|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better
|News||NTP -- Network Time Protocol||Recommended Links||Changing timezone in RHEL6 from the command line||Linux Networking Configuration||Troubleshooting NTP on Red Hat Linux|
|RHEL handling of DST change||Troubleshooting NTP on Solaris||ILO 3 NTP configuration||date command||Humor|
NOTE: for RHEL7 see Configuring Time Services in RHEL 7 and
NTP is built on the UDP protocol rather than TCP. UDP raises different issues with firewalls compared with TCP. Most of the time server firewalls should allow NTP to work without special configuration. NTP daemon has its own capabilities to restrict access so duplication is harmful.
- Trobleshooting issues are discussed at Troubleshooting NTP on Red Hat Linux
- Red Hat documentation can be found at chapter 29 of Red Hat Deployment Guide
- 29. Date and Time Configuration
- 29.1. Time and Date Properties
- 29.2. Network Time Protocol (NTP) Properties
- 29.3. Time Zone Configuration
In RHEL 5 ntpd behavior is controlled by the file /etc/ntp/ntpservers but it looks like it is not changed during the installation. You need to change it manually or via GUI.
If you did not put your ntp servers during the installation you can change /etc/ntp/ntpservers manually by adding the lines to the end. For example
server ntp1.your-company.com restrict ntp1.your-company.com mask 255.255.255.255 nomodify notrap noquery server ntp2.your-company.com restrict ntp2.your-company.com mask 255.255.255.255 nomodify notrap noquery
To ensure that NTP server start up automatically on reboot, you need enble it via the chkconfig command as follows:
chkconfig ntpd on chkconfig --list | grep ntpd ntpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
To start the server you can use service command
service ntpd start
To see that your NTP server is listening on UDP port 123, use the following command:
Typically NTP is configured during installation.
There is an additional problem that can be experienced with HP servers that have ILO 3. ILO 3 allows server clocks be synchronized via NTP too, but few people put those setting and local clock can be significantly off. On reboot if local clock is mentioned in /etc/ntp.conf clocks NTP daemon use then as initial setup. And if the value is set to local clock discrepancy can't be remedies by NTP daemon and it quits. One solution is to remove local clock as a time source from /etc/ntp.conf.
To check if ntpd is running correctly you can use the command ntpq -p
ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== ntp1.your-company.com 10.9.1.1 3 u 59 64 1 23.555 -5.558 0.001 ntp1.your-company.com 10.9.1.2 3 u 58 64 1 0.455 -1.511 0.001
To set the date to value of NTP server you can use
See also Troubleshooting NTP on Red Hat Linux
Below is an example iptables rule that allows NTP traffic from ANY source. This is just an example and should be checked against your security policy.iptables -I INPUT -p udp --dport 123 -j ACCEPTNow that we have our firewall rules in place to allow NTP synchronization, let's get the service installed and started.
Most modern Linux/UNIX distributions come with NTP already installed. For Red Hat based distros you can install the NTP package with yum:
... ... ....
Now we have to restrict the access these time servers will have on our system. In the example below we are telling NTP that these servers are not allowed to modify run-time configuration or query our system. The specified mask below is limiting the access to a single IP, or single host subnet.restrict 0.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noqueryrestrict wwv.nist.gov mask 255.255.255.255 nomodify notrap noqueryNow since we are setting up a server to "serve" time to other clients we have to tell it from which networks to allow NTP requests. We use the same basic restrict statement as above, but this time you will notice the noquery option is removed allowing said network to query this server. The following example allows everyone within the 10.0.0.0/24 network to query the server.restrict 10.0.0.0 mask 255.255.255.0 nomodify notrapAs with most services localhost gets full access. For this we use the same restrict statement but with no options.restrict 127.0.0.1That's it, we have now configured our NTP server to pull time synchronization from stratum 1 servers, and accept time synchronization requests from computers on our network. Now we have to start the service and make sure the service starts at boot. Before we go crazy let's make sure everything is working as expected and also run an initial update.
First, let's run an initial update.ntpq -p 0.us.pool.ntp.orgExpected output:remote refid st t when poll reach delay offset jitter ============================================================================== *0.us.pool.ntp.org 220.127.116.11 3 u 15 64 377 0.870 -0.164 0.170The important thing to note in the above output is delay, offset and jitter should all be NONE ZERO numbers and the jitter should be under 100. You can run the initial synchronization multiple times if you wish.
Now that we have done our initial sync and check completed, let's start the service.
Start the service:/etc/init.d/ntpd startWhen the service is started you should see something similar to this in your logs: (/var/log/messages)Mar 31 13:07:04 bighat ntpdate: step time server 18.104.22.168 offset 0.000574 secMake sure the service starts at boot:chkconfig ntpd on
September 6, 2008 | Andy CottrellThe best way to make sure servers have the correct time set on their system clock, is to use NTP to synchronize the clock to an external time source. I always use pool.ntp.org as the external source, as this represents a pool of servers who are willing to provide the service. All sorts of things can go wrong if you do not keep clocks set accurately - especially security stuff where ticket and certificate validity periods get checked automatically. I set this up on my CentOS box as follows (as root).
To check the client was installed:
yum list ntp
ntp.i386 4.2.2p1-8.el5.centos.1 installed
If it had not been, I would have used:
yum install ntp
To get the client started on system start:
chkconfig ntpd on
To force a sync of the clock to NTP now:
To start the service as if the system had been powered on:
Consumer hardware is notoriously bad at keeping accurate time. NTP is a service that can query other computers over the network and synchronize your computer's clock to their time. It's very complex to configure, since the network itself isn't instantaneous, and two or more computers will usually disagree as to exactly what time it is.
There is a list of publically accessible NTP servers at http://www.eecis.udel.edu/~mills/ntp/servers.htm, or see the actual NTP informational homepage at http://www.eecis.udel.edu/~ntp/ for other details.
Red Hat Linux comes with a sample
/etc/ntp.conf, but if you just want your machine to synchronize with a public server, I recommend removing that file and starting with a far simpler script. Remove the existing file and create one that looks like the following.
/etc/ntp.conf (complete sample file) # A very simple client-only ntp configuration. server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /etc/ntp/drift restrict default ignore restrict 127.0.0.0 mask 255.0.0.0 authenticate no
Choose your preferred NTP servers. Note that some servers are not available to the public, and some servers are too busy to handle new requests. Please do your homework in choosing appropriate servers that are geographically near you, and which will accept new public connections, and whether you must obtain their permission first.
You should select two or three servers for best results. For each server you find, discover its hostname and its fixed numerical address. Then add lines like the following to the
/etc/ntp.conffile you created above.
/etc/ntp.conf (additional lines for each server) server ntp5.someserver.etc restrict 22.214.171.124 nomodify # ntp5.someserver.etc
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: February 09, 2020