Linux Horizon

NTP - Network Time Protocol

Hacker Emblem

First of all go to www.ntp.org and download the ntp software. For some linux distribution it is not necessary to download it because it came with it (ex. RedHat). Check that before you download it.

After that you must configure your ntp.conf file. This file is located in /etc directory. In other distributions may be else where. Is no problem at all. At the bottom of this page you can find an example of ntp.conf. In my example I used 9 ntp servers (7 stratum 1 and 2 stratum 2). See documentation for more info about stratum servers.

Here you can find a list of ntp servers:

NTP Time Servers
Public NTP Primary (stratum 1) Time Servers
Public NTP Secondary (stratum 2) Time Servers
Free NTP Server - Public Time Servers (a huge list of servers)
Starting the service 
#/etc/init.d/ntpd start 
or (for RedHat/Fedora distributions) 
#service ntpd start 

Checking the services 
For ntp local server:  
#ntpq -p 
If your server is working your output may look similar: 
     remote           refid      st t when poll reach   delay   offset  jitter 
============================================================================== 
 LOCAL(0)        LOCAL(0)        10 l   55   64  377    0.000    0.000   0.008 
+Arbomedia.Custo ntp0.NL.net      2 u  566 1024  377   18.677    1.099   0.400 
-NAVOBS1.MIT.EDU .PSC.            1 u  561 1024  377  122.875   -2.975   7.921 
-clock.redhat.co .CDMA.           1 u  591 1024  377  132.980    4.174  14.051 
-ntp2.ja.net     .GPS.            1 u  592 1024  377   61.604    2.499   4.402 
+chronos.cru.fr  .GPS.            1 u  589 1024  377   50.455    0.000   6.575 
*ntp-p1.obspm.fr .1PPS.           1 u  363 1024  377   45.575    0.941   7.764 
-hora.cs.tu-berl .PPS.            1 u 1409 1024  356   45.205   -1.288   2.531 
-rustime01.rus.u .DCFp.           1 u  582 1024  377   47.172    3.774   8.768 
-metasweb01.admi ntp1.ptb.de      2 u  571 1024  377   97.079  -17.763  22.128 

If your server do not pass the firewall the output looks like this: 
     remote           refid      st t when poll reach   delay   offset  jitter 
============================================================================== 
topaz.conuropsi 0.0.0.0         16 u    -   64    0    0.000    0.000  4000.00 
Notice the jitter value. A jitter 4000.00 it means that the server can not 
synchronize with the remote. The port 123 UDP is open??? See "Security and
Firewall section" for more. 

Now, if everything is OK, you can check from a ntp client (a linux host in example): 
#ntpdate ntp_server 
Output: 
 9 Feb 15:47:33 ntpdate[10665]: adjust time server ntp_server offset 0.001643 sec 

Now you can save into the BIOS: 
#hwclock -w 

That's all!!!

ATTENTION!!! You must wait few minutes (2-10) between starting the ntp server and finishing the synchronization. Meantime any interogation from ntp hosts will fail... Just wait those minutes... Do not be hurry :-) Take a cup of coffee. By the way...do you know it looks the caffeine molecule? Click here to find out.

Security and Firewall
The ntp server need the port 123 UDP open for source and for destination as well. It means that ntp local server is working on UDP port 123 and when it synchronize with other ntp server, the destination port of packets will be UDP 123. But the tools that you run for setting up your clock may be use upper ports (between 1023 and 65535).
In IPTABLES a line for ntp server (running local) looks like this:

/sbin/iptables -A INPUT -p udp --dport 123 -j ACCEPT
/sbin/iptables -A OUTPUT -p udp --sport 123 -j ACCEPT

ATTENTION !!! This is just an example. Your firewall can be different. Before you start check your firewall configuration. For more documentation go to iptables home page or you can download a good documentation from this site (Security & Privacy Section) or directly from here. A good and comprehensive survey of the NTP Network you can find on the Massachusetts Institute of Technology (MIT) site

For a full ntp documentation go to NTP documentation site or you can write me at linuxhorizon@linuxhorizon.ro and I'll try to help you...


#NTP.CONF start
restrict 127.0.0.1
restrict 192.168.0.0 mask 255.255.0.0 notrust nomodify notrap

server ntp.ip.ro
server tick.mit.edu
server clock.redhat.com
server ntp2.ja.net
server chronos.cru.fr
server ntp-p1.obspm.fr
server ntp1.curie.fr
server ntps1-0.cs.tu-berlin.de
server rustime01.rus.uni-stuttgart.de
server ntp.metas.ch

restrict ntp.ip.ro mask 255.255.255.255 notrust nomodify notrap
restrict click.redhat.com mask 255.255.255.255 notrust nomodify notrap
restrict ntp2.ja.net mask 255.255.255.255 notrust nomodify notrap
restrict chronos.cru.fr mask 255.255.255.255 notrust nomodify notrap
restrict ntp-p1.obspm.fr mask 255.255.255.255 notrust nomodify notrap
restrict ntp1.curie.fr mask 255.255.255.255 notrust nomodify notrap
restrict ntps1-0.cs.tu-berlin.de mask 255.255.255.255 notrust nomodify notrap
restrict rustime01.rus.uni-stuttgart.de mask 255.255.255.255 notrust nomodify notrap
restrict tick.mit.edu mask 255.255.255.255 notrust nomodify notrap
restrict ntp.metas.ch mask 255.255.255.255 notrust nomodify notrap

server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10

driftfile /etc/ntp/drift
broadcastdelay 0.008

authenticate yes
keys /etc/ntp/keys

logfile /var/log/ntp.log
#NTP.CONF end


LiNUX Horizon it is a NetXpert Partner

LiNUX Horizon Main Page | LiNUX Horizon Online Shop | LiNUX Horizon Forum


No Banana Union - No Software Patents Say NO to software patents!

Valid XHTML 1.0! Valid CSS! Viewable With Any Browser