Configuring NTP on your Linux Server

Document Sample
Configuring NTP on your Linux Server Powered By Docstoc
					The Network Time Protocol (NTP) defines a set of algorithms for the dissemination
of time across the Internet. The NTP protocol can be used to synchronise the system
time on your Linux Server with a highly accurate Internet time reference.

This article describes how to configure the Network Time Protocol (NTP) daemon on
your Linux server to synchronise with an Internet based NTP server. It also provides a
list of well-know public Internet time references.

Obtaining the NTP Source Code Distribution

The Linux NTP source code distribution is publicly available 憃 pen source' software.
The distribution can be freely downloaded from the NTP web site 憂'. The
latest NTP version for Linux is 2.4.2. A port is also available for Windows platforms,
but the primary development platform for NTP is the Linux operating system. A
number of Linux based operating systems such as Mandrake and Redhat offer NTP as
an installable RPM package.

Once download is complete, the NTP distribution should be configured and compiled
on the host computer.

Configuration of the NTP Daemon

The NTP daemon is configured through entries in the primary NTP configuration file
憂 tp.conf'. The NTP configuration file contains a list of commands that instruct the
daemon to synchronise with a specified NTP server. NTP servers are specified using
the 憇 erver' command followed by the domain name of the server thus:


A number of access control options are also available to restrict the use of your NTP
server by network time clients. To only allow machines on your own network to
synchronize with the server use:

restrict mask nomodify notrap

Alternatively, you can restrict all access to your NTP server with the following

restrict default ignore

Multiple directives can be specified to restrict access to a specified range of
Using NTP Authentication

NTP authentication is used by time clients to authenticate the time server to prevent
rogue server intervention. NTP authentication is based on encrypted keys. A key is
encrypted and sent to the client by the server, where it is unencrypted and checked
against the client key to ensure a match.

NTP keys are stored in the 憂 tp.keys' file in the following format:

Key-number M Key (The M stands for MD5 encryption), e.g.:

1 M secret
5 M RaBBit
7 M TiMeLy

The NTP configuration file 憂 tp.conf' specifies which of the keys are trusted. Any
keys specified in the keys file but not trusted will not be used for authentication, e.g.:

trustedkey 1 7 10

NTP Client Authentication Configuration

The NTP client also needs to be configured with similar authentication information as
the server. The client may use a subset of the keys specified on the server. A different
subset of keys can also be used on different clients, e.g.:

Client A) Client B)
1 M secret 1 M secret
7 M TiMeLy 5 M RaBBit

trustedkey 1 7 trustedkey 1

Controlling the NTP Server Daemon

Once configured, the NTP daemon can be controlled using the commands: 憂 tpd
start'; 憂 tpd stop' and 憂 tpd restart'.

Querying the NTP Server Daemon

The NTP server daemon can be queried using the 憂 tpq 杙' command. The ntpq
command queries the NTP server for synchronisation status and provides a list of
servers with synchronisation information for each server.
Public Internet NTP Servers

Public NTP servers provide subscription free, highly accurate, timing references for
computer time synchronisation. Below is a list of popular public NTP time servers.

Stratum 1 Public NTP Servers - - Computing Systems Research Ltd. United Kingdom -
NTP V4 primary (Odetics GPS), Sun/Sparc Solaris 2.6 - - Falmouth, Cornwall, UK - NTP V4.2.0 primary
(MSF Radio Clock Receiver), Trustix Linux

Stratum 2 Public NTP Servers - - Telehouse Europe, London E14 - NTP V4
secondary Sun UltraSPARC Solaris 8 - - University of Manchester, Manchester, England -
NTP secondary (S2), SGI/Irix - - University of Manchester, Manchester, England -
NTP secondary (S2), PC/FreeBSD - - ExNet Ltd, London, UK - NTP secondary (stratum 2),
Sun-4/Unix - - Interhouse London E14 - NTP V4, SuSE 9.0
(Stratum 1) - - Telehouse Europe, London E14 - NTP V4
secondary Sun UltraSPARC Solaris 8 - University of Strathclyde, Glasgow, Scotland - NTP V4
secondary - - Telehouse Europe, London E14 - NTP V4
secondary Sun UltraSPARC Solaris 8

Shared By: