I have a Snow Leopard Server box running on a private LAN with no Internet access. If you can avoid ever doing this, you should, as not having an Internet connection has brought us hours and hours of headaches.
Anyway, our most recent headache is that Open Directory users can't authenticate with Kerberos as the client computers' individual clocks drift from the server's clock. So the server also needs to be an NTP server.
I cannot figure out how to configure the server so that it will respond to client requests in a way that they trust. Here's what a query looks like from a client machine:
$ ntpdate -q 192.168.1.250
server 192.168.1.250, stratum 16, offset 8.010421, delay 0.02605
2 Sep 16:32:23 ntpdate[346]: no server suitable for synchronization found
Here are my configuration files on the server:
/etc/ntp.conf
server 192.168.1.250
fudge 127.0.0.1 stratum 8 refid NIST
/etc/ntp-restrict.conf
restrict 127.0.0.1
restrict -6 ::1
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
includefile /private/etc/ntp.conf
Update
This is the configuration that I went with.
These 2 files are configured, and the NTP service is turned on in Server Admin under the General tab, and these 2 files are configured thusly:
/etc/ntp.conf
server 127.127.1.1
fudge 127.127.1.1 stratum 8 refid NIST
/etc/ntp-restrict.conf
restrict default notrust nomodify
restrict 127.127.1.1 mask 255.255.0.0 nomodify
restrict 192.168.1.0 mask 255.255.255.0 nomodify
includefile /private/etc/ntp.conf
Then the clients are configured to point to this server by name. It works perfectly.
IIRC, ntpdate is used to set times, but ntpd is used to maintain the time on a system.
Look in Server Admin --> --> Settings for the NTP on/off check box. Don't worry about the config files.
If you can't get a solution from the GUI, then the following website might help: http://docsrv.sco.com/NET_tcpip/ntpT.no_inet.html
Good luck.
@sidewaysmilk;
[edit]
Oops, somewhat mis-read the question.
Per http://www.eecis.udel.edu/~mills/ntp/html/ntpdc.html , a server labeled Stratum 16 = "a stratum of 16 indicates the remote peer is unsynchronized". If you explicitly trust 192.168.1.250, I'm fairly certain you will first have to use ntpd, and second ntp.conf will need a fudge for that server.
Something as simple as;
fudge 192.168.1.250 stratum 1then either restart ntpd; or stop it, run
ntpd -qand then starting it should do the trick. (See also,
man ntpdunder -g.)[edit2]
I can't format well in comments, so I'm editing this in and will comment again to bump the thread;
The
fudgeline is actually all you have to add in addition to what you already have./etc/ntp.conf
You want to add another fudge relative to the server you defined, so just add this line to the /etc/ntp.conf file, it's position should be relatively irrelevant, bottom of the file should be fine.
This will tell ntpd that you don't care what ntp thinks, the server 192.168.1.250 will be considered a stratum 1 (which, IIRC, a server will have to be stratum 3 or higher in order to be automatically sync'ed with).
You can leave
ntp-restrict.confas-is.@Data Scavenger;
ntpdate is deprecated. The old way of doing ntp was to cron ntpdate every hour. The new way can be done manually like that, but should be done via ntpd, which has the skew tick timer that will learn how your clock doesn't keep up, and send in ticks (or remove ticks) to compensate.