How do I configure an NTP (Network Time Protocol) client or server under CentOS / RHEL / Fedora Linux to manage the system clock over a network?
The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. Under CentOS / RHEL you can use NTP or OpenNTPD server software. Both package provides client and server software programs for time synchronization.
Install ntp
The ntp package contains utilities and daemons that will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. The ntp packageincludes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package:
# yum install ntp
How do I configure an NTP Client?
Simply open /etc/ntp.conf file, enter:
# vi /etc/ntp.conf
Make sure the following line exists:
server ntp.server.com
Where,
- ntp.server.com : the hostname or IP address of the site NTP server. If your ntp server located at 192.168.1.5, enter server 192.168.1.5. You can also use public ntp server located at ntp.org.
You can also run ntpd using cron:
# echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd
The above instructs crond to run ntpd and after setting the clock just exit, and the -u option instructs it to run as the ntp user.
Configure an NTP Server
If you have lots of server and desktop system, configure your own NTP server. Your NTP server contacts a central NTP server,provided by your ISP or a public time
server located at ntp.org, to obtain accurate time data. The server then allows other machines on your network to request the time data. Our sample setup:
192.168.1.5 ==> CentOS / Fedora / RHEL NTPD Server. 202.54.1.5 ==> ISP remote NTP server. 192.168.1.0/24 ==> NTP clients including desktop systems.
First, install and enable ntpd on 192.168.1.5:
# yum install ntp
# chkconfig ntpd on
Now open /etc/ntp.conf:
# vi /etc/ntp.conf
Make sure the following line exits:
restrict default ignore
Above will deny all access to any machine, server or client. However, you need to specifically authorized policy settings. Set it as follows:
restrict 202.54.1.5 mask 255.255.255.245 nomodify notrap noquery server 202.54.1.5
Replace 202.54.1.5 and mask with actual remote ISP or ntp.org NTP server IP. Save and close the file.
Configure NTP clients to access your NTP Server
Now, you need to allow legitimate NTP clients to access the Server. For example, allow 192.168.1.0/24 network to synchronize to this server located at 192.168.1.5. Open /etc/ntp.conf and add policy as follows:
# Hosts on local network are less restricted. restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
Update your firewall settings, open /etc/sysconfig/iptables.
# vi /etc/sysconfig/iptables
Add the following line, before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain:
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
Save and close the file. Finally, start ntpd:
# service ntpd start
# service iptables restart
# netstat -tulpn
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 12 comments… read them below or add one }
Nice tutorial. Could you please discuss about secure NTP based on “Key Based” security. Regards, Tapas.
Good tutorial, but discuss ntp in more detail thank you
regards Khizar Saeed Khan
Excellent post! This is the smallest tutorial I ever found about NTP… Very easy to follow! Solved a lot of doubts I had about configuring the client… Thanks a lot!
Very good tutorial. Thanks.
Although you can set the time by running ntp in a cron job, this is seriously not recommended for anything but a simple home setup.
For anything setup for work-related services, rather set the time through the NTP service. This will skew the time in a safer way than making a big time change in case the time has gone completely out since the last cron run.
Great tutorial.. saved me lots of time. Thanks
How to make ntp-client to send a time-request from a particular interface?
i have faced a error an ntp server configuration. your system is not reach syncronize time. but some time autometic reach server.
how to reach ntp properly,. i am user server ntpd restart , ntpq -indp ,and ntpdate command but not solve my problem.
please solve this problem.
Excellent tutorial as always.
thank you.
HI I have NTP server, and wants to send data with rs232 to windows 2000 workstation
can someone help me ?
thanks
Excellent, thanks a lot from Panama, PTY 507
Excelente, muchas gracias desde Panamá
LCAlvarez.
Very nice walkthrough.
Especially the IPtables section.
It’s usually easy to configure the server – quite another thing to achieve connectivity!
thanks!