A time server provides a convenient way to set the correct time, and maintain the accuracy of the internal clock on your computer. This tutorial explains how to set up a time server for a local network and eliminate the need for computers to query external time servers directly. For this tutorial, the NTP server software provided by Internet Systems Consortium, Inc. (ISC) will be used. An alternative is the OpenNTPD software, but this tutorial will not cover it.
Software Installation
On Gentoo, the ntp package contains both the NTP server (ntpd) and client utilities. It needs to be installed on both your time server and every computer that will synchronize to it.
To install ntp on Gentoo, simply emerge it:
# emerge ntp
You may want to verify that the caps USE flag is set before you begin the emerge so that the ntpd daemon will use Linux capabilities. Keep in mind that Linux capabilities also have to be enabled in your kernel.
Ubuntu Feisty (7.04) and newer versions also provide a single ntp package:
$ sudo apt-get install ntp
But Ubuntu Dapper (6.06LTS) and Edgy (6.10), have separate packages for the client utilities
$ sudo apt-get install ntp
and the server.
$ sudo apt-get install ntp-server
Check your distribution's package manager to make sure you install the correct package(s).
Server Configuration
The server in this tutorial will be setup as a standalone server. It will provide time service to one or more local networks and synchronize its system clock to one or more external time servers. The NTP documentation discusses additional operating modes, like peering, and more complicated mission-critical setups, but these topics are beyond the scope of this tutorial.
The main configuration file for the ntpd daemon is ntp.conf. It is usually installed in /etc, but this may be different on your distribution. The following steps outline the configuration process for ntpd as a server:
-
Open your ntp.conf file with a text editor. The default ntp.conf file should have several commands with locations that may be specific to your system.
-
Look for a line containing the driftfile command. This command specifies a file that is used by ntpd to improve its timekeeping performance. It is important that this line is kept enabled. If your distribution's package does not have a designated driftfile, you should read its documentation, find an appropriate location to store the driftfile, and specify one.
-
Look for a line containing the logfile command. This command specifies a file where messages are logged, as an alternative to syslog(3). You may wish to comment it out so that messages are logged by syslog(3) and the log is rotated automatically.
/etc/ntp.conf... driftfile /var/lib/ntp/ntp.drift # logfile /var/log/ntp.log ... -
-
Specify one or more server commands. The server command instructs ntpd to periodically query an external time server and synchronize the system clock. For a list of public time servers check the ntp.org website or search the Internet for time servers provided by institutions in your geographic region. For example, synchronizing to a time server provided by the National Institute of Standards and Technology's (NIST) Time and Frequency Division in the United States is specified with the following command:
/etc/ntp.conf... server time.nist.gov ...Usually you should specify more than one server for synchronization, in case of network problems outside of your network. However, ntpd will only use up to three of the specified servers at a time to keep the system clock synchronized.
-
(Optional) Use the minpoll and maxpoll options with the server command. These options define how often your server queries the external time server(s). The defaults are 6 for minpoll and 10 for maxpoll. The polling period for both minpoll and maxpoll is 2x seconds where x is the number specified for the option. You should manually set these to higher values than the defaults since there is no need to poll the external time server(s) that often. The range of the two options is 4 - 17.
/etc/ntp.conf... server time.nist.gov minpoll 7 maxpoll 11 ... -
Use the restrict command to define the level of access to your time server. By default, with no restrict commands, the server has no restrictions. You may want to read the ntp.conf man page for more information on the available options.
The default (0.0.0.0 mask 0.0.0.0 or [::/128]) restrictions should usually be very limiting, like the following:
/etc/ntp.conf... restrict -4 default noquery nomodify nopeer notrap restrict -6 default ignore ...The "-4" and "-6" after the restrict keyword are address qualifiers that determine whether the following should be resolved to an IPv4 or IPv6 address respectively.
After the default restrictions are specified, lesser restrictions need to be defined for your local subnets. The following example illustrates restrictions for the example, local, IPv4 subnets 192.168.0.0/24 and 192.168.1.0/24.
/etc/ntp.conf... restrict 127.0.0.1 nomodify nopeer notrap restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap restrict 192.168.1.0 mask 255.255.255.0 nomodify nopeer notrap ... -
(Optional) The NTP server can announce its presence on the network by both broadcasting and multicasting. Multicasting is covered in the ntp.conf man page and will not be covered here. To enable the server to announce its presence through broadcasts, use the broadcast command and specify a broadcast address.
