Walker News

Configure Linux NTP Time Synchronization Server In A Minute

You may not care about time synchronization of a personal computer, but it’s critical to most server applications. Hence, server system administrators have to ensure that NTP server is working at all time!
NTP, or Network Time Protocol, is a TCP/IP protocol used for time synchronization. NTP client (such as ntpdate) synchronize system time with designated NTP time servers (such as ntpd of Linux), which are generally classified in stratum 1 and stratum 2.
Stratum 1 NTP server is using an atomic clock for precise timing, while stratum 2 NTP server is using non-atomic clock that produce slightly less accurate timing. NTP.org is generally a creditable site for reference of public-available, Internet NTP time servers of both stratum 1 and stratum 2.

Steps to setup Linux NTP time synchronization

Should be applicable to Redhat, Debian, Linux / UNIX alike.
Assumption:
WalkerNews is a Linux machine in DMZ segment, running ntpd to synchronize its system time with Internet NTP servers, and is in turn function as a local master NTP server for other networked computer devices in the internal local area network.

WN2 is a Linux server in 172.20.1.x segment (internal local area network) that’s request time synchronization with WalkerNews via NTP client ntpdate.

1) Install Linux NTP time server ntpd and NTP client ntpdate that come with respective Linux distribution. For example,

Redhat Linux:
rpm -Uvh ntp-4.1.2-4.EL3.1.rpm

Debian Sarge:
apt-get install ntp

2) Edit WalkerNews Linux NTP server configuration file
/etc/ntp.conf

(create this file if it’s not exists).

a) Add in the at least two public NTP servers to reduce dependencies on any single external time server. For example,
server time.nist.gov
server stdtime.gov.hk

b) Define the way of these Internet NTP servers to behave. For example, following setting defined that Internet NTP servers are not allow to modify WalkerNews run-time configuration or query WalkerNews ntpd server:
restrict time.nist.gov mask 255.255.255.255 nomodify notrap noquery
restrict stdtime.gov.hk mask 255.255.255.255 nomodify notrap noquery

c) Since WalkerNews Linux NTP time server is also serving internal servers time synchronization, I’ll also have to define respective network segments which is sending NTP time synchronization requests to WalkerNews. For example,
restrict 172.20.1.0 mask 255.255.255.0 notrust nomodify notrap

This is to allow servers and/or networked devices in 172.20.1.x segment (with a maximum of 255 devices) sending NTP time synchronization requests to reach at WalkerNews Linux NTP server.

d) It’s also nice to allow 127.0.0.1 localhost to query WalkerNews Linux NTP server. The reason is to make troubleshooting easier, when it happens that other local servers are unable to synchronize time with WalkerNews.
restrict 127.0.0.1

e) That’s all for now. Save the ntp.conf file and restart ntpd time server with this command:

Redhat Linux
service ntpd restart

Debian Sarge
/etc/init.d/ntp restart

During the start-up, both NTP servers might take some times to synchronize, probably few ten seconds to minutes.

To confirm WalkerNews Linux NTP time server is synchronizing system clock with those Internet NTP servers specified in step 2a, try to execute ntpq -p command in root command prompt. If time synchronization is working fine, the ntpq -p command output should show mark the NTP server it sync to with asterisk. Besides, both “delay” and “offset” shouldn’t be zero, while “jitter” value should be well below 100.
If ntpd time synchronization fails, try to replace FQDN of Internet NTP server with its IP address. Also, make sure that the firewall is not blocking NTP traffic.

Next, to confirm WN2 on 172.20.1.x segment is able to perform time synchronization with WalkerNews Linxu NTP time server, type ntpdate -q WalkerNews.net – both “delay” and “offset” shouldn’t be zero too. Otherwise, you’ll also see “no server suitable for synchronization found” error in the ntpdate -q command output!

Custom Search

  1. David W 30-01-09@16:03

    Thank you very much. Very easy to follow and quick to do. And useful. Thanks. :D

  2. Walker 19-05-09@15:31

    Typo error, the ntpq -q should be ntpq -p

  3. Tanim 03-09-09@12:58

    Thanks a lot for needed information.

  4. M. KHAN 04-12-10@03:47

    Thanks, Very nicely done. And explained very well.

    MK

  5. RA 17-01-11@23:14

    Thanks for this post, easy to follow, and saved me lots of time.

2014  •  Privacy Policy