The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123 as its transport layer. It is designed particularly to resist the effects of variable latency (Jitter).
Using NTP is a great way to keep your system clock set correctly. It works by contacting a number of servers around the world, asking them for the time and then calculating what the correct local time is from their responses.
Install NTP server in Debian
#apt-get install ntp ntpdate ntp-server
This will install all the required packages for NTP
Configuring NTP Server
By Default main configuration file located at /etc/ntp.conf
Default configuration file looks like below
#/etc/ntp.conf, configuration for ntpd
driftfile /var/lib/ntp/ntp.drift
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to more than 300 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
# *** Please consider joining the pool! ***
# *** ***
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
# By default, exchange time with everybody, but don't allow configuration.
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access,
# but only if cryptographically authenticated
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet,
# de-comment the next lines. Please do this only if you trust everybody
# on the network!
#disable auth
#broadcastclient
Example Configuration
You need to add a number of servers to the server list. The Debian default is pool.ntp.org which works but isn't always amazingly accurate because it makes no attempt to use time servers near you. If you want more accuracy use the time servers either on your continent (for instance europe.pool.ntp.org) or your country (for instance uk.pool.ntp.org) one of your local country servers.The optimal number of servers to listen to is three but two will also give a good accuracy. If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.
I am using the following two servers for my configuration
server ntp0.pipex.net
server ntp1.pipex.net
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery
The mask 255.255.255.255 statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.
If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you'll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server. The syntax is:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.
We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords
restrict 127.0.0.1
Save the file and exit
Now you need to run the ntpdate command against your server
#ntpdate ntp0.pipex.net
restart NTP for these settings to take effect using the following command
#/etc/init.d/ntp restart
You can now configure other Linux hosts on your network to synchronize with this new master NTP server in a similar fashion.
Determining If NTP Is Synchronized Properly
Use the ntpq command to see the servers with which you are synchronized. It provided you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.
#ntpq -p
Output looks like below
A star by any one of the names means that the system clock is synchronising with the NTP clock. If you don't have a star (as in the example above) it means that the clocks are unreachable, already synchronized to this server or has an outrageous synchronization distance. Try running ntpdate (you will need to stop the ntp server) with your first ntp server as an argument. This will set your system clock fairly accuratly and mean that the server will be able to choose a clock to synchronize with.
Firewall Configuration for NTP
NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn't a high port (above 1023), but 123 also. You'll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.
NTP Client Configuration
If you want to configure ntp client you need to install the following packages
#apt-get install ntp ntp-simple ntpdate
Configuring NTP client
You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address
Server configuration settings
server 192.168.1.1
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict default notrust nomodify nopeer
Localhost configuration
restrict 192.168.1.1
In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.
We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords
restrict 127.0.0.1
Now you need to save and exit the file
run ntpdate command against your server
ntpdate 192.168.1.1
Restart ntp service using the following command
/etc/init.d/ntp restart
If you use the date command to change time, it is worth setting also the hardware clock to the correct time. Otherwise, the time is wrong after the next reboot, since the hardware clock keeps the time when power is turned off. When the clock in the operating system shows the correct time, set the hardware clock like this
#hwclock --systohc
se the ntpq command to see the servers with which you are synchronized
#ntpq
#ntpdc -p
When are you plan to upgrade article?
ntp-simple ntpdate is no longer in debian lenny
sorry, both are available
How to open firewall with iptables on debian 4…
apt-cache search ntp-server
and output empty
where package ntp-server….?
do i am scan all cd…?
i was scan 9 cd debian etch on my system….n i have 21 cd…
help me….
i want make ntp server on my network…
pc server(debian)—–pc router(debian—–pc client(windows)…
i want make ntp server lokal..just lokal n my pc server not connect internet
Currently setting up a stratum 1 server – what is the typical setup for the ntp.conf file. For instance, I understand I need to include
server 127.127.20.0 minpoll 4 maxpoll 4
to read my gps receiver and set the polling parameters. But, is the gps receiver the only device the stratum 1 server gets its time from, or should other stratum 1 servers be listed as peers to help further refine and improve my stratum 1’s time?
Any input would be appreciated thank you!
What can I do, to get ntpdate running well on a virtual server?
Great thanks for your article. It’s really usefull.
Hello,
I am a newbie on linux. I am trying to fix this for 4 days but still unable to sync with the Internet time server.
I am trying to do synchronize to the internet time server using my internal server (running on redhat) but it does not work at all.
After configuring the ntp.conf, i stop the ntpd and start again and still did not work. i able to update the Internet time server using ntpdate commad.
Please comment on my configuration and show me show direction. 🙁
[root@app3 ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
LOCAL(0) .LOCL. 10 l 8 64 1 0.000 0.000 0.001
[root@app3 ~]# /etc/init.d/ntpd stop
Shutting down ntpd: [ OK ]
Configuration file:
Running on:
[root@app3 /]# /bin/bash –version
GNU bash, version 3.2.25(1)-release (i686-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
I am able to update using ntpdate:
[root@app3 /]# ntpdate sg.pool.ntp.org
1 Apr 16:42:22 ntpdate[4812]: adjust time server 202.150.213.154 offset 0.036360 sec
Configuration file on /etc/ntp.conf
restrict default ignore
restrict 127.0.0.1
#allow synchronization sources from the internet servers
restrict server 3.sg.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict server 0.asia.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict server 2.asia.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
#allow our internal server to synch to this server
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap noquery notrust
server 127.127.1.0 #local system clock
fudge 127.127.1.0 stratum 10
driftfile /etc/ntp/drift
logfile /var/log/ntp.log
Peter,
add following lice to your ntp.conf to point ntpd to server you choose:
server sg.pool.ntp.org
JS
The package ntp-server no longer exists. What is the current server package? This is in order to run an NTP server in my LAN.
@slempase @Nabster the package ntp-server is no longer needed, ntp is now both client and server. While you’re installing, get also ntp-doc:
This package contains HTML documentation for the ntp packages (ntp,
ntpdate). Since there are no substantive man pages for ntp’s
programs and configuration files, this package is desirable for any
setup beyond the simple default configuration.
I have setup local ntp server 4.2.8p8 on 192.168.48.128 and has mentioned NTP server IP address in /etc/ntp.conf file of NTP client which is running on 192.168.48.130
Restarted the service on ntp server and ntp client as well and shooted sudo ntpdate 192.168.48.128 from ntp client but output says it no server suitable for synchronization.
I have allowed ufw 123/udp on both ntp client and server as well.
Please help stucked for last 5 days :(((((