[SOLVED] Configuring an NTP server for automatic time sync for all network hosts
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Configuring an NTP server for automatic time sync for all network hosts
I have an ntp server running on ubuntu. It is working ok when I configure the client /etc/ntphosts file for clients. The clients are able to sync with the server.
However, my actual goal is to have all network hosts connected to my network get the time from this ntp server. Yes I would like this to include different hosts running different OSs. I have searched for ways to implement but still haven't found any. If I configure it to broadcast, I still have to configure the client to be a broadcast client. This scenario of having to manually configure a client is what I would like to avoid 100%. This is attributed to the fact that the clients are in the thousands.
I have done this, but only in an environment with a few hundred hosts, not thousands.
1. All Microsoft hosts should pick up time from the domain controllers. If you install and configure and NTP client there, that correct time should be picked up by all Microsoft clients on the domain.
CAUTION: the domain service link is terribly clock sensitive. It is best if any time shift larger than a second or two happens only on startup.
2. All Linux hosts will require ntp client and a configuration. It is best if you have a centralized management or configuration server to automate this, so once you get ONE configuration correct it will propagate successfully to all Linux hosts. I was able to build my own solution for my RHEL, CentOS, and Debian environment but there are better options for multiple node management today.
The nature of traditional NTP is passive. It corrects local time from a server, then (assuming you configure it to serve) waits on client requests for correct time. I advise against broadcasting in general, having managed MANY networks and never having found unnecessary broadcasting to be a good thing.
Have you other operating systems to consider? Is this in one consolidated network, or multiple domains and subnets?
I have an ntp server running on ubuntu. It is working ok when I configure the client /etc/ntphosts file for clients. The clients are able to sync with the server.
However, my actual goal is to have all network hosts connected to my network get the time from this ntp server. Yes I would like this to include different hosts running different OSs. I have searched for ways to implement but still haven't found any. If I configure it to broadcast, I still have to configure the client to be a broadcast client. This scenario of having to manually configure a client is what I would like to avoid 100%. This is attributed to the fact that the clients are in the thousands.
Will really appreciate input on this...
Since you have so many systems to manage, it would be worth looking at tools like Puppet or Ansible or Salt (and few others).
It will help you a great deal to manage your clients (not just for NTP but for just about anything from provisioning to updates to any configuration changes).
DHCP server option 42 is for configuring a ntp server but not all DHCP clients will use that option. linux distributions that run ntp and chrony do, those that strictly run systemd-timsyncd do not and neither does OSX. Although there might be some configuration settings that I am not aware of... Windows not joined to a domain do not.
I have done this, but only in an environment with a few hundred hosts, not thousands.
1. All Microsoft hosts should pick up time from the domain controllers. If you install and configure and NTP client there, that correct time should be picked up by all Microsoft clients on the domain.
CAUTION: the domain service link is terribly clock sensitive. It is best if any time shift larger than a second or two happens only on startup.
2. All Linux hosts will require ntp client and a configuration. It is best if you have a centralized management or configuration server to automate this, so once you get ONE configuration correct it will propagate successfully to all Linux hosts. I was able to build my own solution for my RHEL, CentOS, and Debian environment but there are better options for multiple node management today.
The nature of traditional NTP is passive. It corrects local time from a server, then (assuming you configure it to serve) waits on client requests for correct time. I advise against broadcasting in general, having managed MANY networks and never having found unnecessary broadcasting to be a good thing.
Have you other operating systems to consider? Is this in one consolidated network, or multiple domains and subnets?
Hey. Do you mean I should install the domain controller before I continue? I assumed I should have the ntp up and running before this, becuase of the time sync sensitivity!
Is it a concern if I am configuring the ntp and dns as containers on the same virtual server?
What mode of propagation might you suggest? Or do you mean the dns will achieve this!?
Yes there are subnets. 99% of the hosts windows clients. Linux clients are not as many
Since you have so many systems to manage, it would be worth looking at tools like Puppet or Ansible or Salt (and few others).
It will help you a great deal to manage your clients (not just for NTP but for just about anything from provisioning to updates to any configuration changes).
If you are not using Windows domain servers, then Windows clients will not automatically sync time. In this case you must configure an NTP client on every single windows workstation. The easy way to do that is using one of the network configuration managers that does NOT require domain membership so that you do not manually have to touch every workstation.
That is something I have NOT done, and I have no idea if any of the mentioned tools would serve.
Joining all independent workstations to a domain would also require touching every one, so that may not reduce the workload.
It serves no purpose, but I would like to ask (if you want to share) how you got to THOUSANDS of nodes on a complex network without ever wanting to use a centralized management tool or a domain for the MS management? That might be a story for the shark tank!
The note
Quote:
. Windows not joined to a domain do not.
refers back to the DHCP option to set NTP. He means that Windows nodes will not use that option unless they are domain members.
The note refers back to the DHCP option to set NTP. He means that Windows nodes will not use that option unless they are domain members.
I hope that helps.
So you are saying if I can get a domain controller up and running I can configure the DHCP option for NTP for the windows clients as well, without having to have a windows NTP server!
Quote:
Originally Posted by wpeckham
It serves no purpose, but I would like to ask (if you want to share) how you got to THOUSANDS of nodes on a complex network without ever wanting to use a centralized management tool or a domain for the MS management? That might be a story for the shark tank!
Its a learning institution with thousands of students, staff who are encouraged to BYOD
So you are saying if I can get a domain controller up and running I can configure the DHCP option for NTP for the windows clients as well, without having to have a windows NTP server!
Almost, this only works for Windows clients that are joined, to and managed by, the domain. HOWEVER, in this case the windows clients get domain time from the domain controller ANYWAY, so as long as that clock is synced they will be good. In a BYOD situation you cannot assume that all Windows machines will join the domain! That open policy is good, wonderful even, but precludes and elegant and universal solution.
Quote:
Its a learning institution with thousands of students, staff who are encouraged to BYOD
In this case the right answer might be to put the NTP server OUT there. Use it for the machine you directly manage, and make sure the information is available to the staff and students in case they want it for the devices you do NOT manage. If the device is up to the user, you have to trust the users at some point.
Make sure that there is a web page with support documrents, and that the NTP information is part of that information. Life is far easier if they can look it up instead of calling you for help. Also, if education is the purpose, your IT solutions should leverage and serve the purpose and methods of education. They should be very used to looking things up, so provide and publish the resource and make it easy for them.
Almost, this only works for Windows clients that are joined, to and managed by, the domain. HOWEVER, in this case the windows clients get domain time from the domain controller ANYWAY, so as long as that clock is synced they will be good. In a BYOD situation you cannot assume that all Windows machines will join the domain! That open policy is good, wonderful even, but precludes and elegant and universal solution.
In this case the right answer might be to put the NTP server OUT there. Use it for the machine you directly manage, and make sure the information is available to the staff and students in case they want it for the devices you do NOT manage. If the device is up to the user, you have to trust the users at some point.
Make sure that there is a web page with support documrents, and that the NTP information is part of that information. Life is far easier if they can look it up instead of calling you for help. Also, if education is the purpose, your IT solutions should leverage and serve the purpose and methods of education. They should be very used to looking things up, so provide and publish the resource and make it easy for them.
Ok, noted. Let me try setting up the domain controller and test it out first before enabling large scale joining.
Yes, in terms of the domain controller and documentation, upon successful deployment, all necessary documentation and manuals will be circulated and made available to users to enable them to access resources. The idea of implementing this is so that the resources can be adequately managed and monitored, and it is also an attempt to improve security!
Why do you think you need all the connected network device to use your NTP time server? It might be preferable but in this instance not possible as far as I know.
Windows home edition can not be joined to a domain. Are you going to force those students to pay for the upgrade?
Considering that most students would have laptops you would need to configure them so they can login without being connected to the campus network. Do you have the necessary infrastructure to manage thousands of network devices?
Why do you think you need all the connected network device to use your NTP time server? It might be preferable but in this instance not possible as far as I know.
This is a requirement for running a domain controller
Quote:
Originally Posted by michaelk
Windows home edition can not be joined to a domain. Are you going to force those students to pay for the upgrade?
It is good practice for network / resource management. If you are talking about staffing then that is an internal issue which has been factored in. From the years of experience in basic user support, very few people use windows home edition. So even if this issue arises, it will be isolated cases.
Quote:
Originally Posted by michaelk
Considering that most students would have laptops you would need to configure them so they can login without being connected to the campus network. Do you have the necessary infrastructure to manage thousands of network devices?
Documentations and manuals will be made available. There is a ticketing / token based user support system for handling support online. The infrastructure is what is being currently piloted.
NTP is NOT a requirement for a DOMAIN. I like USING it on a domain, but Microsoft has their own time standard services for Windows Domain operations. NTP is for everything else, everything that observes open standards instead of "the Microsoft Way".
That said, I DO use an NTP client on my DOMAIN controllers when I set them, so that all the clocks on my network are in agreement. My preferred standard is to have a primary and a secondary NTP servers that get time from internet standard servers and then serve my network. (Two, so that if one goes down for maintenance the clocks do not drift.)
I suspect that you will have to accept zones of control, and zones where you will never have control. It is still unclear what control you really need, but seeking a campus standard time should be a good thing in any case. I prefer to lock down servers and server network, then publish preferred standards (and a few DOs and DON'Ts) with other useful information on an internal web page or WIKI and let the average users (students, in your case) pretty much manage themselves and each other. For me, that works and is far less work and stress than trying to control everything.
If student machines are personal equipment there is a question of what on them you have any RIGHT to control! Inexpensive commodity (student) machines where I am DO tend to come loaded with Windows Home Edition by default, as it is the less expensive. Your situation MAY differ, we would not know unless you provide that detail.
I hope that you now have enough information to get started, and I wish you the best of luck!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.