Welcome guest, is this your first visit? Click the "Create Account" button now to join.
Results 1 to 1 of 1

Thread: Linux NTP Server

  
Bookmark and Share
  1. #1

    Default Linux NTP Server

    NTP (Network Time Protocol) allows a system to sync its time clock with a time server. Time synchronization on IT infrastructures is critical, for example if time system of a node in a cluster is too different from the rest of the nodes the cluster software will think that this node is not responding and automatically will be removed from the cluster.
    Configuring a local NTP server

    To keep sync the time clocks of all nodes in a LAN, a local NTP server can be configured. All nodes on the LAN will keep time clock sync with the local NTP server using the NTP protocol, and the local NTP server will be in sync with other NTP servers on the Internet.

    To configure a server as local NTP server, the ntp RPM must be installed.
    Code:
    # yum install ntp
    Edit /etc/ntp.conf file and uncomment the line that allows access to all nodes on your LAN (192.168.1.0/24)

    restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap--> /etc/ntp.conf

    Note: local NTP server will be synchronized with other public NTP servers on Internet listed on 'server' directive on /etc/named.conf. Examples 0.rhel.poll.ntp.org, 1.rhel.poll.ntp.org, ...

    Restart ntpd service with the new configuration and make sure it will started on boot.

    Code:
    # /etc/init.d/ntpd restart
    # chkconfig ntpd on
    NTP server security

    Some security considerations have to be taken in order to run ntpd service secure. The first one is open the NTP server firewall to allow connections from/to other ntp client/server.

    -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT

    Note: NTP clients must keep open the 123/UDP port on the firewall.

    By default the ntpd services is protected by SElinux. In order to disable this protection, just in case of causing problems :
    Code:
    # setsebool -P ntpd_disable_trans 1
    NTP clients

    In order to configure the ntpd service on a Linux node as client for your LAN NTP server just add the local NTP server IP on 'server' directive in /etc/ntp.conf . Make sure that port 123/UDP is open on your firewall and the service ntpd is up and running.
    Code:
    # /etc/init.d/ntpd restart
    # chkconfig ntpd on
    In order to force a NTP synchronization the command ntpdate can be used. For example if we want to sync our time clock from NTP server 192.168.1.10 :

    ntpdate -u 192.168.1.10

    Note : if the NTP server used has not terminated the calculation of its drift time (/var/lib/ntp/driftime file), the NTP server will be not ready to be used and the message "no server suitable for synchronization found" will be displayed on the ntp client. Just be patient and wait, sometimes takes hours ...
    Last edited by kuldeep; 02-21-2015 at 03:19 AM.

  2. # ADS
    Circuit advertisement
    Join Date
    Always
    Posts
    Many
     

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •