Network Time Protocol (NTP) Server and Clients Setup in Ubuntu

Sponsored Link
The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP port 123 as its transport layer. It is designed particularly to resist the effects of variable latency (Jitter).


Using NTP is a great way to keep your system clock set correctly. It works by contacting a number of servers around the world, asking them for the time and then calculating what the correct local time is from their responses.

If you have install ntpdate package before you need to uninstall using the following command

sudo aptitude remove ntpdate

Install NTP server in Ubuntu

sudo aptitude install ntp

This will install all the required packages for NTP.

Configure NTP Server

The configuration file for ntpd is located at /etc/ntp.conf. The default Ubuntu file probably requires some modification for optimal performance.You need to edit the /etc/ntp.conf file using the following command

sudo nano /etc/ntp.conf

do the following changes shown in this example

Example Configuration

You need to add a number of servers to the server list. The Debian default is pool.ntp.org which works but isn’t always amazingly accurate because it makes no attempt to use time servers near you. If you want more accuracy use the time servers either on your continent (for instance europe.pool.ntp.org) or your country (for instance uk.pool.ntp.org) one of your local country servers.The optimal number of servers to listen to is three but two will also give a good accuracy. If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.

I am using the following two servers for my configuration

server ntp0.pipex.net
server ntp1.pipex.net

Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery

The mask 255.255.255.255 statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.

If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you’ll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server. The syntax is:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.

We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords

restrict 127.0.0.1

Save the file and exit

Now you need to restart NTP server for these settings to take effect using the following command

sudo /etc/init.d/ntp restart

Determining If NTP Is Synchronized Properly

Use the ntpq command to see the servers with which you are synchronized. It provided you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.

sudo ntpq -np

In the output of above command A star by any one of the chosen server names means that the system clock is synchronising with the NTP clock. If you don’t have a star (as in the example above) it means that the clocks are unreachable, already synchronized to this server or has an outrageous synchronization distance. Try running ntpdate (you will need to stop the ntp server) with your first ntp server as an argument. This will set your system clock fairly accuratly and mean that the server will be able to choose a clock to synchronize with.

Firewall Configuration for NTP

NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn’t a high port (above 1023), but 123 also. You’ll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.

NTP Linux Client Configuration

If you want to configure ntp client you need to install the following packages

sudo aptitude install ntp ntp-simple ntpdate

Configuring NTP client

You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address

sudo nano /etc/ntp.conf

Server configuration settings

server 192.168.1.1

Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

restrict default notrust nomodify nopeer

Localhost configuration

restrict 192.168.1.1

In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.

We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords

restrict 127.0.0.1

Now you need to save and exit the file

Run ntpdate command against your server

sudo ntpdate 192.168.1.1

Restart ntp service using the following command

sudo /etc/init.d/ntp restart

Windows Clients Configuration

Windows machines use a simplified version of NTP called Simple Network Time Protocol (SNTP), and can synchronize with NTP servers. In order to synchronize with your new server, double click on the time and go to the "Internet Time" tab. Put the IP address of your server in the "Server" field.

or

You can download Automachron from here and install in your windows xp/2000 machines

Sponsored Link

You may also like...

12 Responses

  1. h9290 says:

    can’t all this be done in Ubuntu by simply clicking the time,edit and then time setting and changing it there through the configuration ?

  2. Thomas says:

    “””If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.”””

    No likely to be more accurate, but it is likely to have lower RTT and therefore lower jitter.

    “””sudo ntpq -p”””

    “sudo ntpq -np” is usually just as good if not better. It avoids reverse DNS lookups which sometimes don’t exist and usually don’t match the forward lookup anyway.

    “””You’ll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.”””

    If you’re going through a firewall you don’t need anything better than stratum 2 or 3 servers. The latency of the firewall is going to negate whatever increased accuracy you might expect from a stratum 1, so you’ll just be loading it up for no good reason.

    Check out https://help.ubuntu.com/community/UbuntuTime

  3. admin says:

    @thomas

    I have updated the ntp check command in the main article

  4. Ryan Harrington says:

    I come to your blog on a regular basis, your articles are usually better explained. You should add more info to your post on how to change ports and configure the server.

  5. admin says:

    @ryan

    You want to change NTP server default port number

  6. Kubuntu User says:

    Is this an alternative (CLI based) to using the build in way ?

    In Kubuntu 8.04 I only have to go to

    K-Menu -> System Settings -> Date & Time
    Press the Administrator Mode… button
    Activate Set date and time automatically
    Alt. Choose a pool OR manually enter a name/IP of an internal NTP server
    Click Apply

    I have been using since Kubuntu 6.06, and find it pretty simple to all the CLI work.

  7. Dummy00001 says:

    I would recommend OpenNTPd.

    Much less fuss to configure and works in real-world much better than the legacy “ntpd”.

    I have used “ntpd” for many years and it is P.I.T.A. to use and require constant baby-sitting. openntpd on other hand has sensible default setup and just works.

  8. AlexKleider says:

    I found this part confusing:
    “””
    Configuring NTP client

    You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address

    sudo nano /etc/ntp.conf

    Server configuration settings

    server 192.168.1.1

    Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.

    restrict default notrust nomodify nopeer

    Localhost configuration

    restrict 192.168.1.1

    In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.

    “””
    It’s not clear to me just what is to be placed in the client configuration file.
    I would expect something like:

    server 192.168.1.1
    restrict 192.168.1.1

    .. but it’s not clear exactly what.
    ‘nomodify’ seems wrong since you do want the server to modify the clients time, do you not?

  9. harry says:

    What do i do if i want to change default client port (123) to some other port dynamically.

    i.e. whenever i need to send a request, i need to send it through some dynamically set port.

  10. Josir says:

    When ntp client service is installed, how often does it goes to ntp server to synchronize time ?

  11. Denis Sorn says:

    This is wrong:

    “If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you’ll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server.”

    noquery restricts others to see our server status information, it doesn’t prevent them to get the time from us.

    See http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.1.3.

  12. Sanjay Bhosale says:

    I tried your steps but did not get synchronization in time. And also sudo ntpdate is not working at client side. I dont have internet connections at both sides. So can you please let me know how to solve this problem?

Leave a Reply

Your email address will not be published. Required fields are marked *