So, the problems I was having must have been with my customized config (where I was trying to make it impossible for external hosts to query my server, which I'm already doing with my firewall so I'm not too worried about).
Here is the Ubuntu 10.0.4 in its entirety, with comments removed: driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable server ntp.restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery restrict 127.0.0.1 restrict ::1 I welcome feedback on how this config might be improved.
For example, when a Cisco 2600 or 3600 series router loses power or the network administrator needs to reload it, the time and date are lost.And verify this also, run ntpdate and startup ntpd, is the time keeping in sync? Of course first verify that you have a solid NTP server and your system clock is reliable.I knew that was it - my skew was 47 seconds and my HW clock was also 47 seconds off. My first clue was Kerberos failures seen in the logs.I also made a ticket with my VPS provider asking them for a detailed recommendation on the best thing to do.I pointed them to this thread, and some other documentation indicating that maybe the CPU allocation would cause a timing problem.NTP Version 3 is a standard—formalized in RFC 1305—that uses the User Datagram Protocol (UDP) and port 123.Unlike PCs or servers, Cisco network devices specifically need to run NTP to synchronize the time and date.This will make the clock run faster, or slower, than is really happening.Since ntp is trying to measure changes on the assumption that your clock is a fixed-rate faster or slower than the rest of the world, this speeding up and slowing down will give ntp fits and it will probably eventually just give up, with the result that :_The_NTP_Server you might want to post the contents of your file, the output of the debug commands like ntpq -p And check your date/time?If this critical information isn't accurate, a variety of things can go wrong.That means event logs and firewall logs can be incorrect, you might not be able to tell when your router rebooted, and/or Windows devices may not be able to log in to the domain.