Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better

RHEL 6 NTP configuration

News NTP -- Network Time Protocol Recommended Links Changing timezone in RHEL6 from the command line Linux Networking Configuration Troubleshooting NTP on Red Hat Linux
RHEL handling of DST change Troubleshooting NTP on Solaris ILO 3 NTP configuration date command Humor  

NOTE: for RHEL7 see Configuring Time Services in RHEL 7 and


Introduction

NTP is built on the UDP protocol rather than TCP.  UDP raises different issues with firewalls compared with TCP. Most of the time server firewalls should allow NTP to work without special configuration. NTP daemon has its own capabilities to restrict access so duplication is harmful.

Notes:

  1. Trobleshooting issues are discussed at Troubleshooting NTP on Red Hat Linux
  2. Red Hat documentation can be found at chapter 29 of Red Hat Deployment Guide
  3. 29. Date and Time Configuration
    29.1. Time and Date Properties
    29.2. Network Time Protocol (NTP) Properties
    29.3. Time Zone Configuration

Enabling ntpd daemon

In RHEL 5 ntpd behavior is controlled by the file /etc/ntp/ntpservers but it looks like it is not changed during the installation.  You need to change it manually or via GUI.

If you did not put your ntp servers during the installation you can change  /etc/ntp/ntpservers manually by  adding the lines to the end. For example

server ntp1.your-company.com
restrict ntp1.your-company.com mask 255.255.255.255 nomodify notrap noquery
server ntp2.your-company.com
restrict ntp2.your-company.com mask 255.255.255.255 nomodify notrap noquery

To ensure that  NTP server start up automatically on reboot, you need enble it via the chkconfig command as follows:

chkconfig ntpd on
chkconfig --list | grep ntpd
ntpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off

To start the server you can use service command

service ntpd start

To see that your NTP server is listening on UDP port 123, use the following command:

netstat -tuna

Typically NTP is configured during installation.

Note:

There is an additional problem that can be experienced with HP servers that have ILO 3. ILO 3 allows server clocks be synchronized via NTP too, but few people put those setting and local clock can be significantly off. On reboot if local clock is mentioned in /etc/ntp.conf clocks NTP daemon use then as initial setup. And if the value is set to local clock discrepancy can't be remedies by NTP daemon and it quits. One solution is to remove local clock as a time source from /etc/ntp.conf.

How to check if ntpd is running correctly

To check if ntpd is running correctly you can use the command ntpq -p

ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
ntp1.your-company.com 10.9.1.1    3 u   59   64    1   23.555   -5.558   0.001
ntp1.your-company.com 10.9.1.2    3 u   58   64    1    0.455   -1.511   0.001

How to set the date to value of NTP server

To set the date to value of NTP server you can use

ntpdate ntp1.your-company.com

See also Troubleshooting NTP on Red Hat Linux


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

Configuring an NTP server in Red Hat by Savona

Below is an example iptables rule that allows NTP traffic from ANY source. This is just an example and should be checked against your security policy.

iptables -I INPUT -p udp --dport 123 -j ACCEPT
Now that we have our firewall rules in place to allow NTP synchronization, let's get the service installed and started.

Most modern Linux/UNIX distributions come with NTP already installed. For Red Hat based distros you can install the NTP package with yum:

... ... ....

Now we have to restrict the access these time servers will have on our system. In the example below we are telling NTP that these servers are not allowed to modify run-time configuration or query our system. The specified mask below is limiting the access to a single IP, or single host subnet.

restrict 0.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict wwv.nist.gov mask 255.255.255.255 nomodify notrap noquery
Now since we are setting up a server to "serve" time to other clients we have to tell it from which networks to allow NTP requests. We use the same basic restrict statement as above, but this time you will notice the noquery option is removed allowing said network to query this server. The following example allows everyone within the 10.0.0.0/24 network to query the server.
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
As with most services localhost gets full access. For this we use the same restrict statement but with no options.
restrict 127.0.0.1
That's it, we have now configured our NTP server to pull time synchronization from stratum 1 servers, and accept time synchronization requests from computers on our network. Now we have to start the service and make sure the service starts at boot. Before we go crazy let's make sure everything is working as expected and also run an initial update.

First, let's run an initial update.

ntpq -p 0.us.pool.ntp.org
Expected output:
remote refid st t when poll reach delay offset jitter
============================================================================== 
*0.us.pool.ntp.org 128.32.206.55 3 u 15 64 377 0.870 -0.164 0.170
The important thing to note in the above output is delay, offset and jitter should all be NONE ZERO numbers and the jitter should be under 100. You can run the initial synchronization multiple times if you wish.

Now that we have done our initial sync and check completed, let's start the service.

Start the service:

/etc/init.d/ntpd start
When the service is started you should see something similar to this in your logs: (/var/log/messages)
Mar 31 13:07:04 bighat ntpdate[18253]: step time server 66.191.139.149 	offset 0.000574 sec
Make sure the service starts at boot:
chkconfig ntpd on

Setting up an NTP client on CentOS 5.2

September 6, 2008 | Andy Cottrell
The best way to make sure servers have the correct time set on their system clock, is to use NTP to synchronize the clock to an external time source. I always use pool.ntp.org as the external source, as this represents a pool of servers who are willing to provide the service. All sorts of things can go wrong if you do not keep clocks set accurately - especially security stuff where ticket and certificate validity periods get checked automatically. I set this up on my CentOS box as follows (as root).

To check the client was installed: yum list ntp
It was: ntp.i386 4.2.2p1-8.el5.centos.1 installed
If it had not been, I would have used: yum install ntp
To get the client started on system start: chkconfig ntpd on
To force a sync of the clock to NTP now: ntpdate pool.ntp.org
To start the service as if the system had been powered on: /etc/init.d/ntpd start

Red Hat Configuration HOWTOs

Consumer hardware is notoriously bad at keeping accurate time. NTP is a service that can query other computers over the network and synchronize your computer's clock to their time. It's very complex to configure, since the network itself isn't instantaneous, and two or more computers will usually disagree as to exactly what time it is.

There is a list of publically accessible NTP servers at http://www.eecis.udel.edu/~mills/ntp/servers.htm, or see the actual NTP informational homepage at http://www.eecis.udel.edu/~ntp/ for other details.

Red Hat Linux comes with a sample /etc/ntp.conf, but if you just want your machine to synchronize with a public server, I recommend removing that file and starting with a far simpler script. Remove the existing file and create one that looks like the following.

/etc/ntp.conf (complete sample file)
# A very simple client-only ntp configuration.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10 
driftfile /etc/ntp/drift
restrict default ignore
restrict 127.0.0.0 mask 255.0.0.0
authenticate no

Choose your preferred NTP servers. Note that some servers are not available to the public, and some servers are too busy to handle new requests. Please do your homework in choosing appropriate servers that are geographically near you, and which will accept new public connections, and whether you must obtain their permission first.

You should select two or three servers for best results. For each server you find, discover its hostname and its fixed numerical address. Then add lines like the following to the /etc/ntp.conf file you created above.

/etc/ntp.conf (additional lines for each server)
server ntp5.someserver.etc
restrict 123.123.123.123 nomodify  # ntp5.someserver.etc

Recommended Links



Etc

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: February 09, 2020