NTP is a network protocol used to synchronize the time in our systems. NTP was designed and currently maintained by Dave Mills. This protocol is organized of a hierarchical way, the main server is called stratum-0, this servers has the highest level of accuracy of the time. Within the stratum-0 group, there are some servers with a bit lower accuracy due that receive the time over GPS satellites or radio stations and have to correct the time depending on the transmission time. The main servers stratum-0 provide the time to the stratum-1 servers, this servers are public and are the primary servers to provide the time in Internet. In a lower level we have secondary servers called stratum-2, this servers send request to the startum-1 servers and use NTP algorithm to obtain the best data. Stratum-3 servers are below startum-2 servers and are used to send request to stratum-2 and act as a server for lower strata in the hierarchy.
Install ntp server and ntp utilities
# yum install ntp ntp-perl ntpdate
Configuring the NTP server
– With this configuration I’ll use three stratum-2 public servers, if the connection fails with the public servers ntp will use hardware clock to obtain the time, using a lower priority setting a stratum 10 value. Also I’ll allow the local network 192.168.1.0/24 hosts can synchronize with the server. Edit /etc/ntp.conf:
#drift file is used by ntp to store the frequency error from ntp servers driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could # be tightened as well, but to do so would effect some of # the administrative functions. restrict 127.0.0.1
# Hosts on local network are less restricted. restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project. server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org
# Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10
– Add iptables rule:
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
– Starting ntpd service:
# service ntpd start # chkconfig --levels 235 ntpd on
Configuring the ntp client
– Edit configuration file /etc/ntp.conf:
driftfile /var/lib/ntp/ntp.drift
server 192.168.1.250
restrict -4 default kod notrap nomodify nopeer noquery
restrict 127.0.0.1
– Restart ntp service:
# service ntpd restart
Checking the ntp server
– From the client send a ntp query to verify the server operation with ntpq command:
# ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.250 173.255.226.203 11 u 1 64 1 0.572 -56.051 0.000
– ntpdate command is used to set local time over a ntp server. With -d option will show more debug information of every step with the conversation with the server:
# ntpdate -d 192.168.1.250 1 Sep 19:53:52 ntpdate[30609]: ntpdate [email protected] Sun Oct 17 13:45:14 UTC 2010 (1) transmit(192.168.1.250) receive(192.168.1.250) transmit(192.168.1.250) receive(192.168.1.250) transmit(192.168.1.250) receive(192.168.1.250) transmit(192.168.1.250) receive(192.168.1.250) transmit(192.168.1.250) server 192.168.1.250, port 123 stratum 3, precision -21, leap 00, trust 000 refid [192.168.1.250], delay 0.02625, dispersion 0.00009 transmitted 4, in filter 4 reference time: d3ecc9e8.4f754141 Sat, Sep 1 2012 19:52:40.310 originate timestamp: d3ecca36.52cecf88 Sat, Sep 1 2012 19:53:58.323 transmit timestamp: d3ecca36.58b5d137 Sat, Sep 1 2012 19:53:58.346 filter delay: 0.02625 0.02628 0.02640 0.02640 0.00000 0.00000 0.00000 0.00000 filter offset: -0.02386 -0.02381 -0.02367 -0.02365 0.000000 0.000000 0.000000 0.000000 delay 0.02625, dispersion 0.00009 offset -0.023868 1 Sep 19:54:00 ntpdate[30609]: adjust time server 192.168.1.250 offset -0.023868 sec
Pingback:Update your system clock