Enabling ntp server. Installing and configuring an ntp time server in Linux. Enable synchronization of the internal clock with an external source
The other day it was necessary to configure ntp again and, as usual, it turned out that after years of previous configuration, everything had been forgotten nafik. Therefore, we write ourselves a note for the future, so as not to look for it next time. Well, it looks like it will be useful for my readers.
Installation
As usual, Gentoo will serve as our installation platform. The ntp service is net-misc/ntp.
First of all, we update the portage tree:
Server Tuning.
Let's decide who we'll take the time from. I suggest using exact time servers, Stratum 1 after all.
ntp1.vniiftri.ruThe parameters for starting the ntpd daemon are defined in the file /etc/conf.d/ntpd
ntp2.vniiftri.ru
ntp4.vniiftri.ru
# /etc/conf.d/ntpdHere -g is the key that allows transition to a large time jump, -c is the ntp service configuration file, to specify a pid file different from the default one, you can use the -p key, for example:# Options to pass to the ntpd process
# Most people should leave this line alone ...
# however, if you know what you"re doing, feel free to tweak
NTPD_OPTS="-g -c /etc/ntp.conf"
NTPD_OPTS="-p /var/run/ntpd.pid -g -c /etc/ntp.conf"The ntp service is configured by default in the /etc/ntp.conf file, if you specified a different one in the previous paragraph, then edit the one you specified
# /etc/ntp.confLaunch ntpd
# Our local server
server 192.168.0.1
# Servers online
server 195.2.64.6
server ntp1.vniiftri.ru
server ntp2.vniiftri.ru
server ntp4.vniiftri.ru#Paths to service files
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntpd.log# Permissions to access our server
restrict default ignore # Access is denied by default
restrict localhost # Everything is possible locally
restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap # You can only read the time over the internal network# We allow synchronization with external servers, otherwise synchronization will not work.
restrict 127.0.0.1
restrict 192.168.0.1
restrict 195.2.64.6
restrict ntp1.vniiftri.ru
restrict ntp2.vniiftri.ru
restrict ntp4.vniiftri.ru# This entry allows you to assign Stratum 3 to yourself so that the server trusts itself
server 127.127.1.1
fudge 127.127.1.1 stratum 3
Add ntpd to startup
Now you need to wait 10 - 20 minutes, because synchronization does not occur immediately, but after some time.
Checking on the server
That means everything is fine, synchronization has started. Let's take a closer look at the notations in the resulting table.
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.0.1 .INIT. 16 u - 1024 0 0.000 0.000 0.000
-ntp1.zenon.net 195.2.64.5 2 u 596 1024 377 2.261 -0.104 0.680
*ntp1.vniiftri.r.PPS. 1 u 909 1024 377 4.266 -0.603 0.353
+ntp2.vniiftri.r .PPS. 1 u 562 1024 377 3.914 -0.453 0.457
+ntp4.vniiftri.r .PPS. 1 u 554 1024 377 4.487 -0.664 0.249
LOCAL(1).LOCL. 3 l 229m 64 0 0.000 0.000 0.000
Table fields:
remote- names of remote ntp servers
refid- server with which the remote ntp server synchronizes
st- stratum (level) remote server. 1 is the highest, 16 is an ordinary machine/client.
t- peer type (u = unicast, m = multicast, l = local)
when- indicates how long ago the synchronization with the server was made
poll- frequency in seconds with which the NTP daemon synchronizes with the peer
reach- server availability status, this value stabilizes at 377 if the last 8 attempts to synchronize with the remote server were successful
delay- delay (in milliseconds) of response from the server
offset- difference in milliseconds between system time and remote server time; value with a minus - lag, with a plus - running away
jitter- time offset on the remote server
Icons in table rows:
* - peer with which synchronization was performed last time
+ - server suitable for updating
- - server unsuitable for updating
X- the server does not respond
We check on the client:
25 Oct 17:28:04 ntpdate: adjust time server 192.168.0.1 offset -0.016567 secHowever, you may receive the following message:
25 Oct 17:29:14 ntpdate: no server suitable for synchronization foundTo understand what kind of nonsense we do:
Let's look at the answer:
192.168.0.1: Server dropped: strata too highThis means that the trust level is very low (stratum=16, the lowest level), that is, the server does not trust itself to give time. You must either wait or change the list of servers with which it synchronizes. Since our config states that our server is stratum 3, we are unlikely to see such a message.
server 192.168.0.1, port 123
stratum 16, precision -8, leap 11, trust 000
We set up clients.
LINUX
My clients are also Gentoo; basically, the client configuration is written in the /etc/conf.d/ntp-client file. Let's not be wise here, we leave everything as it is, we just specify our server in the synchronization parameters:
# /etc/conf.d/ntp-clientAdd to startup:# Command to run to set the clock initially
# Most people should just leave this line alone ...
# however, if you know what you"re doing, and you
# want to use ntpd to set the clock, change this to "ntpd"
NTPCLIENT_CMD="ntpdate"# Options to pass to the above command
# This default setting should work fine but you should
# change the default "pool.ntp.org" to something closer
# to your machine. See http://www.pool.ntp.org/ or
# try running `netselect -s 3 pool.ntp.org`.
NTPCLIENT_OPTS="-s -b -u 192.168.0.1 "
# rc-update add ntp-client defaultIt should be kept in mind that the ntp-client service synchronizes time only once, when the system starts, so for machines running for a long time without restarting, do the following:
Create it in the /etc/cron.hourly folder executable file with the following content
#!/bin/shThat's it, now our machine will synchronize with ntp hourly.
NTPCLIENT_OPTS="-s -b -u 192.168.0.1"Ntpdate $NTPCLIENT_OPTS >> /dev/null 2>&1
WINDOWS 2003 Server
We perform all movements on the command line.
#w32tm /config /syncfromflags:manual /manualpeerlist:192.168.0.1Next, in the command line we specify the priority NTP server, restart the time service and force the time to be synchronized:
#w32tm /config /update
#net time /setsntp:192.168.0.1As a result you should get:
#net stop w32time && net start w32time
#w32tm/resync
Synchronization command sent to local computer...After some time, you can check the system event log. If everything is configured and worked correctly, then the log will contain an information message from the W32Time source with code (ID) 37 and the text “NTP client of the time provider receives correct time data from 192.168.0.1”, and then with code 35 and the text “Service time synchronizes the system time with the time source 192.168.0.1".
The command completed successfully.
UPD
WINDOWS 2012 Server
Everything here is similar to Windows 2003 Server, but we do everything in Windows PowerShell running as administrator.
We indicate which ntp server to use for synchronization:
PS C:\> w32tm /config /syncfromflags:manual /manualpeerlist:192.168.0.1 /syncfromflags:MANUALNext, in the command line we restart the time service and force the time to be synchronized:
PS C:\> w32tm /config /update
PS C:\>Service-Stop w32timeAs a result you should get:
PS C:\>Service-Start w32time
PS C:\> w32tm /resync
Sending a sync command to the local computerWe check:
The command completed successfully.
The output should be something like this:
Interference indicator: 0 (no warnings)
Strat: 3 (secondary link - synchronized using (S)NTP)
Accuracy: -6 (15.625ms per clock cycle)
Root delay: 0.0356903s
Root variance: 7.8069513s
Time Reference ID: 0xC0A86301 (Source IP Address: 192.168.0.1)
Time of last successful synchronization: 03/22/2016 16:21:25
The release of WordPress 5.3 improves and expands the block editor introduced in WordPress 5.0 with a new block, more intuitive interaction, and improved accessibility. New features in the editor […]
After nine months of development, the FFmpeg 4.2 multimedia package is available, which includes a set of applications and a collection of libraries for operations on various multimedia formats (recording, converting and […]
Linux Mint 19.2 is a long-term support release that will be supported until 2023. It comes with updated software and contains improvements and many new […]
Presented is the release of the Linux Mint 19.2 distribution, the second update of the Linux Mint 19.x branch, formed on the Ubuntu 18.04 LTS package base and supported until 2023. The distribution is fully compatible [...]
New BIND service releases are available that contain bug fixes and feature improvements. New releases can be downloaded from the downloads page on the developer's website: […]
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use in Unix systems connected to the Internet. It is freely available in accordance with [...]
After almost two years of development, the release of ZFS on Linux 0.8.0 is presented, implementation file system ZFS, packaged as a module for the Linux kernel. The module has been tested with Linux kernels from 2.6.32 to […]
The IETF (Internet Engineering Task Force), which develops Internet protocols and architecture, has completed an RFC for the ACME (Automatic Certificate Management Environment) protocol […]
The non-profit certification authority Let’s Encrypt, which is controlled by the community and provides certificates free of charge to everyone, summed up the results of the past year and talked about plans for 2019. […]
New one came out Libreoffice version- Libreoffice 6.2
Windows family of operating systems contain the W32Time time service. This service is designed to synchronize time within an organization. W32Time is responsible for the operation of both the client and server parts of the time service, and the same computer can be both a client and an NTP (Network Time Protocol) server at the same time.
By default, the Windows time service is configured as follows:
When installing an operating room Windows systems starts an NTP client that synchronizes with an external time source;
When you add a computer to a domain, the synchronization type changes. All client computers and member servers in the domain use a domain controller to synchronize time, which verifies their authenticity;
When a member server is promoted to a domain controller, an NTP server is launched on it, which uses a controller with the PDC emulator role as a time source;
The PDC emulator, located in the forest root domain, is the primary time server for the entire organization. At the same time, it itself is also synchronized with an external time source.
This scheme works in most cases and does not require intervention. However, the structure of the time service in Windows may not follow the domain hierarchy, and any computer can be designated as a reliable time source.
As an example, let's look at setting up an NTP server in Windows Server 2008 R2; by analogy, you can set up an NTP server in Windows 7.
Starting the NTP server
The time service in Windows Server does not have GUI and can be configured from either command line, or by directly editing the system registry. Let's consider the second method:
The NTP server needs to be started. Open the registry branch:
HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpServer.
To enable the NTP server, the Enabled parameter must be set to 1. Then we restart the time service with the command net stop w32time && net start w32time.
After restarting the NTP service, the server is already active and can serve clients. You can verify this using the w32tm /query /configuration command. This command outputs full list service parameters. If the NtpServer section contains the line Enabled:1 , then everything is in order, the time server is running.
In order for the NTP server to serve clients, the firewall must open UDP port 123 for incoming and outgoing traffic.
Basic NTP server settings
Open the registry branch:
HKLM\System\CurrentControlSet\services\W32Time\Parameters.
NoSync - the NTP server is not synchronized with any external time source. The system clock is used, built into the CMOS chip of the server itself (in turn, this clock can be synchronized from a NMEA source via RS-232, for example);
NTP - The NTP server synchronizes with external time servers that are specified in the NtpServer registry parameter;
NT5DS - NTP server synchronizes according to the domain hierarchy;
AllSync - the NTP server uses all available sources for synchronization.
The default value for a computer that is part of a domain is NT5DS, for separately standing computer- NTP.
The NtpServer parameter specifies the NTP servers with which the time will be synchronized this server. By default, this parameter contains the Microsoft NTP server (time.windows.com, 0×1); if necessary, you can add several more NTP servers by entering their DNS names or IP addresses separated by a space. At the end of each name you can add a flag (eg ,0×1) that determines the mode for synchronization with the time server.
The following mode values are allowed:
0×1 - SpecialInterval, use of polling time interval;
0×2 – UseAsFallbackOnly mode;
0×4 – SymmetricActive, symmetrical active mode;
0×8 – Client, sending a request in client mode.
Another important AnnounceFlags setting is located in the registry key:
HKLM\System\CurrentControlSet\services\W32Time\Config.
