The default value is 1 2 1 equates to 2 seconds. The default value is seconds. This option is intended for servers that receive or more requests per second. To add the address of a peer, that is to say, the address of a server running an NTP service of the same stratum, make use of the peer command in the ntp. The address must only be that of a system known to be a member of the same stratum.
Peers should have at least one time source that is different to each other. Peers are normally systems under the same administrative control. To add the address of a server, that is to say, the address of a server running an NTP service of a higher stratum, make use of the server command in the ntp. The address of a remote reference server or local reference clock from which packets are to be received.
To add a broadcast or multicast address for sending, that is to say, the address to broadcast or multicast NTP packets to, make use of the broadcast command in the ntp. This command configures a system to act as an NTP broadcast server. The address used must be a broadcast or a multicast address. Broadcast address implies the IPv4 address By default, routers do not pass broadcast messages. To add a manycast client address, that is to say, to configure a multicast address to be used for NTP server discovery, make use of the manycastclient command in the ntp.
The client will send a request to the address and select the best servers from the responses and ignore other servers. NTP communication then uses unicast associations, as if the discovered NTP servers were listed in ntp.
This command configures a system to act as an NTP client. Systems can be both client and server at the same time. To add a broadcast client address, that is to say, to configure a broadcast address to be monitored for broadcast NTP packets, make use of the broadcastclient command in the ntp.
Enables the receiving of broadcast messages. Requires authentication by default. To add a manycast server address, that is to say, to configure an address to allow the clients to discover the server by multicasting NTP packets, make use of the manycastserver command in the ntp. Enables the sending of multicast messages.
Where address is the address to multicast to. This should be used together with authentication to prevent service disruption. This command configures a system to act as an NTP server. To add a multicast client address, that is to say, to configure a multicast address to be monitored for multicast NTP packets, make use of the multicastclient command in the ntp.
Enables the receiving of multicast messages. Where address is the address to subscribe to. Using the burst option against a public server is considered abuse. Do not use this option with public NTP servers.
Use it only for applications within your own organization. To increase the average quality of time offset statistics, add the following option to the end of a server command:. At every poll interval, when the server responds, the system will send a burst of up to eight packets instead of the usual one packet.
For use with the server command to improve the average quality of the time-offset calculations. To improve the time taken for initial synchronization, add the following option to the end of a server command:. At every poll interval, send a burst of eight packets instead of one. When the server is not responding, packets are sent 16s apart. When the server responds, packets are sent every 2s.
For use with the server command to reduce the time taken for initial synchronization. This is now a default option in the configuration file.
To configure symmetric authentication using a key, add the following option to the end of a server or peer command:. This option enables the use of a message authentication code MAC in packets.
This option is for use with the peer , server , broadcast , and manycastclient commands. To change the default poll interval, add the following options to the end of a server or peer command:. Options to change the default poll interval, where the interval in seconds will be calculated by raising 2 to the power of value , in other words, the interval is expressed in log2 seconds. The default minpoll value is 6, 2 6 equates to 64s. The default value for maxpoll is 10, which equates to s.
Allowed values are in the range 3 to 17 inclusive, which equates to 8s to These options are for use with the peer or server. Setting a shorter maxpoll may improve clock accuracy. To specify that a particular server should be preferred above others of similar statistical quality, add the following option to the end of a server or peer command:.
Use this server for synchronization in preference to other servers of similar statistical quality. This option is for use with the peer or server commands.
To specify that a particular time-to-live TTL value should be used in place of the default, add the following option to the end of a server or peer command:. Specify the time-to-live value to be used in packets sent by broadcast servers and multicast NTP servers. The default value is To specify that a particular version of NTP should be used in place of the default, add the following option to the end of a server or peer command:.
The value can be in the range 1 to 4. The default is 4. To update the hardware clock from the system clock, issue the following command as root :. When the system clock is being synchronized by ntpd or chronyd , the kernel will in turn update the RTC every 11 minutes automatically. In the above example, the kernel is using kvm-clock. This was selected at boot time as this is a virtual machine. For example:. The following sources of information provide additional resources regarding NTP and ntpd.
Want to help? Learn how to contribute to Fedora Docs. Edit this Page. Introduction to NTP The Network Time Protocol NTP enables the accurate dissemination of time and date information in order to keep the time clocks on networked computer systems synchronized to a common reference over the network or the Internet.
NTP Strata NTP servers are classified according to their synchronization distance from the atomic clocks which are the source of the time signals. Understanding the Drift File The drift file is used to store the frequency offset between the system clock running at its nominal frequency and the frequency required to remain in synchronization with UTC.
Authentication Options for NTP NTPv4 added support for the Autokey Security Architecture, which is based on public asymmetric cryptography while retaining support for symmetric key cryptography. Managing the Time on Virtual Machines Virtual machines cannot access a real hardware clock and a virtual clock is not stable enough as the stability is dependent on the host systems work load.
