Linux‎ > ‎

CentOS/RHEL/SL Configure a NTP Client And Server

Thank you for visiting this page, this page has been update in another link NTP client configuration and NTP Server config on RHEL and CentOS

Configure a NTP Client
1. install ntp and ntpdate packages
#yum install ntp ntpdate

NTP communicates over UDP port 123. Ensure that no firewall is blocking this traffic.

2. Enable upstream synchronization by defining the upstream time servers in the ntp.conf file. Check with your network administrator if time services are provided on the corporate network.
3. Configure downstream access for the client. To do so, disable the default "noquery" option. Here is an example
# Permit time synchronization with our time source,
# but do not
permit the source to query or modify the service on this system.

restrict mask nomodify notrap noquery
restrict mask nomodify notrap noquery
restrict mask nomodify notrap noquery

# note: are time1/time2/

Replace ips/hosts with the network address of your network. You may also need to adjust the netmask (
Remove the # character at the start of the line to uncomment this entry. Once you have finished editing, save the /etc/ntp.conf file.
4.  Start the NTP service and set it to launch automatically upon boot.
# service ntpd start
# chkconfig ntpd on
5. When NTP is running, check upstream synchronization. The ntpq command should output something similar to this example:
# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
*    2 u  872 1024  377    0.221    0.265   0.023    2 u  864 1024  377    1.462    0.805   1.251
When upstream NTP is working properly, delay and offset values should be non-zero and the jitter value should be below 100.

6.Test downstream synchronization from another server in the management network to ensure that NTP services are working. Note that it may take several minutes before your NTP server is able to provide time services to downstream clients. Begin by checking the stratum level of your server:
#  ntpq -c rv
assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg,
version="ntpd 4.2.4p8@1.1612-o Fri Feb 22 03:55:10 UTC 2013 (1)",
processor="x86_64", system="Linux/2.6.32-358.11.1.el6.x86_64", leap=00,
stratum=3, precision=-23, rootdelay=0.909, rootdispersion=30.394,
peer=17306, refid=,
reftime=d5ca0f3e.853ac3fb  Thu, Aug 29 2013 11:19:42.520, poll=10,
clock=d5ca0fa1.a1f315a4  Thu, Aug 29 2013 11:21:21.632, state=4,
offset=0.479, frequency=52.919, jitter=0.387, noise=0.318,
stability=0.024, tai=0

 issue the following command:
This command runs ntpdate in debug mode, in which case the availability of the remote time server is checked. If the debug run ends in a line similar to the one in this example, the test is successful. In case the stratum level is too high(>=16), the error message "Server dropped: strata too high" is displayed.

# ntpdate -d
delay 0.02582, dispersion 0.00000
offset 0.000171

29 Aug 11:24:32 ntpdate[19421]: adjust time server offset 0.000171 sec

 When you find a satisfactory server, run the ntpdate command followed by one or more server addresses:

# ntpdate server_address...

For instance:

# ntpdate time1 time2 time3

Unless an error message is displayed, the system time should now be set.

ntpdc is used to query the ntpd daemon about its current state and to request changes in that state. Here is one o fexample to query sysinfo

#ntpdc -c sysinfo
system peer:
system peer mode:     client
leap indicator:       00
stratum:              3
precision:            -23
root distance:        0.00107 s
root dispersion:      0.03882 s
reference ID:         []
reference time:       d5ca133e.837307e5  Thu, Aug 29 2013 11:36:46.513
system flags:         auth monitor ntp kernel stats
jitter:               0.000870 s
stability:            0.000 ppm
broadcastdelay:       0.007996 s
authdelay:            0.000000 s

Note:  If the synchronization with the time server at boot time keeps failing, i.e., you find a relevant error message in the /var/log/boot.log system log, try to add the following line to /etc/sysconfig/network:


Configure a NTP Server
If you have lots of server and desktop system, configure your own NTP server. Your NTP server contacts a central NTP server,provided by your local gps time server or a public time server located at, to obtain accurate time data. The server then allows other machines on your network to request the time data. Our sample setup:
in /etc/ntp.conf, for example on

server iburst prefer maxpoll 6

Of course, some restricions
# Prohibit general access to this service.
restrict default ignore

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.

restrict vlan1 mask nomodify notrap #noquery
restrict vlan2 mask nomodify notrap
restrict vlan3 mask nomodify notrap

Replace van1-3 with you real vlan subnet, as well mask

Remember to change iptables for client access !

     # service ntpd start

# ntpdc -c sysinfo
system peer:
system peer mode: client
leap indicator: 00
stratum: 2
precision: -20
root distance: 0.00072 s
root dispersion: 0.00586 s
reference ID: []
reference time: d5ca15d6.ae9a9eea Thu, Aug 29 2013 11:47:50.682
system flags: auth monitor ntp kernel stats
jitter: 0.000076 s
stability: 0.000 ppm
broadcastdelay: 0.007996 s
authdelay: 0.000000 s

To look at connection information, run this command on each nat box:

# ntpdc -n -c sysinfo -c peers -c monlist

To see the server relationship, look at time1 and time2, for example:

$ /usr/sbin/ntpq -c peers time1