It is responsible for how the NTP server announces itself. To declare a member server (not a domain controller) as a reliable time source, flag 5 is needed.
If the server being configured is, in turn, an NTP client (receives time from a GPS receiver via NTP, for example), you can configure the interval between updates. This parameter may also be relevant for client PCs. The SpecialPollInterval key, located in the registry branch, is responsible for the update time:
HKLM\System\CurrentControlSet\services\W32Time\TimeProviders\NtpClient.
It is specified in seconds and by default its value is 604800, which is 1 week. It's a lot, so It is worth reducing the SpecialPollInterval value to a reasonable value - 1 hour (3600).
After configuration, you need to update the service configuration. This can be done with the w32tm /config /update command.
And a few more commands for configuring, monitoring and diagnosing the time service:
w32tm /monitor – using this option you can find out how much system time of this computer different from the time on the domain controller or other computers. For example: w32tm/monitor/computers:time.nist.gov
w32tm /resync - using this command you can force the computer to synchronize with the time server it uses.
w32tm /stripchart – shows the time difference between the current and remote computer. Team w32tm /stripchart /computer:time.nist.gov /samples:5 /dataonly will make 5 comparisons with the specified source and display the result in text form.
w32tm /config is the main command used to configure the NTP service. With its help, you can set the list of time servers used, the type of synchronization and much more. For example, you can override the default values and set up time synchronization with an external source using the command w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov /update
w32tm /query - shows the current service settings. For example, the command w32tm /query /source will show the current time source, and w32tm /query /configuration will display all service parameters.
net stop w32time - stops the time service if running.
w32tm /unregister - removes the time service from the computer.
w32tm /register – registers the time service on the computer. In this case, the entire branch of parameters in the registry is created anew.
net start w32time - starts the service.
Features noticed in Windows 7 - Time service does not start automatically when Windows startup. Fixed in SP1 for Windows 7.
Introduction.
The Linux system, like most other modern operating systems, actually has two hours. The first clock is a hardware clock, sometimes called a Real Time Clock (RTC) for short, or a BIOS clock, usually associated with an oscillating quartz crystal that is accurate to within a few seconds per day. Accuracy depends on various fluctuations such as ambient temperature. The second clock is an internal software clock that runs continuously, including during interruptions in system operation. They are subject to variations due to heavy system load and interrupt latency. However, the system typically reads the hardware clock at boot and then uses the system clock. The date command sets the system clock, not the hardware clock.
If you use NTP, you can set the hardware clock during the first system installation and never have to worry about it again.
Real Time Clock (RTC) chip used on motherboards, is not particularly accurate and usually lags or gets ahead by a certain amount of time each day.
You can synchronize the hardware clock with the system clock using the hwclock command with the -w or --systohc option, and synchronize the system clock with the hardware clock using the hwclock command with the -s or --hctosys option.
Setup.
To begin, add the following line to the /etc/ntp.conf file:
The time will be synchronized from the specified server. If the first one is unavailable, the next ones in the list are taken. The first one I registered was the local NTP server.
The next point is whether to set the local or world time to be used.
#cat /etc//etc/sysconfig/clock
This is not what we have:
Editing ZONE - to "Europe/Moscow"
We get:
UTC=true the system clock does not use a universal time representation
ARC=true The normal UNIX epoch is used.
The time zone under Linux is set via a symbolic link, from /etc/localtime to a file in the /usr/lib/zoneinfo directory (or /usr/share/zoneinfo), which indicates which time zone you are in.
Drawing. Contents of /usr/share/zoneinfo
We execute commands.
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Moscow /etc/localtime
Everything is working!
If the ntpd daemon is running, the following message is displayed when attempting to synchronize with the ntp server.
This command shows which servers to connect to.
