Thursday, August 23, 2007

Setting up your own ntp server

NTP or network time protocol is a protocol that will synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver or modem. Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to achieve high accuracy and reliability.
Follow the below setup to install your ntp server:

1. install ntp: $ yum install -y ntp

2. edit ntp.conf: $ vi /etc/ntp.conf
example of ntp.conf:
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org
#server 1.rhel.pool.ntp.org
#server 2.rhel.pool.ntp.org
#server mst.sirim.my prefer
#server my.pool.ntp.org

#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server mst.sirim.my prefer
#server my.pool.ntp.org


# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

3. If the server you are setting up do not have internet connection, you can synchronize it with the local time of the server itself. Just comment the server part, and change it to 127.127.1.0. The sratum level is for determining what level this time server is set up for. Stratum 0 usually refers to real clock, for example atomic (cesium, rubidium) clocks or GPS clocks or other radio clocks. Stratum 1 is the machine connected to stratum 0 devices.

#server mst.sirim.my prefer
#server my.pool.ntp.org
server 127.127.1.0
fudge 127.127.1.0 stratum 10

4. synchronize the server's time with the ntp server: $ ntpdate -du mst.sirim.my

5. start ntp service: $ /etc/init.d/ntpd start

In the client machine, just type: $ ntpdate -du ntpservername. You can also put this command in crontab for the client to be update frequently

5 comments:

Mark said...

I still get this message on the client Linux box trying to access my ntp server after following your instructions:

ntpdate[31859]: no server suitable for synchronization found

Even when I try to access 0.fedora.pool.ntp.org I get this. My ntp server system can access and sync to 0.fedora.pool.ntp.org just fine, so not exactly sure what is occurring.

Mark

blackorga said...

Hi Mark,

Make sure your firewall is not blocking port 123.

TQ

Donnie said...

I will be setting up a CentOS system that will not have internet access. I have devices (IP Phones) that will connect to this server to grab the time. Since there will be no internet connection available and the IP phones require connection to an NTP server will your post work?


Thanks!

Donnie

Jim said...

Mark, I know this is an old comment but this might hel others. If you run ntpdate while your ntp daemon is running you may get the error you describe. Try turning off ntpd
#service ntpd stop
then run your ntpdate command
Start ntpd back up after. Once your sync'd then ntpd should be able to make corrections without the need for ntpdate.

Monika Gupta said...

Nice post...I look forward to reading more, and getting a more active part in the talks here, whilst picking up some knowledge as well..