/etc/ntp.conf... broadcast 192.168.1.255 minpoll 10 ...The minpoll option is not mandatory. It defines the broadcast frequency in the same way as it did for the server keyword. You should use it and set it to a reasonable value to reduce broadcast traffic on your targeted broadcast address.
The ntpd daemon should now be configured and can be started. This is what a complete ntp.conf file might look like:
/etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
#logfile /var/log/ntp.log
server time.nist.gov minpoll 6 maxpoll 10
server time-a.nist.gov minpoll 6 maxpoll 10
server time-b.nist.gov minpoll 6 maxpoll 10
broadcast 192.168.1.255 minpoll 10
restrict -4 default noquery nomodify nopeer notrap
restrict -6 default ignore
restrict 127.0.0.1 nomodify nopeer notrap
restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
restrict 192.168.1.0 mask 255.255.255.0 nomodify nopeer notrap
Client Configuration
There are more than a couple of ways to configure ntpd as a simple client. Three of them are explained in the following sections.
DHCP Client Overwrite
On Linux, the DHCP client has the ability to overwrite the ntp.conf file with settings that will allow a computer to synchronize to NTP servers that a DHCP server advertises. If this feature is disabled on your distribution, look at the documentation for your DHCP client to try to enable it.
To advertise NTP servers with your DHCP server, add the ntp-servers option to the server's dhcpd.conf configuration file.
/etc/dhcp/dhcpd.conf
...
option ntp-servers 192.168.0.1;
...
Manually Configured
Specify the domain name or IP address of your local time server with the server command. For example, if 192.168.0.254 is the IP address of your NTP server:
/etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
#logfile /var/log/ntp.log
server 192.168.0.254
restrict -4 default ignore
restrict -6 default ignore
restrict 127.0.0.1 nomodify nopeer notrap
restrict 192.168.0.254 nomodify nopeer notrap
You need to make sure that the DHCP client will not overwrite your ntp.conf file. On Gentoo, you can disable this overwrite by adding nontp to the DHCP configuration options in /etc/conf.d/net, as shown below.
/etc/conf.d/net
...
dhcp_eth0="nontp"
...
Broadcast Listening
To enable your ntpd daemon to receive broadcasts from a local time server, you need to add the following lines to your ntp.conf file. Also you have to remove the nopeer option from the default restriction, otherwise ntpd will not open a new client connection to the NTP server when it receives a broadcast packet.
/etc/ntp.conf
...
disable auth
broadcastclient
restrict -4 default noquery nomodify notrap
...
Here is what a complete configuration might look like:
/etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
#logfile /var/log/ntp.log
disable auth
broadcastclient
restrict -4 default noquery nomodify notrap
restrict -6 default ignore
restrict 127.0.0.1 nomodify nopeer notrap
Additional Setup
On Gentoo, you may want to enable this option to "set the Hardware Clock to the current System Time during shutdown."
File: /etc/conf.d/clock
...
# If you want to set the Hardware Clock to the current System Time
# during shutdown, then say "yes" here.
CLOCK_SYSTOHC="yes"
...
Running the Server/Client
On Gentoo, simply start the service.
# /etc/init.d/ntpd start
You also want to add it to your default runlevel so it will always start automatically at boot.
# rc-update add ntpd default
The time server/client will take some time to synchronize to its external provider. You can check this synchronization process with the ntpq command. Here is an example of what the output will look like on a working server:
$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+india.colorado. .ACTS. 1 u 357 68m 377 46.433 5.071 0.152
*time-B.timefreq .ACTS. 1 u 585 68m 377 42.934 1.160 8.319
+time.nist.gov .ACTS. 1 u 396 68m 377 49.633 -0.656 1.736
The asterisk (*) in front of "time-B.timefreq" indicates that the server is synchronized and is providing time service.
If your server is broadcasting to a particular subnet, the result of the ntpq command will have an additional like similar to the following:
192.168.1.255 .BCST. 16 u - 256 0 0.000 0.000 0.001
References
- Gentoo-wiki: HOWTO NTP
- Time servers
- Wikipedia: Network Time Protocol
- The Network Time Protocol (NTP) Distribution by David Mills
- Network Time Synchronization Research Project by David Mills
-
MAN Pages
- man ntp.conf
- man dhcp-options
-
On Gentoo
- /etc/conf.d/net.example
- /etc/conf.d/clock
Posts
No comments:
Post a Comment