Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Time synchronization with ntp daemon.
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3, 4, 5  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
carlos123
Guru
Guru


Joined: 12 Feb 2003
Posts: 536
Location: Alberta, Canada.

PostPosted: Thu Mar 13, 2003 11:40 am    Post subject: Time synchronization with ntp daemon. Reply with quote

FAST START INSTRUCTIONS TO GETTING NTPD RUNNING
(Please NOTE that these instructions are two years old and that things may have changed since I wrote them. I just don't have time to keep them updated these days so if someone wants to change them or let me know how I can let them do that please PM me or just do it - if you know how. Thanks.)

The following instructions will install the ntpd program. After following the instructions below your system time will automatically be kept accurate by ntpd. Which will synchronize your computer's time with that kept by a time server out on the Internet.


  1. # emerge ntp
  2. # cp /usr/share/ntp/ntp.conf /etc/ntp.conf
  3. Find three timeservers from here.
    Note: do NOT use a Stratum 1 server unless you are authorized to do so! Using at least three time servers will ensure that your time gets updated if any one or more of the three is not available at any one point in time.
  4. # nano /etc/ntp.conf
    Note: or use any other editor like vi, vim, emacs, etc..
  5. Add "server <your_timeserver_domain_name>" on a seperate line for each of the three time servers you chose earlier.
    Note: do NOT add "iburst" to these lines if you have an always on connection to the Internet like ADSL or cable if you want the most accurate time synchronization. Otherwise the time will only be updated about once an hour in a burst. "iburst" is really more for those whose internet connection will generally be getting started and stopped such as with dial-up.
  6. # nano /etc/conf.d/ntpd
  7. Uncomment the NTPDATE_CMD="ntpdate" line.
  8. Uncomment the NTPDATE_OPTS="-b someserver" line.
  9. Replace "someserver" with the domain name of one of the three servers you chose.
    Note: I am not yet sure how to add multiple servers to this line.
  10. # /etc/init.d/ntpd start
  11. # rc-update add ntpd default
  12. Verify that correct time was set by going to
    http://tycho.usno.navy.mil/cgi-bin/timer.pl (for North American time zones only - use http://www.worldtimeserver.com/ to get International time zones).

  13. Verify that the time servers are being accessed by typing "ntpq -p" at the command prompt. You should see the time servers being contacted as output.


Discussion leading up to these instructions can be found at http://forums.gentoo.org/viewtopic.php?p=240688#240688. Thanks to forum member, cederberg, for the original idea and set of instructions on which the above are based.

If you turn off your computer and then restart it and the time is off by too great of an amount, ntpd may refuse to start until you manually correct the time and bring it more in line with the correct time. To do that:


  1. # /etc/init.d/ntpd stop
    Note: this is just to stop anything still running that ntpd uses.
  2. Set your time manually.
  3. # /etc/init.d/ntpd start
    Note: restarts everything needed by ntpd to operate.


If the above or any other instructions don't work check the ntpd log at /var/log/ntpd.log for additional insight as to possible reasons.

A few miscellaneous notes:

ntp is a protocol. ntpd is a daemon that is both an ntp server (serving up time) and an ntp client (getting the time from an ntp server). The ntp server part is not useful unless it gets it's time from an external source of time. Under Gentoo "emerging ntp" will install ntpd.

If you see any innacuracies in these intructions please send me a private email so that I can research and revise the instructions. I will respond to all emails though it might take me a few days.

By sending me a private email it will avoid confusion from those who might read your communication on this thread.

To send me a private email just hit the "pm" button at the bottom of this thread.

If these instructions have helped you I would be overjoyed to hear that too :)

Thanks.

Carlos

PS. If you are surprised by the great number of times that I have edited these instructions please be aware that this is due to my search for the perfect and most easily understood instructions and notes. Not because the basic instructions themselves needed a lot of revising due to errors.


