CentOS/RHEL/SL Configure a NTP Client And Server

Linux‎ > ‎

CentOS/RHEL/SL Configure a NTP Client And Server

Thank you for visiting this page, this page has been update in another link NTP client configuration and NTP Server config on RHEL and CentOS

Configure a NTP Client

1. install ntp and ntpdate packages

#yum install ntp ntpdate

Caution
NTP communicates over UDP port 123. Ensure that no firewall is blocking this traffic.

2. Enable upstream synchronization by defining the upstream time servers in the ntp.conf file. Check with your network administrator if time services are provided on the corporate network.

server time1.aaa.com
server time2.aaa.com
server time3.aaa.com
3. Configure downstream access for the client. To do so, disable the default "noquery" option. Here is an example
# Permit time synchronization with our time source,
# but do not permit the source to query or modify the service on this system.

restrict 10.0.1.244 mask 255.255.255.255 nomodify notrap noquery
restrict 10.0.1.245 mask 255.255.255.255 nomodify notrap noquery
restrict 10.0.1.246 mask 255.255.255.255 nomodify notrap noquery
# note: 10.0.1.244 are time1/time2/time3.aaa.com

Replace ips/hosts with the network address of your network. You may also need to adjust the netmask (255.255.255.0).
Remove the # character at the start of the line to uncomment this entry. Once you have finished editing, save the /etc/ntp.conf file.

4. Start the NTP service and set it to launch automatically upon boot.

# service ntpd start
# chkconfig ntpd on

5. When NTP is running, check upstream synchronization. The ntpq command should output something similar to this example:

# ntpq -p
     remote           refid      st t when poll reach   delay   offset jitter
==============================================================================
*time1.aaa.com    10.0.1.244    2 u 872 1024 377    0.221    0.265   0.023
+time2.aaa.com    10.0.1.245    2 u 864 1024 377    1.462    0.805   1.251
...
When upstream NTP is working properly, delay and offset values should be non-zero and the jitter value should be below 100.

6.Test downstream synchronization from another server in the management network to ensure that NTP services are working. Note that it may take several minutes before your NTP server is able to provide time services to downstream clients. Begin by checking the stratum level of your server:

# ntpq -c rv
assID=0 status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg,
version="ntpd 4.2.4p8@1.1612-o Fri Feb 22 03:55:10 UTC 2013 (1)",
processor="x86_64", system="Linux/2.6.32-358.11.1.el6.x86_64", leap=00,
stratum=3, precision=-23, rootdelay=0.909, rootdispersion=30.394,
peer=17306, refid=10.0.16.244,
reftime=d5ca0f3e.853ac3fb Thu, Aug 29 2013 11:19:42.520, poll=10,
clock=d5ca0fa1.a1f315a4 Thu, Aug 29 2013 11:21:21.632, state=4,
offset=0.479, frequency=52.919, jitter=0.387, noise=0.318,
stability=0.024, tai=0

issue the following command:
This command runs ntpdate in debug mode, in which case the availability of the remote time server is checked. If the debug run ends in a line similar to the one in this example, the test is successful. In case the stratum level is too high(>=16), the error message "Server dropped: strata too high" is displayed.

# ntpdate -d time1.aaa.com
[...]
delay 0.02582, dispersion 0.00000
offset 0.000171

29 Aug 11:24:32 ntpdate[19421]: adjust time server 10.0.16.244 offset 0.000171 sec

When you find a satisfactory server, run the ntpdate command followed by one or more server addresses:

# ntpdate server_address...

For instance:

# ntpdate time1 time2 time3

Unless an error message is displayed, the system time should now be set.

ntpdc is used to query the ntpd daemon about its current state and to request changes in that state. Here is one o fexample to query sysinfo

#ntpdc -c sysinfo
system peer:          time1.aaa.com
system peer mode:     client
leap indicator:       00
stratum:              3
precision:            -23
root distance:        0.00107 s
root dispersion:      0.03882 s
reference ID:         [10.0.1.244]
reference time:       d5ca133e.837307e5 Thu, Aug 29 2013 11:36:46.513
system flags:         auth monitor ntp kernel stats
jitter:               0.000870 s
stability:            0.000 ppm
broadcastdelay:       0.007996 s
authdelay:            0.000000 s

Note: If the synchronization with the time server at boot time keeps failing, i.e., you find a relevant error message in the /var/log/boot.log system log, try to add the following line to /etc/sysconfig/network:

NETWORKWAIT=1

Configure a NTP Server
If you have lots of server and desktop system, configure your own NTP server. Your NTP server contacts a central NTP server,provided by your local gps time server or a public time server located at ntp.org, to obtain accurate time data. The server then allows other machines on your network to request the time data. Our sample setup:

in /etc/ntp.conf, for example on time1.aaa.com

server gpstime.aaa.com iburst prefer maxpoll 6
peer time2.aaa.com
peer time3.aaa.com
server 127.127.1.0

Of course, some restricions

# Prohibit general access to this service.
restrict default ignore

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1

restrict vlan1 mask 255.255.224.0 nomodify notrap #noquery
restrict vlan2 mask 255.255.0.0 nomodify notrap

restrict vlan3 mask 255.255.255.0 nomodify notrap
...

Replace van1-3 with you real vlan subnet, as well mask

Remember to change iptables for client access !

# service ntpd start

#  ntpdc -c sysinfo
system peer:          gpstime.aaa.com
system peer mode:     client
leap indicator:       00
stratum:              2
precision:            -20
root distance:        0.00072 s
root dispersion:      0.00586 s
reference ID:         []
reference time:       d5ca15d6.ae9a9eea  Thu, Aug 29 2013 11:47:50.682
system flags:         auth monitor ntp kernel stats 
jitter:               0.000076 s
stability:            0.000 ppm
broadcastdelay:       0.007996 s
authdelay:            0.000000 s
To look at connection information, run this command on each nat box:
# ntpdc -n -c sysinfo -c peers -c monlist
To see the server relationship, look at time1 and time2, for example:
$ /usr/sbin/ntpq -c peers time1

Comments