- http://www.thegeekstuff.com/2014/06/linux-ntp-server-client
- https://www.server-world.info/en/note?os=CentOS_6&p=ntp
- https://www.server-world.info/en/note?os=CentOS_6&p=ntp&f=2
Install NTP Server
[root@apaternina ~]# yum -y install ntp
Setup values in ntp.conf
[root@apaternina ~]# vi /etc/ntp.conf
Add or modify the following lines:
# allow access by other clients
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# give access to specific hosts (in this network)
restrict 192.168.56.0 mask 255.255.255.0 nomodify notrap
# use the local clock as a backup
server 127.127.1.0
fudge 127.127.1.0 stratum 5
# specify the drift file and log file location.
driftfile /var/lib/ntp/drift
logfile /var/log/ntp.log
This is what those parameters mean:
- noquery: prevents dumping status data from ntpd.
- notrap: prevents control message trap service.
- nomodify: prevents all ntpq queries that attempts to modify the server.
- nopeer: prevents all packets that attempts to establish a peer association.
- Kod: – Kiss-o-death packet is to be sent to reduce unwanted queries
Then start the NTP daemon program:
service ntpd start
Setup autostart:
[root@apaternina ~]# chkconfig ntpd on
Allow 123 DUP port in iptables
[root@apaternina ~]# iptables -I INPUT 5 -p udp -m state --state NEW -m udp --dport 123 -j ACCEPT
[root@apaternina ~]# service iptables save
To use multiple NTP servers (in case one of them fails) do the following:
[root@apaternina ~]# vi /etc/ntp.conf
Add/modify the following lines:
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server 192.168.56.100 prefer
Then start the NTP daemon program:
service ntpd start
Setup autostart:
[root@apaternina ~]# chkconfig ntpd on
if you want to poll the NTP server directly (the NTP daemon must be stopped -> service ntpd stop or use ntpdate -u 192.168.56.100)
[root@apaternina ~]# ntpdate 192.168.56.100
7 Apr 12:09:50 ntpdate[3716]: adjust time server 192.168.56.100 offset -0.007696 sec
to sync time with a NTP server:
sudo ntpdate -u time.apple.com
or with a custom NTP server:
sudo ntpdate -u 192.168.56.100
to check the status of NTP do this:
[root@apaternina ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
server1.laplata .INIT. 16 u - 64 0 0.000 0.000 0.000
200-89-75-197-L .INIT. 16 u - 64 0 0.000 0.000 0.000
ntp3.0x00.lv .INIT. 16 u - 64 0 0.000 0.000 0.000
aquila.init7.ne .INIT. 16 u - 64 0 0.000 0.000 0.000
192.168.56.100 LOCAL(0) 6 u 14 64 1 1.370 1326.19 0.000
to get the current status of NTP
[root@apaternina ~]# ntpdc -c sysinfo
system peer: LOCAL(0)
system peer mode: client
leap indicator: 00
stratum: 6
precision: -22
root distance: 0.00000 s
root dispersion: 0.07420 s
reference ID: [127.127.1.0]
reference time: dc92464f.3ee29679 Fri, Apr 7 2017 12:09:35.245
system flags: auth monitor ntp kernel stats
jitter: 0.000000 s
stability: 0.000 ppm
broadcastdelay: 0.000000 s
authdelay: 0.000000 s
Very good & useful info