Last edited by carlos123 on Sat Feb 05, 2005 5:05 pm; edited 26 times in total
Back to top
View user's profile Send private message
Gnufsh
Guru
Guru


Joined: 28 Dec 2002
Posts: 400
Location: Portland, OR

PostPosted: Thu Mar 13, 2003 9:59 pm    Post subject: Reply with quote

You have to emerge ntp first, right?
Back to top
View user's profile Send private message
AlterEgo
Veteran
Veteran


Joined: 25 Apr 2002
Posts: 1619

PostPosted: Thu Mar 13, 2003 10:04 pm    Post subject: Reply with quote

Complicated......

I just emerged ntp
and made a cronjob "ntpdate ntp.xs4all.nl" every hour/day whatever.

Simple :)
Back to top
View user's profile Send private message
zojas
Veteran
Veteran


Joined: 22 Apr 2002
Posts: 1138
Location: Phoenix, AZ

PostPosted: Thu Mar 13, 2003 10:11 pm    Post subject: Reply with quote

but ntpd is much better. It actually figures out how much your clock drifts, and can continually and smoothly adjust the clock with sub-second accuracy, rather than jerking it to the correct time once an hour.

also with ntpd you can specify multiple servers in your /etc/ntp.conf file. the ntpd daemon can use more than one time source.
Back to top
View user's profile Send private message
magne
n00b
n00b


Joined: 05 Jan 2003
Posts: 27
Location: sarpsborg / norway

PostPosted: Thu Mar 13, 2003 10:22 pm    Post subject: Reply with quote

yep
Back to top
View user's profile Send private message
NickDaFish
Tux's lil' helper
Tux's lil' helper


Joined: 12 Sep 2002
Posts: 112
Location: Boston, USA

PostPosted: Fri Mar 14, 2003 3:39 am    Post subject: Reply with quote

Four those of you with security in mind you may want to add the following lines to your /etc/ntp.conf.....
Code:
# By default don't listen to anyone
restrict default ignore

# allow full access to local IPs
restrict 127.0.0.1
restrict 192.168.1.1

# allow time server's packets but don't allow config modifications
restrict 10.0.0.1 nomodify

(Example assumes that the host is running on 192.168.1.1 and that the time server is 10.0.0.1)

I *think* that allows you full access, your timeservers limited access and by default ignores everyone else.

If you want to support clients on a 192.168.1.0 network I think you would also need a line like this.....
Code:
restrict 192.168.1.0 mask 255.255.255.0 nomodify


I say think alot because there is alot of cryptic docs (IMHO) for ntp. The page I got most of these options from is here: http://www.eecis.udel.edu/~mills/ntp/html/accopt.html.

EDIT: Descovered that the dispite what the docs listed above say you don't appear to be able to use DNS host names with restrict. Any one with any insite on why not please let me know.
Back to top
View user's profile Send private message
scout
Veteran
Veteran


Joined: 08 Mar 2003
Posts: 1991
Location: France, Paris en Semaine / Metz le W-E

PostPosted: Fri Mar 14, 2003 3:02 pm    Post subject: Reply with quote

To continue with security ... I had to open the udp port "ntp" for ntpd and ntpdate to work (I have a stateful firewall). Could someone confirm me that ntpd and ntpdate can only use udp ?.
Back to top
View user's profile Send private message
Koon
Retired Dev
Retired Dev


Joined: 10 Dec 2002
Posts: 518

PostPosted: Fri Mar 14, 2003 4:16 pm    Post subject: Re: Time synchronization with ntp daemon. Reply with quote

carlos123 wrote:
Note: do NOT use a Stratum 1 server unless you are authorized to do so!


Clean way if you have multiple machines : set up one host as a Stratum 3 (sync with a Stratum 2) and set up the others as Stratum 4 (sync on your Stratum 3 host) : this way you will not overload the Stratum 2 servers !

