HOWTO Configure NTP

From Consultancy.EdVoncken.NET

Your network should offer at least 2 Network Time Protocol (NTP) servers. Proper clock synchronization is essential to various networked services, such as Kerberos.

In this example, we'll be setting up NTP on two servers, 192.168.123.1 and 192.168.123.2. These servers also run DHCP and DNS. Normally, NTP servers stay in sync with reference clocks on the Internet. In case of an Internet access outage, both our NTP servers should stay in sync with each other.

The first server will be designated the "Primary" NTP server. All of our other NTP servers will be designated "Secondary" NTP servers. The Primary NTP will only sync with external NTP clocks. The Secondary NTP server(s) will sync with external clocks as well as the Primary NTP server. This setup guarantees that all clocks in your organization stay in sync, even if access to the external clocks is lost.

Contents 1 Installation 2 Configuration 2.1 Configuring /etc/ntp.conf on the Primary 2.2 Configuring /etc/ntp.conf on the Secondary 3 Miscellaneous 3.1 SElinux considerations 3.2 Firewall settings 3.3 Starting the service 4 References 5 See Also

[edit] Installation

Install the following package, for example using yum:

 ntp

This example is based on version ntp-4.2.2p1-9.el5.centos.2.

[edit] Configuration

The configuration file, /etc/ntp.conf, is only slightly different on Primary and Secondary.

[edit] Configuring /etc/ntp.conf on the Primary

[edit] Configuring /etc/ntp.conf on the Secondary

[edit] Miscellaneous

[edit] SElinux considerations

[edit] Firewall settings

Your firewall should allow inbound traffic on 123/UDP and 123/TCP so your clients can connect to the NTP server. Sample entries for /etc/sysconfig/iptables:

 # NTP server
 -A RH-Firewall-1-INPUT -p udp -m udp --dport 123 -j ACCEPT
 -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 123 -j ACCEPT

[edit] Starting the service

On all NTP servers, run the following:

 # chkconfig ntpd on
 # service ntpd start

Verify proper clock synchronization:

 # ntpq -p
      remote           refid      st t when poll reach   delay   offset  jitter
 ==============================================================================
 +213.132.202.192 193.79.237.14    2 u   19   64  377    8.143   -5.779   9.590
 *chime1.surfnet. .GPS.            1 u   18   64  377    8.241   -8.648   1.941
 +ntp.t.niet.net  193.67.79.202    2 u   15   64  377    7.671  -12.871   3.914
  LOCAL(0)        .LOCL.          10 l   11   64  377    0.000    0.000   0.001

[edit] References

[edit] See Also

• NTP