliance releases.
bulek's picture

Just a quick related

Just a quick related question. If I want to permanently set up NTP server to certain URL of national NTP server - what config files do I have to change, so it will be setup by default ?

Thanks in advance

Neil Aggarwal's picture


The time servers are listed in /etc/ntp.conf

You should see a line like this:

 server ntp.ubuntu.com

You can set the server line to whatever you like.

Guest's picture


Thanks.  It helped me :).

bulek's picture

Can I setup TKL to sync time to NTP server via TKLPatch ?

Hi, can I setup TKL to sync from certain or default NTP server automatically, or is perhaps already setup to do so ?

If not already setup to sync automatically, what should I do to make this work via TKLPatch ?

Thanks in advance,

Neil Aggarwal's picture

TKL runs NTP by default

I believe all the TKL appliances are set by default to use NTP (I just checked the Joomla appliance and it uses ntp.ubuntu.com) so there is nothing you have to do.

The previous post was asking how he can set up an appliance to use a specific NTP server instead of the default ones.

John Carver's picture


ntpdate has been deprecated since about 2007.  It is incompatible with ntpd and if the ntpd daemon is running you get this error when using ntpdate.

# ntpdate pool.ntp.org
23 Jan 16:12:27 ntpdate[14411]: the NTP socket is in use, exiting

If webmin is still using ntpdate, a bug report should filed telling them to use ntpd -gq instead.  From the ntpd man page:

-g     Normally, ntpd exits with a message to the system log if the offset  exceeds  the  panic
       threshold,  which  is  1000  s by default.  This option allows the time to be set to any
       value without restriction; however, this can happen only  once.   If  the  threshold  is
       exceeded  after  that, ntpd will exit with a message to the system log.  This option can
       be used with the -q and -x options.

-q     Exit the ntpd just after the first time the clock is set.  This behavior mimics that  of
       the  ntpdate  program,  which  is to be retired.  The -g and -x options can be used with
       this option.  Note: The kernel time discipline is disabled with this option.

Ubuntu and TKL start ntpd with the -g option, so this shouldn't be necessary if ntpd is able to contact ntp.ubuntu.com during boot.

Information is free, knowledge is acquired, but wisdom is earned.

John Carver's picture

Time server sync and Webmin

Webmin seems blissfully unaware of the existence of ntpd.  The 'Time server sync' tab on the System Time page allows ntpdate, if it is present, to be run periodically, probably via cron.  This functionality is redundant under TurnKey Linux which configures ntpd to set the time at boot and sync it ntp.ubuntu.com or other servers thereafter.  The 'Time server sync' tab should probably be hidden.  I know there are some configuration options in webmin, but it's been a long time since I've tried to customize webmin.  After poking around the webmin directory, it appears that the tab can be hidden by modifying the defaultacl.  Warning: I don't know if this causes any side effects.

In the file 
ntp=1 to ntp=0

There once was a third-party NTP module for Webmin, but it is no longer available.  I wasn't able to locate an alternate source.  It would be nice to have a tabbed page to configure the ntp servers in /etc/ntp.conf and start/stop the ntpd daemon.  For now, the only way to control ntpd in Webmin is via the Command Console.

Information is free, knowledge is acquired, but wisdom is earned.

Liraz Siri's picture

We should look into disabling 'time server sync' tab

Thank you for looking into this John. We'll see if maybe we should at least hide the 'time server sync' tab in the next release. Hopefully Webmin will support ntpd configuration in future versions. I've filed a bug report.
Guest's picture

ntpdate should not be used anymore

I agree that the 'time server sync' tab should be removed.

I have just run into an issue with Dovecot that killed itself because of a backward time sync.

This is because of the use of ntpdate.

ntpdate should not be used anymore!

Liraz Siri's picture

ntpdate is unfortunately a necessary evil

I've also run into that issue with dovecot killing itself when the system goes back in time.

Unfortunately, we've since discovered that ntpdate is a necessary evil. ntpd tweaks your clock continually to keep it accurate. That only works for small time discrepancies. If your clock is way out of whack (e.g., the wrong date) ntpd won't help you.

Unfortunately, in certain situations involving virtualization it's easy for the clock to fail spectacularly and since certain services such as TKLBAM require an accurate clock to function, ntpdate is indispensable.

At least usually with virtualization the problem is that the clock is stuck in the past so if you shift it into the future, Dovecot should still work.

Guest's picture

ntp & virtualization

While I can't speak to MS or Xen virtualization, VMware does have a "best practices" document on timekeeping and Linux.

In particular, you need to disable the guest setting its time from the VM host, and this is done automatically by installing Vmware Tools on the Linux system.  Once installed, you should check the timesync status, which should respond "Disabled."

root@ubsystem:~# vmware-toolbox-cmd timesync status



On older versions of Linux, you may need to modify certain kernel parameters as well.  This is a "generic" BPG for many different versions of Linux:




Jeremy Davis's picture

Thanks for the info

Although I suspect that your info is somewhat irrelevant for TurnKey. By default TurnKey does auto time updates from an external/remote ntp server.

Guest's picture

what command is used to know that connection has broken?

I want to display the last updated time of NTP Client..but how i get to know that connectivity b/w the ntp server and ntp client has been broken..what internal linux command is used..

Jeremy Davis's picture

Not sure if I understand the question...

But you could just use ping to see if the remote NTP server is available.

Guest's picture

ping command is not enough...

actually if the connection get disconnect b/w ntp server & ntp client, i want to see the last updated time on ntp client machine..which command should i run so that i would get to know that connection b/w that particular server has been broken..

Jeremy Davis's picture

Probably be somewhere in the logs...

Perhaps there's even an NTP log? A google should hopefully head you in the right direction.

Otherwise I guess you could explicitly set a cron job to update time and set it to log to a custom file.

Guest's picture

ntp status

If you want to see logs for ntp, you need to edit /etc/ntp.conf and uncomment the line "statsdir /var/log/ntpstats/" which will log updates to the /var/log/ntpstats directory.  The next few lines determine what is logged, and it's extremely configurable:  See http://doc.ntp.org/4.2.4/monopt.html .  Please note that the date & time listed in the logs are modified julian dates.

You can also check the configuration and status from the CLI:

root@ubsystem:~# ntpq -c lpeer
     remote           refid      st t when poll reach   delay   offset  jitter
+    3 u    3   64  177    0.857   -1.694   0.625
*      2 u    -   64  177    0.785    4.097   1.176

The leading '*' indicates the ntp server against which your system is synchronizing.

root@ubsystem:~# ntpdc -c sysinfo
system peer:
system peer mode:     client
leap indicator:       00
stratum:              3
precision:            -23
root distance:        0.02026 s
root dispersion:      0.07114 s
reference ID:         []
reference time:       d84ed255.0fc53e25  Wed, Dec 31 2014 13:51:49.061
system flags:         auth monitor ntp kernel stats 
jitter:               0.003891 s
stability:            0.000 ppm
broadcastdelay:       0.000000 s
authdelay:            0.000000 s

The "stability" is something to watch in particular, the lower number, the better.  

You'll find the documentation for both ntpq and ntpdc at the documentation archive, doc,ntp.org.  You'll be able to select the exact version of documents for your version of ntp:  To check the version you've got installed, enter:

root@ubsystem:~# dpkg -s ntp | grep -i version
Version: 1:4.2.6.p3+dfsg-1ubuntu3.1



Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)