Network Time Protocol (NTP) Server and Clients Setup in Ubuntu
Sponsored Link
Using NTP is a great way to keep your system clock set correctly. It works by contacting a number of servers around the world, asking them for the time and then calculating what the correct local time is from their responses.
If you have install ntpdate package before you need to uninstall using the following command
sudo aptitude remove ntpdate
Install NTP server in Ubuntu
sudo aptitude install ntp
This will install all the required packages for NTP.
Configure NTP Server
The configuration file for ntpd is located at /etc/ntp.conf. The default Ubuntu file probably requires some modification for optimal performance.You need to edit the /etc/ntp.conf file using the following command
sudo nano /etc/ntp.conf
do the following changes shown in this example
Example Configuration
You need to add a number of servers to the server list. The Debian default is pool.ntp.org which works but isn’t always amazingly accurate because it makes no attempt to use time servers near you. If you want more accuracy use the time servers either on your continent (for instance europe.pool.ntp.org) or your country (for instance uk.pool.ntp.org) one of your local country servers.The optimal number of servers to listen to is three but two will also give a good accuracy. If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.
I am using the following two servers for my configuration
server ntp0.pipex.net
server ntp1.pipex.net
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery
The mask 255.255.255.255 statement is really a subnet mask limiting access to the single IP address of the remote NTP servers.
If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you’ll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server. The syntax is:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.
We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords
restrict 127.0.0.1
Save the file and exit
Now you need to restart NTP server for these settings to take effect using the following command
sudo /etc/init.d/ntp restart
Determining If NTP Is Synchronized Properly
Use the ntpq command to see the servers with which you are synchronized. It provided you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.
sudo ntpq -np
In the output of above command A star by any one of the chosen server names means that the system clock is synchronising with the NTP clock. If you don’t have a star (as in the example above) it means that the clocks are unreachable, already synchronized to this server or has an outrageous synchronization distance. Try running ntpdate (you will need to stop the ntp server) with your first ntp server as an argument. This will set your system clock fairly accuratly and mean that the server will be able to choose a clock to synchronize with.
Firewall Configuration for NTP
NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn’t a high port (above 1023), but 123 also. You’ll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.
NTP Linux Client Configuration
If you want to configure ntp client you need to install the following packages
sudo aptitude install ntp ntp-simple ntpdate
Configuring NTP client
You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address
sudo nano /etc/ntp.conf
Server configuration settings
server 192.168.1.1
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict default notrust nomodify nopeer
Localhost configuration
restrict 192.168.1.1
In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.
We also want to make sure that localhost (the universal IP address used to refer to a Linux server itself) has full access without any restricting keywords
restrict 127.0.0.1
Now you need to save and exit the file
Run ntpdate command against your server
sudo ntpdate 192.168.1.1
Restart ntp service using the following command
sudo /etc/init.d/ntp restart
Windows Clients Configuration
Windows machines use a simplified version of NTP called Simple Network Time Protocol (SNTP), and can synchronize with NTP servers. In order to synchronize with your new server, double click on the time and go to the "Internet Time" tab. Put the IP address of your server in the "Server" field.
or
You can download Automachron from here and install in your windows xp/2000 machines
can’t all this be done in Ubuntu by simply clicking the time,edit and then time setting and changing it there through the configuration ?
“””If your ISP runs a time server for you it is worth including it in your server list as it will often be more accurate than the pooled servers and will help keep the load down on the pool.”””
No likely to be more accurate, but it is likely to have lower RTT and therefore lower jitter.
“””sudo ntpq -p”””
“sudo ntpq -np” is usually just as good if not better. It avoids reverse DNS lookups which sometimes don’t exist and usually don’t match the forward lookup anyway.
“””You’ll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.”””
If you’re going through a firewall you don’t need anything better than stratum 2 or 3 servers. The latency of the firewall is going to negate whatever increased accuracy you might expect from a stratum 1, so you’ll just be loading it up for no good reason.
Check out https://help.ubuntu.com/community/UbuntuTime
@thomas
I have updated the ntp check command in the main article
I come to your blog on a regular basis, your articles are usually better explained. You should add more info to your post on how to change ports and configure the server.
@ryan
You want to change NTP server default port number
Is this an alternative (CLI based) to using the build in way ?
In Kubuntu 8.04 I only have to go to
K-Menu -> System Settings -> Date & Time
Press the Administrator Mode… button
Activate Set date and time automatically
Alt. Choose a pool OR manually enter a name/IP of an internal NTP server
Click Apply
I have been using since Kubuntu 6.06, and find it pretty simple to all the CLI work.
I would recommend OpenNTPd.
Much less fuss to configure and works in real-world much better than the legacy “ntpd”.
I have used “ntpd” for many years and it is P.I.T.A. to use and require constant baby-sitting. openntpd on other hand has sensible default setup and just works.
I found this part confusing:
“””
Configuring NTP client
You need to edit the /etc/ntp.conf file you need to point the following settings to NTP server ip address
sudo nano /etc/ntp.conf
Server configuration settings
server 192.168.1.1
Restrict the type of access you allow these servers. In this example the servers are not allowed to modify the run-time configuration or query your Linux NTP server.
restrict default notrust nomodify nopeer
Localhost configuration
restrict 192.168.1.1
In this case the mask statement has been expanded to include all 255 possible IP addresses on the local network.
“””
It’s not clear to me just what is to be placed in the client configuration file.
I would expect something like:
server 192.168.1.1
restrict 192.168.1.1
.. but it’s not clear exactly what.
‘nomodify’ seems wrong since you do want the server to modify the clients time, do you not?
What do i do if i want to change default client port (123) to some other port dynamically.
i.e. whenever i need to send a request, i need to send it through some dynamically set port.
When ntp client service is installed, how often does it goes to ntp server to synchronize time ?
This is wrong:
“If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you’ll have to define the networks from which this server will accept NTP synchronization requests. You do so with a modified restrict statement removing the noquery keyword to allow the network to query your NTP server.”
noquery restricts others to see our server status information, it doesn’t prevent them to get the time from us.
See http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.1.3.
I tried your steps but did not get synchronization in time. And also sudo ntpdate is not working at client side. I dont have internet connections at both sides. So can you please let me know how to solve this problem?