Setting up NTP (Linux, Mac OS X, Win2K)

Submitted by charlie.collins on Sun, 08/17/2003 - 21:08

Tagged:

Tutorials

I finally decided to setup NTP (Network Time Protocol) the other day after years of simply adjusting system clocks and not getting around to using something to automatically keep them synchronized(Im rather slow, pun intended). So I get the NTP rpms from rpmfind (I use rpms because I like to do that, they are easy to install and easy to update and keep track of versions and so on, so long as you dont need to get really specific, if you prefer just get the source from ntp.org and compile ). I then look for and find a plethora of howto's on NTP that are far more complicated than I need. I keep looking and finally start to figure it out after a mixture of google and man page research. Basically you setup a local NTP server that syncs itself with remote NTP servers (so yes, its technically also a client). The local server syncs with servers that are really really really damn accurate (these are called Stratum 1 servers, these usually involve some Cesium laying around and decaying or something like that) and servers that are only really really accurate (these are called Stratum 2 servers). Pick some servers that are geographically sensible and allow you access them from this list. In order to tell your LOCAL NTP server what remote servers it should sync with you setup a config file, etc/ntp.conf. The ntp.conf file not only sets up the remote servers that your local server will use for sync but also defines some local server settings and sets up some security guidelines (who can query your server and so on). My ntp.conf looks like this:

# defaults
#
###restrict default ignore
restrict 127.0.0.1 
restrict 10.0.0.0 mask 255.0.0.0 notrust nomodify notrap

# servers
#
# terrapin.csc.ncsu.edu 152.1.58.124 - stratum 1 open
# lerc-dns.lerc.nasa.gov (128.156.1.43) - stratum 1 open
# now.okstate.edu (139.78.100.163) stratum 1 open
# rolex.usg.edu - stratum 2 open send note (timekeeper@usg.edu)
# timex.usg.edu - stratum 2 open send note (timekeeper@usg.edu)
server rolex.usg.edu         # stratum 2 
server timex.usg.edu         # stratum 2

# restrict servers
#
restrict 198.72.72.10 mask 255.255.255.255 nomodify notrap noquery  
restrict 131.144.4.9 mask 255.255.255.255 nomodify notrap noquery   
# local clock
#
server	127.127.1.0	# local clock
fudge	127.127.1.0 stratum 10	

# drift file
#
driftfile /etc/ntp/drift
broadcastdelay	0.008

As you can see I am using a couple of University of Georgia servers (yeah I know, lets hear the jokes, dawgs and math, maybe I will pick some Ga Tech servers on second thought). Anyway, you probably dont want to use these servers yourself because the may not make geographic sense (duh) and they are NOT totally public, so check the list. Once you have a conf file setup you of course start ntp. With Red Hat the init script is installed with the rpm and its located at /etc/init.d. SO start it with /etc/init.d/ntpd start. Then you use another program thats included to query the ntp server and see how its doing, ntpq. Run "ntpq -p" to see if things actually worked. Ntpq shows that offset of times between client and server, and what the adjustment was, and so on. You can also of course check the system time to see if its right on, I mean RIGHT on. Get some Cesium and then . . . . nevermind, check the USNO Master Time and compare. So thats the server. Then other machines can fairly easily be clients. In my case I used Linux clients, Mac OS X clients and even a few Windows 2000 clients. Guess which one was the hardest to setup? In linux you just run "ntpdate -s serverip". And in every case I used it (about 12 machines( it worked flawlessly. It logs in messages that its changing things and the clocks are all spot on. Of course you then setup a small cron script to run every hour or so and re-check. In Mac OS X you go to System Preferences --> Date & Time and then you click the "Network Time" tab, then enter the IP of the server and bam, its done, and it works. In Windows you go to the control panel and click the network time icon, oh wait, thats what you SHOULD DO, in reality that doesnt exist. Go to command prompt and use:

NET TIME /SetSNTP:192.168.200.10
NET TIME /QuerySNTP
w32tm -v -once -period 65532

NET TIME obviously starts the time service (which I could not get to start from control panel --> services, I tried). The "w32tm" program is really for debugging time but can be used to tell Windows 2000 to sync (doesnt make sense to me either). For more on the windows matters see this MS knowledge base article Once I did this Windows did sync the time, it didnt seem to log anything in event viewer though, and it also reset the time zone to Pacific (which none of the other OSes did). I reset the time zone myself and re-synched while watching the server log, and it all worked. The bottom line is that now all my machines have VERY accurate times and they are all in synch with each other and all the clocks are re-adjusted automatically as they drift. NTP is good, you need to use it (dont wait years like I did).

Add new comment

Comments

Re: Setting up NTP (Linux, Mac OS X, Win2K)

Submitted by Nathan (not verified) on Mon, 08/18/2003 - 08:17.

I've got a bunch of W32 clients as well, and have found that a net time entry in the login script also works. You've gotta mess with the permissions a bit (to allow users to change the time on their machines), but it works pretty well. In the login script, just add: net time /set /yes

forgot this in my last post

Submitted by nathan (not verified) on Mon, 08/18/2003 - 08:19.

In order for that little added bit in the login script to work, you'll need to have Samba running on the NTP server. Also, you can use winat (windows version of cron, sortof) to set the time on servers so that you don't have to login / out of them.

Better way of passing on the time than ntpdate

Submitted by StuP (not verified) on Tue, 08/19/2003 - 23:04.

Rather than using ntpdate on your other un*x-like machines to pass on the nicely sync'd date, you can use ntp on them too. Instead of using the gatech servers as the time server, just use your own little linux box that is sync'd against the gatech machines as being a local time source. That way you have your own private time server for your own private network. (IIRC, it would be a stratum 3 server, but that's a rusty memory from long ago). One advantage is that with ntp you don't get steps in the time, the ntp daemon slews the time slowly (you can also do that with more recent versions of ntpdate, I think). But if the clock is wandering on its own (I've seen clocks wander by minutes per day) then ntpdate only helps correct this wandering, it doesn't actually correct the clock frequency (which is what ntp does). BTW Nathan's comment about using SMB for time negotiation is a good one -- I've used that many times for things since the days of Win95. [%sig%]

Re: Better way of passing on the time than ntpdate

Submitted by atrox (not verified) on Wed, 08/20/2003 - 08:18.

thats exactly what i meant. setup a LOCAL time server (which must synch with some remote servers) and then use ntpdate to hit that LOCAL server within your network. thats pretty much what the article says as i re-read it. you absolutely DONT need to setup another LOCAL server (using ntpd again) on each machine thats inside the internal network. DO USE ntpdate just like i said but point it at the local server (the ONE local machine running ntpd), that way you dont have to even have the daemon installed , configured, running on multiple machines.

RE: Setting up NTP (Linux, Mac OS X, Win2K)

Submitted by anonymous (not verified) on Tue, 04/05/2005 - 02:04.

I want to configure my box (ntp server) in a way that it does not instead query other servers on the internet and can broadcast the time (on the same ntp server) to the local machines. How will i do that as i have successfully setup my ntp server querying other servers on the internet and then updating the time on local network. Thanks

RE: Better way of passing on the time than ntpdate

Submitted by dumpedcore (not verified) on Sat, 04/23/2005 - 01:01.

Re: your response, Atrox [20-Aug-2003] Actually, you misunderstood what StuP was getting at. ntpdate is a hack of a solution, and even if run regularly from cron, will result in jittering of time. Running ntpd on each individual linux client is a much better solution. ntpd can run as a 'client' - that is, it will correct the local clock but won't offer ntp to other systems. ntpd then runs happily in the background, ensuring your clock is always in sync against your local ntp server. -Mike.