Addition:
Setting the hardware clock
To set the hardware clock, set the system time first and then the hardware time using the program “/sbin/clock -w” (or “/sbin/clock -wu” in case of using universal time). To find out the hardware time, run clock without parameters. If the hardware clock is set to local time and you want to see the global time, type “/sbin/clock –u”
Setting the System Clock
To set the system clock in Linux, use the date program. For example, setting the current time (system!) and date to July 31, 23:16, type “date 07312316” (note that the time is given in 24-hour notation) If you want to change the year, then type “date 073123161998”. To set the seconds, type “date 07312316.30” or “date 073123161998.30”. To find out the system time, run date without any arguments.
For server and client work NTP answers " Windows Time Service" ("W32Time").
To configure the server to Windows OS follow these steps:
1. Install automatic start service " W32Time". To do this, in the registry branch
"HKLM\System\CurrentControlSet\Services\W32Time
"set for parameter" Start
" meaning 2
.
2. Then open " HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer "and install" Enabled " V unit.
3.We edit the following parameters:
- branch: " HKLM\System\CurrentControlSet\Services\W32Time\Parameters
", parameter " Type
"
NoSync - NTP-the server is not synchronized with any external time source. Uses a clock built into the chip CMOS the server itself;
NTP - NTP-the server is synchronized with external time servers that are specified in the registry parameter " NtpServer";
NT5DS - NTP-the server synchronizes according to the domain hierarchy;
AllSync - NTP-the server uses all available sources for synchronization;
Parameter " NtpServer
", where the host with which this server will synchronize time is indicated. If necessary, you can add several hosts by entering them DNS names or IP addresses separated by spaces. At the end of each name, separated by commas, you can add a flag that determines the mode for synchronization with the time server.
The following values are allowed:
0x1 - SpecialInterval, use of a special polling interval;
0x2 - mode UseAsFallbackOnly;
0x4 - SymmetricActive, symmetrical active mode;
0x8 - Client, sending a request in client mode.
When using the flag " SpecialInterval", the set interval value in the key is required " SpecialPollInterval". When the flag is " UseAsFallbackOnly" the time service is informed that this server will be used as a backup, and calls will be made to other servers in the list before synchronizing with it. Symmetric active mode is used NTP-servers by default, and client mode can be used in case of problems with synchronization;
Branch " HKLM\System\CurrentControlSet\Services\W32Time\Config
", parameter " AnnounceFlags
"responsible for how he announces himself NTP-server and can take the following values:
0x0 (Not a time server) - the server does not advertise itself via NetLogon, as a source of time. He can answer NTP requests, but neighbors will not be able to recognize it;
0x1 (Always time server) - the server will always announce itself regardless of its status;
0x2 (Automatic time server) - the server will only announce itself if it receives a reliable time from another neighbor (NTP or NT5DS);
0x4 (Always reliable time server) - the server will always declare itself as a reliable time source;
0x8 (Automatic reliable time server) - A domain controller is automatically declared trusted if it is - PDC- forest root domain emulator. This flag allows the master PDC forests to declare themselves as an authorized source of time even in the absence of communication with superiors NTP-servers. Not a single controller or member server (which has the default flag 0x2) cannot claim to be a reliable source of time if it cannot find a source for itself.
Meaning " AnnounceFlags
" can be the sum of its flags, for example:
10=2+8
- NTP- the server declares itself as a reliable source of time, provided that it itself receives time from a reliable source or is PDC root domain. Flag 10
is set by default both for domain members and for stand-alone servers.
5=1+4
- NTP-the server always declares itself as a reliable source of time. For example, to declare a member server (not a domain controller) as a reliable time source, you need the flag 5
;
Branch " HKLM\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient ", parameter " SpecialPollInterval " is specified in seconds and by default its value is 604800 , which is one week. This is quite a lot, so it's worth reducing the value to, say, an hour ( 3600 ).
4. After the settings have been made, you can start the time service: " net start w32time ". If the service was already running, apply the configuration with the command " w32tm /config /update " and restart: " net stop w32time && net start w32time ".
5. After restarting the service NTP-the server is already active and can serve clients. You can verify this using the command " w32tm /query /configuration ". This command displays a complete list of service parameters. If the section " NtpServer" contains the string " Enabled:1 "Then everything is fine.