-K
Back to top
View user's profile Send private message
Forse
Apprentice
Apprentice


Joined: 26 Dec 2002
Posts: 260
Location: /dev/random

PostPosted: Fri Mar 14, 2003 5:14 pm    Post subject: nice post Reply with quote

Thnx for a nice tip =)
_________________
[ My sites ]: UnixTutorials : AniFIND : AnimeYume
Back to top
View user's profile Send private message
zojas
Veteran
Veteran


Joined: 22 Apr 2002
Posts: 1138
Location: Phoenix, AZ

PostPosted: Fri Mar 14, 2003 5:22 pm    Post subject: Reply with quote

scout wrote:
To continue with security ... I had to open the udp port "ntp" for ntpd and ntpdate to work (I have a stateful firewall). Could someone confirm me that ntpd and ntpdate can only use udp ?.


you should only have to open the ports if you want other hosts to be able to use your ntpd to synchronize their clocks. If you just want to get your local clock synchronized, the standard NEW and ESTABLISHED,RELATED rules should allow your ntpd to use ntpds on the internet as time sources.

but since you brought it up, I'm interested in this too for my laptop, so I experimented with iptables. (when I'm at home, I use my laptop as an ntpd peer to my workstation)

to my laptop, i only allowed tcp packets to 123. I logged and dropped udp packets to 123, and also logged (but allowed) tcp packets to 123.

set up ntp on the laptop and got it running. ran it on another machine with the only server entry in ntp.conf as the laptop.

it tried to send udp packets to the laptop, never tried to send tcp packets.

once I allowed the udp packets through and blocked the tcp ones, it worked, 'ntpq -p' on the client machine started giving data about the laptop's ntp server.
Back to top
View user's profile Send private message
Gnufsh
Guru
Guru


Joined: 28 Dec 2002
Posts: 400
Location: Portland, OR

PostPosted: Sun Mar 16, 2003 4:25 pm    Post subject: Re: Time synchronization with ntp daemon. Reply with quote

Koon wrote:
carlos123 wrote:
Note: do NOT use a Stratum 1 server unless you are authorized to do so!


Clean way if you have multiple machines : set up one host as a Stratum 3 (sync with a Stratum 2) and set up the others as Stratum 4 (sync on your Stratum 3 host) : this way you will not overload the Stratum 2 servers !

-K


How do I do this?
Back to top
View user's profile Send private message
zojas
Veteran
Veteran


Joined: 22 Apr 2002
Posts: 1138
Location: Phoenix, AZ

PostPosted: Sun Mar 16, 2003 4:41 pm    Post subject: Reply with quote

for your local ntp server, put about 5 'server' lines in the ntp.conf file, each 'server' being a different stratum 2 time server on the internet.

like this:

Code:

server server1
server server2
server server3
server server4
server server5


say the host name of your local ntp server is 'one', and you have four other machines, 'two', 'three', 'four', and 'five'. then the ntp.conf file on 'two' should have this in it:

Code:

server one
peer three
peer four
peer five


then the ntp.conf files for the others are similar, so all your internal machines use 'one' as a server and all the other internal machines as peers.

a 'server' line is a host that you will use to set your local clock. a 'peer' is one where the relationship goes both ways; the peer may also ask you for the correct time.

this way 'one' gets time from the internet, and all the others get time from 'one' and also help each other out.
Back to top
View user's profile Send private message
Gnufsh
Guru
Guru


Joined: 28 Dec 2002
Posts: 400
Location: Portland, OR

PostPosted: Sun Mar 16, 2003 4:54 pm    Post subject: Reply with quote

The url link doesn't work, it's got a extra slach at the end.
http://www.eecis.udel.edu/~mills/ntp/clock2a.html/
should be
http://www.eecis.udel.edu/~mills/ntp/clock2a.html
Back to top
View user's profile Send private message
Gnufsh
Guru
Guru


Joined: 28 Dec 2002
Posts: 400
Location: Portland, OR

PostPosted: Sun Mar 16, 2003 4:56 pm    Post subject: Reply with quote

Do I have to do anything special to the server to get it to reply to incoming requests?
Back to top
View user's profile Send private message
zojas
Veteran
Veteran


Joined: 22 Apr 2002
Posts: 1138
Location: Phoenix, AZ

PostPosted: Sun Mar 16, 2003 5:07 pm    Post subject: Reply with quote

not to ntpd by default (your firewall needs to allow udp port 123)
Back to top
View user's profile Send private message
RayVan
n00b
n00b


Joined: 12 Aug 2002
Posts: 40
Location: Houston, Tx

PostPosted: Thu Mar 27, 2003 8:48 pm    Post subject: Reply with quote

AlterEgo wrote:
Complicated......

