|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
|
|
NOTE: for RHEL7 see Configuring Time Services in RHEL 7 and
NTP is built on the UDP protocol rather than TCP. UDP raises different issues with firewalls compared with TCP. Most of the time server firewalls should allow NTP to work without special configuration. NTP daemon has its own capabilities to restrict access so duplication is harmful.
Notes:
- Trobleshooting issues are discussed at Troubleshooting NTP on Red Hat Linux
- Red Hat documentation can be found at chapter 29 of Red Hat Deployment Guide
- 29. Date and Time Configuration
- 29.1. Time and Date Properties
- 29.2. Network Time Protocol (NTP) Properties
- 29.3. Time Zone Configuration
In RHEL 5 ntpd behavior is controlled by the file /etc/ntp/ntpservers but it looks like it is not changed during the installation. You need to change it manually or via GUI.
If you did not put your ntp servers during the installation you can change /etc/ntp/ntpservers manually by adding the lines to the end. For example
server ntp1.your-company.com restrict ntp1.your-company.com mask 255.255.255.255 nomodify notrap noquery server ntp2.your-company.com restrict ntp2.your-company.com mask 255.255.255.255 nomodify notrap noquery
To ensure that NTP server start up automatically on reboot, you need enble it via the chkconfig command as follows:
chkconfig ntpd on chkconfig --list | grep ntpd ntpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
To start the server you can use service command
service ntpd start
To see that your NTP server is listening on UDP port 123, use the following command:
netstat -tuna
Typically NTP is configured during installation.
Note:There is an additional problem that can be experienced with HP servers that have ILO 3. ILO 3 allows server clocks be synchronized via NTP too, but few people put those setting and local clock can be significantly off. On reboot if local clock is mentioned in /etc/ntp.conf clocks NTP daemon use then as initial setup. And if the value is set to local clock discrepancy can't be remedies by NTP daemon and it quits. One solution is to remove local clock as a time source from /etc/ntp.conf.
To check if ntpd is running correctly you can use the command ntpq -p
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
ntp1.your-company.com 10.9.1.1 3 u 59 64 1 23.555 -5.558 0.001
ntp1.your-company.com 10.9.1.2 3 u 58 64 1 0.455 -1.511 0.001
To set the date to value of NTP server you can use
ntpdate ntp1.your-company.com
See also Troubleshooting NTP on Red Hat Linux
|
|
Switchboard | ||||
| Latest | |||||
| Past week | |||||
| Past month | |||||
 |
 |
 |
Below is an example iptables rule that allows NTP traffic from ANY source. This is just an example and should be checked against your security policy.
iptables -I INPUT -p udp --dport 123 -j ACCEPTNow that we have our firewall rules in place to allow NTP synchronization, let's get the service installed and started.Most modern Linux/UNIX distributions come with NTP already installed. For Red Hat based distros you can install the NTP package with yum:
... ... ....
Now we have to restrict the access these time servers will have on our system. In the example below we are telling NTP that these servers are not allowed to modify run-time configuration or query our system. The specified mask below is limiting the access to a single IP, or single host subnet.
restrict 0.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noqueryrestrict wwv.nist.gov mask 255.255.255.255 nomodify notrap noqueryNow since we are setting up a server to "serve" time to other clients we have to tell it from which networks to allow NTP requests. We use the same basic restrict statement as above, but this time you will notice the noquery option is removed allowing said network to query this server. The following example allows everyone within the 10.0.0.0/24 network to query the server.restrict 10.0.0.0 mask 255.255.255.0 nomodify notrapAs with most services localhost gets full access. For this we use the same restrict statement but with no options.restrict 127.0.0.1That's it, we have now configured our NTP server to pull time synchronization from stratum 1 servers, and accept time synchronization requests from computers on our network. Now we have to start the service and make sure the service starts at boot. Before we go crazy let's make sure everything is working as expected and also run an initial update.First, let's run an initial update.
ntpq -p 0.us.pool.ntp.orgExpected output:remote refid st t when poll reach delay offset jitter ============================================================================== *0.us.pool.ntp.org 128.32.206.55 3 u 15 64 377 0.870 -0.164 0.170The important thing to note in the above output is delay, offset and jitter should all be NONE ZERO numbers and the jitter should be under 100. You can run the initial synchronization multiple times if you wish.Now that we have done our initial sync and check completed, let's start the service.
Start the service:
/etc/init.d/ntpd startWhen the service is started you should see something similar to this in your logs: (/var/log/messages)Mar 31 13:07:04 bighat ntpdate[18253]: step time server 66.191.139.149 offset 0.000574 secMake sure the service starts at boot:chkconfig ntpd on
|
|
|
September 6, 2008 | Andy Cottrell
The best way to make sure servers have the correct time set on their system clock, is to use NTP to synchronize the clock to an external time source. I always use pool.ntp.org as the external source, as this represents a pool of servers who are willing to provide the service. All sorts of things can go wrong if you do not keep clocks set accurately - especially security stuff where ticket and certificate validity periods get checked automatically. I set this up on my CentOS box as follows (as root).To check the client was installed:
yum list ntp
It was:ntp.i386 4.2.2p1-8.el5.centos.1 installed
If it had not been, I would have used:yum install ntp
To get the client started on system start:chkconfig ntpd on
To force a sync of the clock to NTP now:ntpdate pool.ntp.org
To start the service as if the system had been powered on:/etc/init.d/ntpd start
|
|
|
Consumer hardware is notoriously bad at keeping accurate time. NTP is a service that can query other computers over the network and synchronize your computer's clock to their time. It's very complex to configure, since the network itself isn't instantaneous, and two or more computers will usually disagree as to exactly what time it is.
There is a list of publically accessible NTP servers at http://www.eecis.udel.edu/~mills/ntp/servers.htm, or see the actual NTP informational homepage at http://www.eecis.udel.edu/~ntp/ for other details.
Red Hat Linux comes with a sample
/etc/ntp.conf, but if you just want your machine to synchronize with a public server, I recommend removing that file and starting with a far simpler script. Remove the existing file and create one that looks like the following.
/etc/ntp.conf (complete sample file) Choose your preferred NTP servers. Note that some servers are not available to the public, and some servers are too busy to handle new requests. Please do your homework in choosing appropriate servers that are geographically near you, and which will accept new public connections, and whether you must obtain their permission first.
You should select two or three servers for best results. For each server you find, discover its hostname and its fixed numerical address. Then add lines like the following to the
/etc/ntp.conffile you created above.
/etc/ntp.conf (additional lines for each server)
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: February 09, 2020
