CentOS / Red Hat Configure an NTP Client And Server

by on March 16, 2009 · 21 comments· LAST UPDATED June 24, 2010

in , ,

How do I configure an NTP (Network Time Protocol) client or server under CentOS / RHEL / Fedora Linux to manage the system clock over a network?

The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. Under CentOS / RHEL you can use NTP or OpenNTPD server software. Both package provides client and server software programs for time synchronization.

Install ntp

The ntp package contains utilities and daemons that will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. The ntp packageincludes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time). Install the ntp package:
# yum install ntp

How do I configure an NTP Client?

Simply open /etc/ntp.conf file, enter:
# vi /etc/ntp.conf
Make sure the following line exists:
server ntp.server.com
Where,

  • ntp.server.com : the hostname or IP address of the site NTP server. If your ntp server located at 192.168.1.5, enter server 192.168.1.5. You can also use public ntp server located at ntp.org.

You can also run ntpd using cron:
# echo '30 * * * * root /usr/sbin/ntpd -q -u ntp:ntp' > /etc/cron.d/ntpd
The above instructs crond to run ntpd and after setting the clock just exit, and the -u option instructs it to run as the ntp user.

Configure an NTP Server

If you have lots of server and desktop system, configure your own NTP server. Your NTP server contacts a central NTP server,provided by your ISP or a public time
server located at ntp.org, to obtain accurate time data. The server then allows other machines on your network to request the time data. Our sample setup:

192.168.1.5            ==> CentOS / Fedora / RHEL NTPD Server.
202.54.1.5              ==> ISP remote NTP server.
192.168.1.0/24        ==> NTP clients including desktop systems.

First, install and enable ntpd on 192.168.1.5:
# yum install ntp
# chkconfig ntpd on

Now open /etc/ntp.conf:
# vi /etc/ntp.conf
Make sure the following line exits:
restrict default ignore
Above will deny all access to any machine, server or client. However, you need to specifically authorized policy settings. Set it as follows:

restrict 202.54.1.5 mask 255.255.255.245 nomodify notrap noquery
server 202.54.1.5

Replace 202.54.1.5 and mask with actual remote ISP or ntp.org NTP server IP. Save and close the file.

Configure NTP clients to access your NTP Server

Now, you need to allow legitimate NTP clients to access the Server. For example, allow 192.168.1.0/24 network to synchronize to this server located at 192.168.1.5. Open /etc/ntp.conf and add policy as follows:

# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Update your firewall settings, open /etc/sysconfig/iptables.
# vi /etc/sysconfig/iptables
Add the following line, before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain:

 -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT

Save and close the file. Finally, start ntpd:
# service ntpd start
# service iptables restart
# netstat -tulpn

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 21 comments… read them below or add one }

1 Tapas Mallick March 18, 2009 at 10:46 am

Nice tutorial. Could you please discuss about secure NTP based on “Key Based” security. Regards, Tapas.

Reply

2 KHIZAR May 27, 2009 at 7:49 am

Good tutorial, but discuss ntp in more detail thank you
regards Khizar Saeed Khan

Reply

3 Eduardo Costa July 23, 2009 at 8:31 pm

Excellent post! This is the smallest tutorial I ever found about NTP… Very easy to follow! Solved a lot of doubts I had about configuring the client… Thanks a lot!

Reply

4 Miguel Verdugo October 29, 2009 at 3:46 pm

Very good tutorial. Thanks.

Reply

5 Mario November 24, 2009 at 12:24 pm

Although you can set the time by running ntp in a cron job, this is seriously not recommended for anything but a simple home setup.

For anything setup for work-related services, rather set the time through the NTP service. This will skew the time in a safer way than making a big time change in case the time has gone completely out since the last cron run.

Reply

6 razor April 13, 2010 at 5:09 pm

Great tutorial.. saved me lots of time. Thanks

Reply

7 rmedster June 30, 2010 at 1:21 pm

How to make ntp-client to send a time-request from a particular interface?

Reply

8 kaliram sahu July 14, 2010 at 12:31 pm

i have faced a error an ntp server configuration. your system is not reach syncronize time. but some time autometic reach server.
how to reach ntp properly,. i am user server ntpd restart , ntpq -indp ,and ntpdate command but not solve my problem.
please solve this problem.

Reply

9 Nir January 7, 2011 at 9:47 pm

Excellent tutorial as always.

thank you.

Reply

10 temuri June 24, 2011 at 1:35 pm

HI I have NTP server, and wants to send data with rs232 to windows 2000 workstation
can someone help me ?

thanks

Reply

11 LCAlvarez June 24, 2011 at 6:09 pm

Excellent, thanks a lot from Panama, PTY 507

Excelente, muchas gracias desde Panamá
LCAlvarez.