I just emerged ntp
and made a cronjob "ntpdate ntp.xs4all.nl" every hour/day whatever.

Simple :)


Not good. If your clock is running fast, this will 'step' the clock backward, instead of 'skew'ing it. If this ever happens /during/ a compilation, make will give you very odd errors, and you will be extremely confused. Having files created in the future on your drive can be a bad thing.

FYI, the documentation for ntpdate specifically tells you NOT to do this.


Last edited by RayVan on Sun Mar 30, 2003 5:37 am; edited 1 time in total
Back to top
View user's profile Send private message
cederberg
Guru
Guru


Joined: 23 Jan 2003
Posts: 349
Location: Stockholm / Sweden

PostPosted: Fri Mar 28, 2003 12:44 am    Post subject: Reply with quote

RayVan wrote:
AlterEgo wrote:
Complicated......

I just emerged ntp
and made a cronjob "ntpdate ntp.xs4all.nl" every hour/day whatever.

Simple :)


Not good. If your clock is running fast, this will 'step' the clock backward, instead of 'skew'ing it. If this ever happens /during/ a compilation, make will give you very odd errors, and you will be extremely confused. Having files created in the future on your drive can be a bad thing.

From reading the ntp distribution documentation, it looks like the ntpdate utility is also to be removed in the future... I'd guess these type of problems is the reason.
Back to top
View user's profile Send private message
sarnold
Developer
Developer


Joined: 28 Nov 2002
Posts: 115
Location: California

PostPosted: Sat Mar 29, 2003 2:29 am    Post subject: I'm glad you mentioned that... Reply with quote

I just wrote a post here on ntp config without using ntpdate. It seems to work just fine, and no waiting for the time to stabilize either (just a short delay when the ntpd init script starts up).

I still need to get auth working, and I also didn't mention the access rules I use on my stratum 3 servers. I think I need to consolidate this stuff into one doc (since I already got a request to do that)...
Back to top
View user's profile Send private message
Cluster
Tux's lil' helper
Tux's lil' helper


Joined: 26 Jul 2002
Posts: 146
Location: Cedar Rapids, Iowa

PostPosted: Sat Sep 27, 2003 10:16 pm    Post subject: Reply with quote

After doing all this (thanks for clear, simple instructions!), is there a way to know that the clock does in fact get corrected and everything is fine? For example, is there a logfile that I can check for recent ntpd activity?
Back to top
View user's profile Send private message
zojas
Veteran
Veteran


Joined: 22 Apr 2002
Posts: 1138
Location: Phoenix, AZ

PostPosted: Sat Sep 27, 2003 10:46 pm    Post subject: Reply with quote

it will log stuff in your system logs.
_________________
http://www.desertsol.com/~kevin/ppc
Back to top
View user's profile Send private message
Cluster
Tux's lil' helper
Tux's lil' helper


Joined: 26 Jul 2002
Posts: 146
Location: Cedar Rapids, Iowa

PostPosted: Sun Sep 28, 2003 5:43 am    Post subject: Reply with quote

One more thing: as far as I can see, my machine has now become an NTP server. I read some documentation that says that ntpd can be configured to allow other machines (clients?) to modify the server's time. My question: are the default security settings correct in that my machine can issue time, but does not accept time from any hosts other than those in my configuration files?

Is there anything I should be concerned about, now that I run ntpd?
Back to top
View user's profile Send private message
TGL
Bodhisattva
Bodhisattva


Joined: 02 Jun 2002
Posts: 1978
Location: Rennes, France

PostPosted: Sun Sep 28, 2003 11:05 am    Post subject: Reply with quote

Cluster wrote:
After doing all this (thanks for clear, simple instructions!), is there a way to know that the clock does in fact get corrected and everything is fine? For example, is there a logfile that I can check for recent ntpd activity?

To check that everything is running as expected, you can use ntptrace and ntpq -p. Both have manpages.


