CentOS / Redhat Linux: Install OpenNTPD To Synchronize The Local Clock

OpenNTPD is a Unix system daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. How do I install OpenNTPD under CentOS / RHEL / Fedora Linux instead of default NTPD client / server supplied by Linux operating system?

OpenNTPD offers simplicity and security over traditional NTPD that comes with CentOS/RHEL/Fedora Linux. The software provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock. OpenNTPD is a part of OpenBSD project. In this tutorial, you will learn how to install OpenNTPD on a CentOS/RHEL/Fedora Linux.
OpenNTPD on CentOS/RHEL 7 with systemd

OpenNTPD on CentOS/RHEL 7 with systemd

ADVERTISEMENTS

Compile and Install OpenNTPD

Download portable OpenNTPD version by visiting this page, enter:
# cd /tmp
# wget http://ftp3.usa.openbsd.org/pub/OpenBSD/OpenNTPD/openntpd-6.0p1.tar.gz

Untar tar ball:
# tar -zxvf openntpd-6.0p1.tar.gz
# cd openntpd-6.0p1

You must have GNU compiler installed on your CentOS/RHEL 7 box. See how to install compilers on CentOS/RHEL 7 to compile OpenNTPD. To compile OpenNTPD with default options, enter:
# ./configure
# make
# make install

Sample outputs:

Making install in include
make[1]: Entering directory `/tmp/openntpd-6.0p1/include'
make[2]: Entering directory `/tmp/openntpd-6.0p1/include'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
....
..
...
make[2]: Entering directory `/tmp/openntpd-6.0p1/src'
 /usr/bin/mkdir -p '/usr/local/sbin'
  /bin/sh ../libtool   --mode=install /usr/bin/install -c ntpd '/usr/local/sbin'
libtool: install: /usr/bin/install -c ntpd /usr/local/sbin/ntpd
make  install-exec-hook
make[3]: Entering directory `/tmp/openntpd-6.0p1/src'
 
 WARNING: the privilege separation path is specified as /var/empty, 
          but this directory contains files!
 
 Please ensure that /var/empty is empty. If you installed a previous 
 OpenNTPD version and created a user with a home directory at /var/empty/ntpd, 
 please adjust that user to use /var/empty instead and delete /var/empty/ntpd.
 
make[3]: Leaving directory `/tmp/openntpd-6.0p1/src'
 /usr/bin/mkdir -p '/usr/local/share/man/man5'
 /usr/bin/install -c -m 644 ntpd.conf.5 '/usr/local/share/man/man5'
 /usr/bin/mkdir -p '/usr/local/share/man/man8'
 /usr/bin/install -c -m 644 ntpctl.8 ntpd.8 '/usr/local/share/man/man8'
make[2]: Leaving directory `/tmp/openntpd-6.0p1/src'
make[1]: Leaving directory `/tmp/openntpd-6.0p1/src'
make[1]: Entering directory `/tmp/openntpd-6.0p1'
make[2]: Entering directory `/tmp/openntpd-6.0p1'
make  install-exec-hook
make[3]: Entering directory `/tmp/openntpd-6.0p1'
 
 /usr/local/etc/ntpd.conf already exists, install will not overwrite
make[3]: Leaving directory `/tmp/openntpd-6.0p1'
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/openntpd-6.0p1'
make[1]: Leaving directory `/tmp/openntpd-6.0p1'

Configure OpenNTPD

Type the following commands to create _ntp user and group to run OpenNTPD in its own jail:
# groupadd _ntp
# useradd -g _ntp -s /sbin/nologin -d /var/empty/openntpd -c 'OpenNTP daemon' _ntp
# mkdir -p /var/empty/openntpd
# chown 0 /var/empty/openntpd
# chgrp 0 /var/empty/openntpd
# chmod 0755 /var/empty/openntpd

Install systemd based startup script

Edit /usr/lib/systemd/system/openntpd.service :
# vi /usr/lib/systemd/system/openntpd.service
Add the following lines

[Unit]
Description=OpenNTP Daemon
After=network.target
Conflicts=systemd-timesyncd.service

[Service]
Type=forking
ExecStart=/usr/local/sbin/ntpd -s

[Install]
WantedBy=multi-user.target

Save and close the file.

ntpd.conf configuration

Edit /usr/local/etc/ntpd.conf, enter:
# vi /usr/local/etc/ntpd.conf
Make sur it listen on localhost and main server IP:

listen on 127.0.0.1
listen on 10.210.206.58
listen on ::1

Sync to a single server called ntp.example.com or ntp.isp.example.com:

server ntp.isp.example.com
 
# Or Use a random selection of 8 public stratum 2 servers
servers pool.ntp.org

Close and save the file.