Understanding the ntpd Configuration File The daemon, ntpd , reads the configuration file at system start or when the service is restarted. Here follows a brief explanation of the contents of the default configuration file:.
The driftfile entry A path to the drift file is specified, the default entry on Fedora is:. The access control entries The following line sets the default access control restriction:. The nomodify options prevents any changes to the configuration.
The nopeer option prevents a peer association being formed. Addresses can be added underneath if specifically required by another application. A mask of The public servers entry By default, the ntp.
The broadcast multicast servers entry By default, the ntp. Understanding the ntpd Sysconfig File The file will be read by the ntpd init script on service start. Disabling chrony In order to use ntpd the default user space daemon, chronyd , must be stopped and disabled. To prevent it restarting at system start, issue the following command as root :. To check the status of chronyd , issue the following command:. To enable ntpd at system start, enter the following command as root :.
Checking the Status of NTP To check if ntpd is running and configured to run at system start, issue the following command:. To obtain a brief status report from ntpd , issue the following command:. NTP servers are classified in a hierarchical system with many levels called strata : the devices which are considered independent time sources are classified as stratum 0 sources; the servers directly connected to stratum 0 devices are classified as stratum 1 sources; servers connected to stratum 1 sources are then classified as stratum 2 sources and so on.
It has to be understood that a server's stratum cannot be taken as an indication of its accuracy or reliability. Typically, stratum 2 servers are used for general synchronization purposes: if you do not already know the servers you are going to connect to, you should choose a server pool close to your location from the pool. Since ntp version 4. Modify those to suit your needs, e. The iburst option is recommended, and sends a burst of packets only if it cannot obtain a connection with the first attempt.
The burst option always does this, even on the first attempt, and should never be used without explicit permission and may result in blacklisting. If setting up an NTP server, check that you have orphan mode enabled, so that, in case it loses internet access, it will continue serving time to the network; enable orphan mode using the tos configuration parameter you can set up to stratum 15 so that it will never be used unless internet access is lost:.
Next, define the rules that will allow clients to connect to your service localhost is considered a client too using the restrict command; you should already have a line like this in your file:. This restricts everyone from modifying anything and prevents everyone from querying the status of your time server: nomodify prevents reconfiguring ntpd with ntpq or ntpdc , and noquery is important to prevent dumping status data from ntpd also with ntpq or ntpdc.
If you want to change any of these, see the full docs for the "restrict" option in ntp. Following this line, you need to tell ntpd what to allow through into your server; the following line is enough if you are not configuring an NTP server:.
Lastly, specify the drift file which keeps track of your clock's time deviation and optionally the log file location:. The package has a default client-mode configuration and its own user and group to drop root privileges after starting. If you start it from the console, you should always do so with the -u option:.
The -u option is employed by the two included systemd services. These services also use the -g option, which disables a threshold so-called panic-gate.
Hence, they will synchonize time even in case the ntp-server's time exceeds the threshold deviation from the system clock. Both services are tied to the system's resolver, and will start synchronizing when an active network connection is detected. Enable the daemon with ntpd. See also Running in a chroot. The delay, offset and jitter columns should be non-zero. The servers ntpd is synchronizing with are prefixed by an asterisk.
This is especially true if timesyncd was already working correctly. However, in case it was not enabled, we can easily allow ntpd to communicate with the authoritative time servers. Running this command will set it up to behavior as in the previous installation. If our server will be used as a timeserver, we will need to allow both inbound and outbound connections to port , which is very similar to the command above.
Ubuntu and other Debian based Linux distributions primarily use the apt or apt-get tool to install and manage packages. So, the first thing we need to do is update our package lists using the apt update command. Now we can install the ntp package.
We will see that apt automatically manages installing dependencies just like yum. A minor difference is that apt will start and enable the ntpd service immediately after the installation. On both distributions, make sure to reload the ntpd service because any changes to the config file while the service is running will need to be saved or the settings will not take effect. We can also reload the service using the systemctl reload ntp command. In case we ever need to manually initialize a ntp sync, we can do so in three simple steps.
This works on both distributions. Step 2. Run the ntpd -gq command to force a manual time sync. If you are experiencing any problems or have any questions about this topic, give us a call today at Join our mailing list to receive news, tips, strategies, and inspiration you need to grow your business.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist. Search Search. Always make a backup of a file before it is modified. What is NTP? Disabling Chrony. Installing ntpd. Installed: ntp. Configuring ntpd and Checking the Firewall. Activating ntpd. Disabling timesyncd. System clock synchronized: yes systemd-timesyncd. Firewall Settings. Done Building dependency tree Reading state information Done 88 packages can be upgraded.
Run 'apt list --upgradable' to see them. Done [ Manual Sync. Step 1.
0コメント