I wasted a lot of time on RTFM activities in the past few days trying to get ntp running on freebsd. Herein I share some of my mistakes, solutions and resources. I did not find any resource that provided these answers so I hope my write up will assist others.

( The #ntp channel has since referred me to http://support.ntp.org/bin/view/Support/ConfiguringNTP and although I didn't find that my post duplicates information found there, the link may be the most up to date and official. Other resources I found by googling were often outdated.)

I was told on the #ntp IRC channel on freenode that ntp is part of the base install of freebsd and there was no need for me to have installed it from ports as I did.

Don't bother with ntpdate as it is being phased out. Just ntpd.

Every one of these steps was done using sudo.

Edit /etc/rc.conf to add these 3 lines:

ntpd_enable="YES"
ntpd_program="/usr/local/bin/ntpd"
ntpd_flags="-g -p /var/run/ntpd.pid -f /var/db/ntpd.drift -l /var/log/ntpd.log -c /etc/ntp.conf"

Create a file named /etc/ntp.conf and put lines similar to this in it or the configuration you have determined for your situation:

restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift

(I had the first 2 lines commented out during troubleshooting but you wouldn't want to leave them that way.)

Get two windows open so that you can monitor a tcpdump in one while you start / stop / modify ntpd related stuff in the other window.  Here's the tcpdump cmd (thanks to Bill Stearns):

sudo tcpdump -tnp 'udp port 123'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes

(after you get ntpd working properly you will see lines like this in the tcpdump window, where 1.2.3.4 will be your own machine IP address)

IP 1.2.3.4.123 > 63.240.161.99.123: NTPv4, Client, length 48
IP 63.240.161.99.123 > 1.2.3.4.123: NTPv4, Server, length 48
IP 1.2.3.4.123 > 64.72.116.55.123: NTPv4, Client, length 48
IP 64.72.116.55.123 > 1.2.3.4.123: NTPv4, Server, length 48
IP 1.2.3.4.123 > 208.75.85.61.123: NTPv4, Client, length 48
IP 208.75.85.61.123 > 1.2.3.4.123: NTPv4, Server, length 48

Run ntpd like this:

sudo /usr/local/bin/ntpd -g -p /var/run/ntpd.pid -f /var/db/ntpd.drift -l /var/log/ntpd.log -c /etc/ntp.conf

Then:

sudo cat /var/log/ntpd.log

ntpd didn't work for me yet and I saw this kind of error in the log file (sorry for the line numbers, I grabbed this from my pastebin post)
  1. 11 Oct 09:46:42 ntpd[90581]: logging to file /var/log/ntpd.log
  2. 11 Oct 09:46:42 ntpd[90581]: precision = 3.911 usec
  3. 11 Oct 09:46:42 ntpd[90581]: ntp_io: estimated max descriptors: 11095, initial socket boundary: 20
  4. 11 Oct 09:46:42 ntpd[90581]: bind() fd 20, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=9 fails: Address already in use
  5. 11 Oct 09:46:42 ntpd[90581]: bind() fd 20, family 28, port 123, scope 0, addr ::, in6_is_addr_multicast=0 flags=1 fails: Address already in use
  6. 11 Oct 09:46:42 ntpd[90581]: bind() fd 20, family 2, port 123, addr 204.152.186.158, in_classd=0 flags=25 fails: Address already in use
  7. 11 Oct 09:46:42 ntpd[90581]: bind() fd 20, family 28, port 123, scope 4, addr fe80::1, in6_is_addr_multicast=0 flags=21 fails: Address already in use
  8. 11 Oct 09:46:42 ntpd[90581]: bind() fd 20, family 28, port 123, scope 0, addr ::1, in6_is_addr_multicast=0 flags=21 fails: Address already in use
  9. 11 Oct 09:46:42 ntpd[90581]: bind() fd 20, family 2, port 123, addr 127.0.0.1, in_classd=0 flags=21 fails: Address already in use
  10. 11 Oct 09:46:42 ntpd[90581]: bind() fd 20, family 2, port 123, addr 169.254.2.7, in_classd=0 flags=25 fails: Address already in use
  11. 11 Oct 09:46:42 ntpd[90581]: kernel time sync status 2040
  12. 11 Oct 09:46:43 ntpd[90581]: sendto(72.232.254.202) (fd=-1): Bad file descriptor
  13. 11 Oct 09:46:44 ntpd[90581]: sendto(69.61.60.213) (fd=-1): Bad file descriptor
If you get errors like the above, take a look at:

sudo ps auxf | grep ntpd

I found multiple instances of ntpd running because I had been troubleshooting this for a long time and used start sometimes instead of restart and full command line startups sometimes instead of /etc/rc.d init script.

I used sudo kill to eliminate all the instances and then again ran:

sudo /usr/local/bin/ntpd -g -p /var/run/ntpd.pid -f /var/db/ntpd.drift -l /var/log/ntpd.log -c /etc/ntp.conf

This time the expected traffic appeared in the tcpdump window. Another test is to

sudo ntpdq

(you'll get a prompt...)

>peers

and the output should be something other than No associated IDs or other error... my output was:

ntpq> peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+63.240.161.99   49.36.219.224    2 u   11   64  177   50.285   47.813  81.452
208-75-85-61.sl 82.211.81.145    3 u   90  512    0    0.000    0.000   0.000
LOCAL(0)        .LOCL.          10 l    5   64  177    0.000    0.000   0.004
ntpq>

and a few others I don't wish to print here.

All during my unsuccessful troubleshooting period, ntpq and then peers command would result in the No associated IDs or another error I've blocked from my memory.

Corrections welcomed.