Start OpenNTPD

Type the following command:
$ sudo systemctl start openntpd.service
To stop openntpd, enter:
$ sudo systemctl stop openntpd.service
To restart openntpd, enter:
$ sudo systemctl restart openntpd.service

Verify OpenNTPD Is Working Or Not

Type the following command:
$ sudo systemctl status openntpd.service
Sample outputs:

? openntpd.service - OpenNTP Daemon
   Loaded: loaded (/usr/lib/systemd/system/openntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2016-11-22 10:20:08 UTC; 3s ago
  Process: 15508 ExecStart=/usr/local/sbin/ntpd -s (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/openntpd.service
           ??15509 ntpd: ntp engine
           ??15510 ntpd: dns engine
           ??15511 /usr/local/sbin/ntpd -s

Nov 22 10:20:07 cenots-db systemd[1]: Starting OpenNTP Daemon...
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on 127.0.0.1
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on 10.210.206.58
Nov 22 10:20:07 cenots-db ntpd[15509]: listening on ::1
Nov 22 10:20:07 cenots-db ntpd[15509]: ntp engine ready
Nov 22 10:20:08 cenots-db systemd[1]: Started OpenNTP Daemon.

Make sure it starts on reboot:
$ sudo systemctl enable openntpd
Type the following command to verify OpenNTPD (ntpd) running:
$ netstat -tulpn
$ netstat -tulpn | grep :123

OR
$ sudo ss -ltun
Sample outputs:

udp        0      0 10.210.206.58:123               0.0.0.0:*                               31182/ntpd          
udp        0      0 127.0.0.1:123               0.0.0.0:*                               31182/ntpd  

Is NTP synchronized?

Type the following command:
$ timedatectl status
Sample outputs:

      Local time: Tue 2016-11-22 10:25:46 UTC
  Universal time: Tue 2016-11-22 10:25:46 UTC
        RTC time: n/a
       Time zone: UTC (UTC, +0000)
     NTP enabled: n/a
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a

See Also:

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
3 comments… add one
  • sandeep May 13, 2013 @ 13:03

    Hi,

    I followed all your steps on ubuntu but i could not get ntpd up after bootup. also the /etc/init.d/functions file is missing in ubuntu. Also
    # tail -f /var/log/messages

    is not printing anything for me even if i run it manually from command line.
    same for
    # netstat -tulpn | grep :123
    command.

    Please help me.

  • Spork Schivago Jun 15, 2017 @ 2:57

    I believe that the openntpd.service file should be installed in some place like:
    /etc/systemd/system/
    rather than:
    /usr/lib/systemd/system/

    The doc says:
    Table 9.2, Systemd Unit Files Locations lists three main directories where unit files are stored on the system, the /etc/systemd/system/ directory is reserved for unit files created or customized by the system administrator.

    /usr/lib/systemd/system/ is for systemd unit files distributed with installed RPM packages.

    Also, if someone has an OpenSSH server installed, they’re going to run into issues by using /var/empty as the privilege separation chroot path. A better choice is to use something like /var/run/openntpd.

    I accomplished this with the following configure options:
    ./configure --prefix=/opt --sysconfdir=/etc/ntp --with-privsep-path=/var/run/openntpd

    This configured openntpd so that it installed everything into the /opt directory, except for the config file, which it installed in the /etc/ntp directory, and it used the /var/run/openntpd directory as a privileged separation chroot path.

    Also, I just wanted to point out, you can just list the local loopback device’s IP addresses in the config file. You don’t need to listen on your public IP addresses if you don’t want to. openntpd will still synchronize just fine. This is what my /etc/ntp/ntpd.conf file looks like:

    # $OpenBSD: ntpd.conf,v 1.14 2015/07/15 20:28:37 ajacoutot Exp $
    #
    # See ntpd.conf(5) and /etc/examples/ntpd.conf
    
    servers pool.ntp.org
    sensor *
    constraints from "https://www.google.com"
    
    listen on 127.0.0.1
    listen on ::1
    

    I just thought I’d share. Thanks for the tutorial. I couldn’t quite remember some of the steps to install and I really appreciate you taking the time to write this webpage for everyone to share.

    • Spork Schivago Jun 15, 2017 @ 19:05

      I typed that late at night last night. There’s a typo in it. The configure command should actually look more like this:

      ./configure --prefix=/opt --sysconfdir=/etc/ntp --with-privsep-path=/var/run/openntpd

      The /etc/systemd/system/openntpd.service file would then look like this:

          [Unit]
          Description=OpenNTP Daemon
          After=network.target
          Conflicts=systemd-timesyncd.service
          
          [Service]
          Type=forking
          ExecStart=/opt/openntpd/sbin/ntpd -s
          
          [Install]
          WantedBy=multi-user.target
      

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.