Reply

12 Samuel September 12, 2011 at 12:16 pm

Unable to synchronise meinberg NTP time server to clients

Below is the NTP configuration file

# NTP Network Time Protocol
# **** ATTENTION ****: *You have to restart the NTP service when you change this file to activate the changes*
# PLEASE CHECK THIS FILE CAREFULLY AND MODIFY IT IF REQUIRED
# Configuration File created by Windows Binary Distribution Installer Rev.: 1.26 mbg
# please check http://www.ntp.org for additional documentation and background information
# Use drift file
#driftfile “C:\Program Files\NTP\etc\ntp.drift”
#multicastclient
#broadcastdelay 0.008

# your local system clock, should be used as a backup
# (this is only useful if you need to distribute time no matter how good or bad it is)
server 127.127.1.1
# but it operates at a high stratum level to let the clients know and force them to
# use any other timesource they may have.
fudge 127.127.1.1 stratum 12

#driftfile /etc/ntp.drift
driftfile “C:\Program Files\NTP\etc\ntp.drift”
multicastclient
broadcastdelay 0.008

broadcastclient yes

# Use a NTP server from the ntp pool project (see http://www.pool.ntp.org)

server ntp.a-lab.fi iburst

# allow localhost
restrict 127.0.0.1

# Please note that you need at least four different servers to be at least protected against

server 192.168.3.189 iburst
#accept packets from
restrict 192.168.3.100 mask 255.255.255.0 nomodify notrap
restrict 192.168.3.101 mask 255.255.255.0 nomodify notrap

# one falseticker. If you only rely on internet time, it is highly recommended to add
# additional servers here.
# The ‘iburst’ keyword speeds up initial synchronization, please check the documentation for more details!
server 0.fi.pool.ntp.org minipoll 10 iburst
server 1.fi.pool.ntp.org minpoll 10 iburst
#server 2.fi.pool.ntp.org iburst
#server 1.se.pool.ntp.org iburst
#server 0.de.pool.ntp.org iburst

# End of generated ntp.conf — Please edit this to suite your needs

###########################################################
#Section insert by NTP Time Server Monitor 30.8.2011

enable stats
statsdir “C:\Program Files\NTP\etc\”
statistics loopstats
###########################################################

And also the NTP status is shown below

State Remote Refid Stratum Type When Poll Reach Delay Offset Jitter
LOCAL(1) LOCL 12 Local clock 51 64 003 0.000 0.000 0.001
* 212.213.168.140 130.149.17.8 2 Unicast server 50 64 003 16.149 4.178 0.482
192.168.3.189 INIT 16 Unicast server 1023d 64 000 0.000 0.000 0.000
+ 87.108.20.69 192.36.143.150 2 Unicast server 96 1024 001 6.086 -5.366 0.115

Kindly make the neccessary corrections for

Reply

13 Graham Lerant September 28, 2011 at 1:10 pm

Very nice walkthrough.
Especially the IPtables section.
It’s usually easy to configure the server – quite another thing to achieve connectivity!
thanks!

Reply

14 Jason June 27, 2012 at 7:14 pm

Is it possible to allow multiple IP ranges in the IPtables? I tried multiple lines, but it had an error saying that is not allowed.

Reply

15 Andre July 2, 2012 at 6:13 pm

I have been looking on the net everywhere for a decent tutorial for setting up NTP to no avail.
I have a RHEL 6 host install. I created 2 RHEL 6 VMs with IP 192.168.1.10 & .11
I have been trying to get the .11 client to use the .10 as its NTP server. I have tried following dozens of instructions, but have always gotten ” no server suitable for syncronization found.
Leaving the default data in each ntp.conf file…i have tried following several different instructions that basically have been saying the same thing as above…but still cant connect.
The machines can ping each other yet cannot connect for NTP. I have added the port 123 udp in the firewall to allow that to be open.

Can anyone provide assistance to anything that I may be ommiting. Can I try deleting/commenting all the default content and just insert statements suggested?

Thanks

Reply

16 Chandan October 12, 2012 at 10:07 pm

You are just amazing. You got every answer to our daily sysadmin work items. Thanks for all your posts.

Reply

17 Nikila March 21, 2013 at 9:07 am

hi,
I wanted to know how could I configure an NTP client using IPv6 address?
Currently my ntp version is
ntpd – NTP daemon program – Ver. 4.2.4p4

Reply

18 Jim April 17, 2013 at 6:53 am

One more question – you descibe how to configure an ntp client really well. But on a Linux system, how do you tell it to actually use ntp for its clock. Merely having the client running doesnt mean the system will use it.

Reply

19 Robert May 8, 2013 at 1:31 pm

L.s,

Good tutorial but how to test if ntp is working correctly?
yuo can test with:
ntpstat
ntpq -pn
ntpq -p

Also it is not clear in wich order the access rules must be placed.

Reply

20 Dinesh February 18, 2014 at 7:24 am

Please mentoined below step for standalone server.

If the server you are setting up do not have internet connection, you can synchronize it with the local time of the server itself. Just comment the server part, and change it to 127.127.1.0. The sratum level is for determining what level this time server is set up for. Stratum 0 usually refers to real clock, for example atomic (cesium, rubidium) clocks or GPS clocks or other radio clocks. Stratum 1 is the machine connected to stratum 0 devices.

#server mst.sirim.my prefer
#server my.pool.ntp.org
server 127.127.1.0
fudge 127.127.1.0 stratum 10

Reply

21 flyerfan October 6, 2014 at 5:01 pm

Any help on using a GPS connection from the serial input tty0?

tks

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: