The Network Time Protocol (NTP) is a protocol used to help synchronize your Linux system's clock with an accurate time source. There are that allow the general public to synchronize with them. They are divided into two types:
Stratum 1: NTP sites using an atomic clock for timing. NIST for example
Stratum 2: NTP sites with slightly less accurate time sources. ISPs for example.
After that higher statum numbers represent less reliable (usually internal) NTP server.
It is good practice to have at least one server on your network be the local time server for all your other devices. This makes the correlation of system events on different systems much easier. It also reduces Internet bandwidth usage due to NTP traffic and reduces the need to manage firewall rules for each NTP client on your network. Sometimes, not all your servers will have Internet access; in such cases you'll need a central server that all can access. It is also necessary for maintining timing for internal Netowrk OS’es like NDS and Active Directory.
NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn't a high port (above 1023), but 123 also. You'll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.
Most RedHat and Fedora Linux software products are available in the RPM format. Downloading and installing RPMs isn't hard. When searching for the file, remember that the NTP RPM's filename usually starts with the word ntp followed by a version number as in ntp-4.1.2-5.i386.rpm.
All the Fedora/RedHat NTP daemons write temporary files to the /etc/ntp directory and messages to /var/log/messages.
/etc/ntp.conf file is the main configuration file for Linux NTP in which you place the IP addresses of the stratum 1 and stratum 2 servers you want to use.
A sample configuration file:
Specify the source servers you're interested in:
server otherntp.server.org # A stratum 1 server at server.org
server ntp.research.gov # A stratum 2 server at research.gov
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery
255.255.255.255 statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.
If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, define the networks from which this server will accept NTP synchronization requests with a modified restrict statement with the noquery replaced with a notrust keyword. This allows the network to query your NTP server, but it won't be trusted to be a source of NTP synchronization data.
restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
Make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords:
Save the file and restart NTP for these settings to take effect. You can now configure other Linux hosts on your network to synchronize with this new master NTP server in a similar fashion.
You have to restart the NTP process every time you make a change to the configuration file for the changes to take effect on the running process.
To get NTP configured to start at boot, use the line:
chkconfig ntpd on
To start, stop and restart NTP after booting, follow these examples:
service ntpd start
service ntpd stop
service ntpd restart
Verifying NTP is Running
To test whether the NTP process is running use the command
to verify UDP port 123 is open.
If the time on the local server is very different from that of its primary time server (date command), the NTP daemon will eventually terminate itself leaving an error message in the /var/log/messages file.
Run the ntpdate -u command to force your server to become instantly synchronized with its NTP servers before starting the NTP daemon for the first time. T
ntpdate command doesn't run continuously in the background, you will still have to run the ntpd daemon to get continuous NTP updates.
Determining NTP Synchronization
Use the ntpq –p command to see the servers with which you are synchronized. It provided you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.
A telltale sign that you haven't got proper synchronization is when all the remote servers have jitters of 4000 with delay and reach values of 0.
This could be caused by the following:
Older versions of the NTP package that don't work correctly if you use the DNS name for the NTP servers. In these cases you will want to use the actual IP addresses instead.
A firewall blocking access to your Stratum 1 and 2 NTP servers. This could be located on one of the networks between the NTP server and its time source, or firewall software such as iptables could be running on the server itself.
The notrust nomodify notrap keywords are present in the restrict statement for the NTP client. In some versions of the Fedora Core 2's implementation of NTP, clients will not be able to synchronize with a Fedora Core 2 time server unless the notrust nomodify notrap keywords are removed from the NTP client's restrict statement.