And now something different: for people who use dhcp to configure their network, it can be usefull to tell dhcpcd not to use the ntp configuration that the dhcp provides (for instance my DSL modem/router provides one). This can be done by adding the -N option to dhcpd in /etc/conf.d/net:
Code:
iface_eth0="dhcp"
dhcpcd_eth0="-R -N"
Back to top
View user's profile Send private message
ronmon
Veteran
Veteran


Joined: 15 Apr 2002
Posts: 1043
Location: Key West, FL

PostPosted: Sun Sep 28, 2003 4:45 pm    Post subject: Reply with quote

To expand on TGL's advice, after extensive man and HOWTO reading, I could not find a way to add the -N option for a pcmcia network device (specifically my Orinoco) to prevent the overwriting of my /etc/ntp.conf. So I added "-c /etc/ntp.conf.good" (after creating the file) to my /etc/conf.d/ntpd file.
Back to top
View user's profile Send private message
tovrstra
n00b
n00b


Joined: 13 Aug 2003
Posts: 66
Location: Gent, Belgium

PostPosted: Tue Sep 30, 2003 9:39 am    Post subject: Reply with quote

Some ntp-related things seem to have changed in the portage tree. Now there is an extra configfile (/etc/conf.d/ntp-client) which contains some parameters that were in (/etc/conf.d/ntdp) before. An init.d script has been added too (/etc/init.d/ntp-client). Both /etc/init.d/ntp-client and /etc/init.d/ntpd have to be started (in this order) to sync the clock. There are still two things I don't understand:

1) Why should /etc/init.d/ntp-client be started first. It only starts ${NTPCLIENT_CMD} >/dev/null ${NTPCLIENT_OPTS}. In my case NTPCLIENT_CMD="ntpdate" and NTPCLIENT_OPTS="-b ntp.telenet.be" After that I start /etc/init.d/ntpd and everything works fine.

2) I set NTPCLIENT_OPTS="-b ntp.telenet.be" in /etc/conf.d/ntp-client, but when I execute ntpq -p I get the three servers configured in /etc/ntp.conf:

Code:
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        LOCAL(0)         5 l   23   64  377    0.000    0.000   0.015
+bia.telenet-ops Time2.Stupi.SE   2 u  357  512  377   15.075   20.077   0.584
*mserv.ugent.be  swisstime.ee.et  2 u  292  512  377   32.172   28.298   6.403
+ntp1.belbone.be ntp2-rz.rrze.un  2 u  345  512  377   35.311   -9.690  24.702


Why has NTPCLIENT_OPTS="-b ntp.telenet.be" to be set in /etc/conf.d/ntp-client when /etc/ntp.conf all the info ntpd needs?
Back to top
View user's profile Send private message
cederberg
Guru
Guru


Joined: 23 Jan 2003
Posts: 349
Location: Stockholm / Sweden

PostPosted: Tue Sep 30, 2003 10:01 am    Post subject: Reply with quote

tovrstra wrote:
1) Why should /etc/init.d/ntp-client be started first.

The ntp-client retrieves current time, sets the clock, and quits. This may adjust the clock several hours if needed, depending on how much your machine clock had drifted since it was last shutdown. This is a safety measure, as the ntpd daemon cannot compensate for clock drifts that are too large.

The ntpd server that you subsequently start, maintains your clock by connecting to several ntp servers. It needs several servers to get the most accurate time. If your computer clock is incorrect, it will be adjusted in small steps (possibly subsecond) making it hardly visible. The ntpd server guarantees that time will always flow forward, and it will not adjust your computer clock backward. Rather, it will make each second a bit longer until the correct time has been reached. It may make large steps forward, though, if I recall correctly.

tovrstra wrote:
Why has NTPCLIENT_OPTS="-b ntp.telenet.be" to be set in /etc/conf.d/ntp-client when /etc/ntp.conf all the info ntpd needs?

Well, as ntpdate is a stand-alone program it takes all its arguments on the command-line. It does not read the ntpd server configuration file (ntp.conf). Also, it only needs a single time server, as it will not try to set the clock more than roughly accurate (with a precision of about a second).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page 1, 2, 3, 4, 5  Next
Page 1 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum