LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-28-2016, 12:52 AM   #1
Namrata10
LQ Newbie
 
Registered: Oct 2016
Posts: 18

Rep: Reputation: Disabled
Set up an NTP server to allow local machines to be synchronized for Linux


I am trying to set up a machine to act as an ntp server to which the other local machines will synchronize their times to.

This is my server side /etc/ntp.conf
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
server 0.ubuntu.pool.ntp.org iburst
server 1.ubuntu.pool.ntp.org iburst
server 2.ubuntu.pool.ntp.org iburst
server 3.ubuntu.pool.ntp.org iburst
server 192.168.43.236 iburst
fudge 192.168.43.236 stratum 10
# Use Ubuntu's ntp server as a fallback.
server ntp.ubuntu.com

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient


And on the client side,
I added
server 192.168.43.236 iburst

The client syncs correctly on startup but ntpq -pn gives
remote refid st t when poll reach delay offset jitter
===========================================================
192.168.43.236 .XFAC. 16 - - 1024 0 0.000 0.000 0.000

And ntpstat says unsynchronized.

Where am I going wrong?
 
Old 11-28-2016, 03:46 AM   #2
aragorn2101
Member
 
Registered: Dec 2012
Location: Mauritius
Distribution: Slackware
Posts: 204

Rep: Reputation: 82
Hi,

I'm not expert in NTP but I found these very easy to follow:
http://www.tldp.org/HOWTO/TimePrecision-HOWTO/ntp.html
http://www.tldp.org/LDP/sag/html/basic-ntp-config.html

All the best.
 
Old 11-28-2016, 06:58 AM   #3
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,931

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
Code:
server 192.168.43.236 iburst
fudge 192.168.43.236 stratum 10
Either delete or comment out these lines. Restart the server and make sure it syncs. Make sure if a firewall is running it allows ntp traffic and you might want to use a time pool closer to your location.

Restart the client and see if it syncs. It might take a few minutes.
 
Old 11-28-2016, 11:27 AM   #4
Namrata10
LQ Newbie
 
Registered: Oct 2016
Posts: 18

Original Poster
Rep: Reputation: Disabled
I thought these lines are something that make it a server.
will the client be able to sync time with it anyway?

PS Client is raspberry pi here.
 
Old 11-28-2016, 11:39 AM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,931

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
Code:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
Uncommenting these lines allow clients to sync to your server.

Code:
server  127.127.1.0 # local clock
fudge   127.127.1.0 stratum 10
This is the correct way to use the local clock in case the server is disconnected from the internet. If its system clock is not stable enough and drifts much the clients will not use it as a server.

Code:
server 192.168.43.236 prefer
Add this to the Pi.
 
Old 11-28-2016, 12:24 PM   #6
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,476

Rep: Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020
Once you have your server set up (so that it synchronizes to external time sources -- BTW, you only need three, any more is wasteful), you can add the following to the end of /etc/ntp.conf (if that's where your ntp.conf is, that is).
Code:
# Serve time to LAN
#restrict default nomodify nopeer notrap
# Allow LAN machines to synchronize with this ntp server
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap
# Trust ourselves.  :-)
Now, 192.168.1.0 is where NTP is running on the local NTP host (to the LAN); 192.168.2.0 is simply an extra and does nothing if there is no subnet number 2). The commented-out lines don't do anything either, they're there if you want to fiddle with stuff which you probably don't want to do.

In my case, the server is 192.168.1.10. You would add a line in the LAN machines:
Code:
server     192.168.1.10
in the server section on each LAN machine listed before external server directives.

About external time servers: your really want to use three pool servers of the form here
Code:
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10
#server  pool.ntp.org
server  0.us.pool.ntp.org
server  1.us.pool.ntp.org
server  2.us.pool.ntp.org
What the local clock setting does is
Quote:
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
Basically, if you lose outside synchronization (the network is down or somebody unplugged something or whatever), the server will fall back on itself until the network comes back. Then NTP will pick up the connection and synchronize the server time and the LAN systems will synchronize to the restored time. And, you want to include the above in your LAN systems so that if the server crashes or the LAN goes down or something they will fall back on themselves until the server reboots and synchronizes.

When your server synchronizes (at boot time) you can see the status (after about thee- to five minutes after boot) with
Code:
/usr/sbin/ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 127.127.1.0     .LOCL.          10 l 1799   64    0    0.000    0.000   0.000
+104.156.99.226  192.12.19.20     2 u   22  128  377  592.048   -8.023   8.369
+129.6.15.30     .ACTS.           1 u   25  128  257  680.907   34.948  15.552
*198.204.225.190 204.9.54.119     2 u   87  128  377  619.119    0.613  23.387
You really do not need to use the iburst directive, doesn't hurt, might help but realistically it does not do too much.

On a LAN system, the above would show 192.168.1.10 and no external addresses.

The LAN systems will take a little bit of time to synchronize (not much, maybe a couple of minutes).

Also, you will want to make sure that the commands that start, stop, and restart the NTP daemon, in particular, the start should include the -g argument so that if the local time is more than 600 seconds off that the time will be set with a large (more than 600 seconds) slew in order to synchronize. The start-up (on Slackware) looks like this:
Code:
# Start ntpd:
ntpd_start() {
  CMDLINE="/usr/sbin/ntpd -g"
  echo -n "Starting NTP daemon:  $CMDLINE"
  $CMDLINE -p /var/run/ntpd.pid
  echo
}
You can save all kinds of trouble with LAN machines by assuring that the system time is set correctly so the remotes will synchronize -- system (software) and hardware clocks can, for all kinds of reasons, get out of synchronization. At boot most distributions set the system time from the hardware clock (before NTP starts) and the -g is to make sure the remote clock gets started in case there are problems on the remote.

Hope this helps some.
 
Old 11-29-2016, 01:18 AM   #7
Namrata10
LQ Newbie
 
Registered: Oct 2016
Posts: 18

Original Poster
Rep: Reputation: Disabled
Hi, I removed

server 192.168.43.236 iburst
fudge 192.168.43.236 stratum 10

and added server 192.168.43.236 to the raspberry pi.
Still getting the same problem.
The client syncs correctly on startup but ntpq -pn gives
remote refid st t when poll reach delay offset jitter
===========================================================
192.168.43.236 .INIT. 16 u - 64 0 0.000 0.000 0.000

And ntpstat says
unsynchronized
time server re-starting
polling server every 8 s
 
Old 11-29-2016, 06:28 AM   #8
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,931

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
Is the server actually syncing?
Post its ntpq -pn output.

If running a firewall does it allow port 123/UDP?

Last edited by michaelk; 11-29-2016 at 06:48 AM.
 
Old 11-29-2016, 09:41 AM   #9
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,476

Rep: Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020Reputation: 1020
The first thing you have to do is get your time server synchronized, then worry about the clients.

Your configuration file, ntp.conf should be as simple as possible (which almost always works better than complicated).

NTP will not synchronize with external time servers if your system clock (the software clock) is not withing 600 seconds of actual time, it'll just sit there looking at you doing nothing. So, make sure that your hardware clock is set to actual time -- most systems will set the system clock from the hardware clock on boot. If you look at system time with the date utility, it should be within 600 seconds of actual time:
Code:
date
Tue Nov 29 08:58:47 EST 2016
If it's not within 600 seconds, set the system clock to the correct time then stop NTP and restart it, wait a minute or two then
Code:
ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 127.127.1.0     .LOCL.          10 l  20h   64    0    0.000    0.000   0.000
+108.61.73.243   209.51.161.238   2 u 1040 1024  377  628.749   20.945  46.942
+108.59.2.24     209.51.161.238   2 u  858 1024  377  608.955   25.798  46.821
*132.163.4.102   .ACTS.           1 u  701 1024  377  564.696   25.455  46.293
You'll see the above where the external time server in use is marked with an asterisk (the plus signs indicate candidates for use if the "asterisk" server goes away, gets noisy or there is some other problem with it). It may take, oh, about five minutes for that to happen, but you should see a list of external servers in any event.

When your system is synchronized, NTP is doing it's job, on reboot or shutdown the correct time is written to the hardware clock so that, on restart, the system time will be set "pretty close" to actual time (the hardware clock does drift a little).

On problem you've made for yourself is the large number of external candidates, you've got five listed (you really only want three) and every one of them have to evaluated for one to be picked as the "best."

Too, use the NTP pool servers rather than the ubuntu pool servers. You don't indicate where you are in the world but if you're in the US you would specify
Code:
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
Or
Code:
server  0.us.pool.ntp.org
server  1.us.pool.ntp.org
server  2.us.pool.ntp.org
where your country code is included (with or without the iburst).

The pool is world-wide. What NTP does is evaluate pool addresses looking for servers that are electrically close to you with good delay, offset and jitter no matter where you are in the world.

Too, to get it going, don't include all the logging at first. Simpler really is better.

Here is my ntp.conf file. It is configured for serving time to my LAN and it is fully commented indicating what to and not to do depending on your individual needs (like serving time to the LAN). You don't need keys, that's just a layer of complication that is unnecessary (you're not serving time to the internet, you're internal).

Now this file is for Slackware so the locations of certain defined files vary from your system; e.g., the location of the drift file, so read through and make sure you can write to the directories you've specified.
Code:
cat ntp.conf
# Sample /etc/ntp.conf:  Configuration file for ntpd.
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server	127.127.1.0	# local clock
fudge	127.127.1.0 stratum 10	

#
# NTP server (list one or more) to synchronize with:
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
#server 3.pool.ntp.org iburst

#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift

#
# Uncomment to use a multicast NTP server on the local subnet:
#multicastclient 224.0.1.1		# listen on default 224.0.1.1
# Set an optional compensation for broadcast packet delay:
#broadcastdelay	0.008

#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will.
#
#keys		/etc/ntp/keys
#trustedkey	65535
#requestkey	65535
#controlkey	65535

#
# Don't serve time or stats to anyone else by default (more secure)
#restrict default limited kod nomodify notrap nopeer noquery
#restrict -6 default limited kod nomodify notrap nopeer noquery

#
# Use these lines instead if you do want to serve time and stats to
# other machines on the network:
restrict default limited kod nomodify notrap nopeer
restrict -6 default limited kod nomodify notrap nopeer

# Serve time to LAN
# Allow LAN machines to synchronize with this ntp server
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap

#
# Disable the ntpdc -c monlist command, which is insecure and can be used
# to cause a denial of service attack (CVE-2013-5211). Future versions of
# NTP will remove this command.
# (this feature was disabled by default with ntpd 4.2.7p230)
disable monitor

#
# Trust ourselves.  :-)
restrict 127.0.0.1
restrict ::1
One last thing -- you must enable NTPD, port 123 UDP in your router for NTP to work (it's NTPD, the daemon process, not just NTP).

You should have a file, possibly named services, in your /etc directory (or somewhere) with these two lines in it:
Code:
ntp             123/tcp    #Network Time Protocol
ntp             123/udp    #Network Time Protocol
Take your time, make sure you understand what's what and why's why and keep it simple.

Hope this helps some.
 
Old 11-29-2016, 10:05 AM   #10
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,931

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
I've never had to enable port 123 in my router for clients to access a server pool nor is it required for anything on the LAN.

The internal ntp server has to allow 123 UDP traffic in its firewall as well as the ntp.conf configured to allow access from clients.

The raspberry Pi does not have a hardware clock unless you add one...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ntp server keeps on changing time-local ntp server Gil@LQ Linux - Newbie 3 01-23-2013 10:33 AM
Can you host a local ntp server in linux? homer_3 Linux - General 7 09-28-2009 11:27 AM
Want to make local NTP server for Linux Debian SimonTHK Linux - Server 1 09-24-2009 06:13 AM
How to set up Linux NTP server minil Linux - Networking 8 03-03-2005 03:24 AM


All times are GMT -5. The time now is 02:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration