Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

RHEL 6 NTP configuration

News NTP -- Network Time Protocol Recommended Links Changing timezone in RHEL6 from the command line Linux Networking Configuration Troubleshooting NTP on Red Hat Linux
RHEL handling of DST change Troubleshooting NTP on Solaris ILO 3 NTP configuration   Humor Etc


Introduction

NTP is built on the UDP protocol rather than TCP.  UDP raises different issues with firewalls compared with TCP. Most of the time server firewalls should allow NTP to work without special configuration. NTP daemon has its own capabilities to restrict access so duplication is harmful.

Notes:

  1. Trobleshooting issues are discussed at Troubleshooting NTP on Red Hat Linux
  2. Red Hat documentation can be found at chapter 29 of Red Hat Deployment Guide
  3. 29. Date and Time Configuration
    29.1. Time and Date Properties
    29.2. Network Time Protocol (NTP) Properties
    29.3. Time Zone Configuration

Enabling ntpd daemon

In RHEL 5 ntpd behavior is controlled by the file /etc/ntp/ntpservers but it looks like it is not changed during the installation.  You need to change it manually or via GUI.

If you did not put your ntp servers during the installation you can change  /etc/ntp/ntpservers manually by  adding the lines to the end. For example

server ntp1.your-company.com
restrict ntp1.your-company.com mask 255.255.255.255 nomodify notrap noquery
server ntp2.your-company.com
restrict ntp2.your-company.com mask 255.255.255.255 nomodify notrap noquery

To ensure that  NTP server start up automatically on reboot, you need enble it via the chkconfig command as follows:

chkconfig ntpd on
chkconfig --list | grep ntpd
ntpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off

To start the server you can use service command

service ntpd start

To see that your NTP server is listening on UDP port 123, use the following command:

netstat -tuna

Typically NTP is configured during installation.

Note:

There is an additional problem that can be experienced with HP servers that have ILO 3. ILO 3 allows server clocks be synchronized via NTP too, but few people put those setting and local clock can be significantly off. On reboot if local clock is mentioned in /etc/ntp.conf clocks NTP daemon use then as initial setup. And if the value is set to local clock discrepancy can't be remedies by NTP daemon and it quits. One solution is to remove local clock as a time source from /etc/ntp.conf.

How to check if ntpd is running correctly

To check if ntpd is running correctly you can use the command ntpq -p

ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
ntp1.your-company.com 10.9.1.1    3 u   59   64    1   23.555   -5.558   0.001
ntp1.your-company.com 10.9.1.2    3 u   58   64    1    0.455   -1.511   0.001

How to set the date to value of NTP server

To set the date to value of NTP server you can use

ntpdate ntp1.your-company.com

See also Troubleshooting NTP on Red Hat Linux


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

Configuring an NTP server in Red Hat by Savona

Below is an example iptables rule that allows NTP traffic from ANY source. This is just an example and should be checked against your security policy.

iptables -I INPUT -p udp --dport 123 -j ACCEPT
Now that we have our firewall rules in place to allow NTP synchronization, let's get the service installed and started.

Most modern Linux/UNIX distributions come with NTP already installed. For Red Hat based distros you can install the NTP package with yum:

... ... ....

Now we have to restrict the access these time servers will have on our system. In the example below we are telling NTP that these servers are not allowed to modify run-time configuration or query our system. The specified mask below is limiting the access to a single IP, or single host subnet.

restrict 0.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict wwv.nist.gov mask 255.255.255.255 nomodify notrap noquery
Now since we are setting up a server to "serve" time to other clients we have to tell it from which networks to allow NTP requests. We use the same basic restrict statement as above, but this time you will notice the noquery option is removed allowing said network to query this server. The following example allows everyone within the 10.0.0.0/24 network to query the server.
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
As with most services localhost gets full access. For this we use the same restrict statement but with no options.
restrict 127.0.0.1
That's it, we have now configured our NTP server to pull time synchronization from stratum 1 servers, and accept time synchronization requests from computers on our network. Now we have to start the service and make sure the service starts at boot. Before we go crazy let's make sure everything is working as expected and also run an initial update.

First, let's run an initial update.

ntpq -p 0.us.pool.ntp.org
Expected output:
remote refid st t when poll reach delay offset jitter
============================================================================== 
*0.us.pool.ntp.org 128.32.206.55 3 u 15 64 377 0.870 -0.164 0.170
The important thing to note in the above output is delay, offset and jitter should all be NONE ZERO numbers and the jitter should be under 100. You can run the initial synchronization multiple times if you wish.

Now that we have done our initial sync and check completed, let's start the service.

Start the service:

/etc/init.d/ntpd start
When the service is started you should see something similar to this in your logs: (/var/log/messages)
Mar 31 13:07:04 bighat ntpdate[18253]: step time server 66.191.139.149 	offset 0.000574 sec
Make sure the service starts at boot:
chkconfig ntpd on

Setting up an NTP client on CentOS 5.2

September 6, 2008 | Andy Cottrell
The best way to make sure servers have the correct time set on their system clock, is to use NTP to synchronize the clock to an external time source. I always use pool.ntp.org as the external source, as this represents a pool of servers who are willing to provide the service. All sorts of things can go wrong if you do not keep clocks set accurately - especially security stuff where ticket and certificate validity periods get checked automatically. I set this up on my CentOS box as follows (as root).

To check the client was installed: yum list ntp
It was: ntp.i386 4.2.2p1-8.el5.centos.1 installed
If it had not been, I would have used: yum install ntp
To get the client started on system start: chkconfig ntpd on
To force a sync of the clock to NTP now: ntpdate pool.ntp.org
To start the service as if the system had been powered on: /etc/init.d/ntpd start

Red Hat Configuration HOWTOs

Consumer hardware is notoriously bad at keeping accurate time. NTP is a service that can query other computers over the network and synchronize your computer's clock to their time. It's very complex to configure, since the network itself isn't instantaneous, and two or more computers will usually disagree as to exactly what time it is.

There is a list of publically accessible NTP servers at http://www.eecis.udel.edu/~mills/ntp/servers.htm, or see the actual NTP informational homepage at http://www.eecis.udel.edu/~ntp/ for other details.

Red Hat Linux comes with a sample /etc/ntp.conf, but if you just want your machine to synchronize with a public server, I recommend removing that file and starting with a far simpler script. Remove the existing file and create one that looks like the following.

/etc/ntp.conf (complete sample file)
# A very simple client-only ntp configuration.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10 
driftfile /etc/ntp/drift
restrict default ignore
restrict 127.0.0.0 mask 255.0.0.0
authenticate no

Choose your preferred NTP servers. Note that some servers are not available to the public, and some servers are too busy to handle new requests. Please do your homework in choosing appropriate servers that are geographically near you, and which will accept new public connections, and whether you must obtain their permission first.

You should select two or three servers for best results. For each server you find, discover its hostname and its fixed numerical address. Then add lines like the following to the /etc/ntp.conf file you created above.

/etc/ntp.conf (additional lines for each server)
server ntp5.someserver.etc
restrict 123.123.123.123 nomodify  # ntp5.someserver.etc

Recommended Links



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: August 13, 2017