Install And Configure NTP Server On Linux

In this article, Blebees.com will introduce you to NTP Server and how to install NTP on the CentOS 7 distribution to help us learn and self-study basic Linux more easily.

Introduction of NTP Server

what is network time protocol

NTP (Network Time Protocol) is a protocol running on port 123 UDP at Transport Layer that helps computers on the system synchronize time across the network in an accurate time. As time goes by, the computer's internal clock tends to lapse which can lead to time inconsistencies, the NTP protocol helps it synchronize time. This protocol is designed to avoid the effect of variable latency using a jitter buffer.

NTP is a protocol that was born before 1985 and is still in use. The NTP was first created by Dave Mills from the University of Delaware.

NTP Server is a server used to recognize time synchronization requests and deliver timing information signals.

Install NTP Server

Step 1: First, install the ntp package by running the command yum as follows:

[root@localhost ~]# yum -y install ntp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-hcm.viettelidc.com.vn
* extras: centos-hcm.viettelidc.com.vn
* updates: centos-hcm.viettelidc.com.vn
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-29.el7.centos will be installed
--> Processing Dependency: ntpdate = 4.2.6p5-29.el7.centos for package: ntp-4.2.6p5-29.el7.centos.x86_64
--> Processing Dependency: libopts.so.25()(64bit) for package: ntp-4.2.6p5-29.el7.centos.x86_64
--> Running transaction check
...

Step 2: After installing ntp, we access NTP Public Pool Time Servers, then select the area where the server is located, next we do a search for the country location and the list of NTP servers will appear. . Search for NTP Public Pool Time Servers .

Step 3: Next we need to do ntp configuration by using vi text editor to edit the main configuration file named ntp.conf (/etc/ntp.conf):
Initial configuration file:

[root@localhost ~]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

👉 1️. First we search for the server of the country we live in "https://www.pool.ntp.org/" and replace the default host list in the ntp.conf file with the list provided for our country:

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

   server 0.asia.pool.ntp.org iburst
   server 1.asia.pool.ntp.org iburst
   server 2.asia.pool.ntp.org iburst
   server 3.asia.pool.ntp.org iburst

👉 2️. By default the NTP server will block all queries, peers, modify, and traps but we need to allow clients from our networks to synchronize their time with the server so we need to edit the line in # Host on local network are less restricted by removing the # sign and adding network LANs to:
Initially

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

After editing

# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

👉 3️. If we need information to troubleshoot NTP, then add a command to the log file at the end of ntp.conf file which will help us to record all NTP Server problems encountered in one file. diary:

logfile /var/log/ntp.log

Configuration file after editing:

[root@localhost ~]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

   server 0.asia.pool.ntp.org iburst
   server 1.asia.pool.ntp.org iburst
   server 2.asia.pool.ntp.org iburst
   server 3.asia.pool.ntp.org iburst


#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

logfile /var/log/ntp.log

Step 4: We add the NTP port to the firewalld service for example. Since the NTP service uses UDP port 123 on Transport Layer Layer 4 in the OSI model, we need to open this port on the respective firewall of the system, here's an example of how to operate on the firewalld:

[root@localhost ~]# firewall-cmd --add-service=ntp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

Step 5: After we have opened port 123 of firewalld instance, we need to start NTP Daemom on our system by executing the following command:

[root@localhost ~]# systemctl start ntpd

Once we have started the next NTP Server, we execute the following command to let the NTP Serer start up with the system:

[root@localhost ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

Next, we perform a check on the status of the NTP Server:

[root@localhost ~]# systemctl status ntpd
● ntpd.service - Network Time Service
   Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2019-09-18 23:20:42 +07; 10s ago
 Main PID: 18103 (ntpd)
   CGroup: /system.slice/ntpd.service
           └─18103 /usr/sbin/ntpd -u ntp:ntp -g

Sep 18 23:20:42 localhost.localdomain systemd[1]: Starting Network Time Service...
Sep 18 23:20:42 localhost.localdomain systemd[1]: Started Network Time Service.
Sep 18 23:20:42 localhost.localdomain ntpd[18103]: proto: precision = 0.062 usec
Sep 18 23:20:42 localhost.localdomain ntpd[18103]: 0.0.0.0 c01d 0d kern kernel time sync enabled

Step 6: After the NTP Sever is started, let's wait a few minutes for the server to synchronize the time with the server in the group list, then run the following commands to verify the NTP synchronization status and the system time. System:

[root@localhost ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 x.ns.gin.ntt.ne 249.224.99.213   2 u   18   64    1   67.650    5.789   0.425
 ntp.nic.kz      .SHM.            1 u   24   64    1  371.812   -3.974   2.292
*frontier.innola 218.186.3.37     2 u   22   64    1   46.073   19.733   0.297
 ntp.xtom.com.hk 101.231.167.217  2 u   22   64    1   26.797   23.902   0.297
[root@localhost ~]# date -R
Wed, 18 Sep 2019 23:21:35 +0700

When we want to query and synchronize with the group of servers in the list of running ntpdate command, followed by server address or name server:

[root@localhost ~]#  ntpdate -q 0.asia.pool.ntp.org 1.asia.pool.ntp.org
server 211.233.84.186, stratum 2, offset 0.003419, delay 0.11751
server 45.125.1.20, stratum 2, offset -0.011824, delay 0.05411
server 129.250.35.251, stratum 2, offset -0.032068, delay 0.09331
server 211.19.59.28, stratum 2, offset -0.013089, delay 0.10463
server 176.32.196.112, stratum 2, offset -0.059145, delay 0.34055
server 192.248.1.162, stratum 3, offset 0.019954, delay 0.14426
server 37.218.240.198, stratum 2, offset -0.013013, delay 0.05383
server 94.158.54.52, stratum 3, offset -0.041652, delay 0.38792
20 Sep 01:11:54 ntpdate[1583]: adjust time server 37.218.240.198 offset -0.013013 sec

Step 7: Install NTP on the Client we configure Windows to synchronize time with the NTP server by: Right-clicking on the date and time on the taskbar and selecting Change date and time settings ... a Date dialog and Time appears, select the Internet Time tab and then select Check Synchronize with an Internet time server as shown below:

linux network time protocol (1)
Then we enter the IP address of the NTP Server in the box Server, select Update now and finally select OK, the results are as follows:

linux network time protocol (2)

Conclusion

Through the above article, help us to know NTP Server on Linux operating system. At the same time, we can easily install NTP Server on Centos. Protocol NTP Server

Soure : Blebees.com



source https://blebees.com/linux-network-time-protocol/

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

How To Voice Record On Powerpoint

Hình ảnh
Instead of speaking directly, recording yourself before the caption and then playing it on the slide is also a great way to present, but also avoids stuttering because of suspense when standing in front of people. The following article  Blebees will guide you to read how to voice record on Powerpoint slide Mic settings First and foremost, you need a microphone to record. Most PCs and laptops today come equipped with built-in mic right on the machine to serve your most basic requirements, but for better sound quality, you should use the mic accessory that plugs into the machine. audio or USB port. In the case of an accessory device, a little extra setup is required. Step 1 : In Windows , right-click the Volume icon in the bottom right corner of the screen. In the small menu that appears, select Open Sound Settings . Step 2 : The Sound Settings window will appear. Here, scroll down to Input, click on the box below Choose your input device. Step 3 : If you use an accessory...
Đọc thêm

How To Download Photos From Icloud On Pc

Hình ảnh
With iCloud Photos, you can view your entire photo library from any device. But you need to download photos from iCloud if you want to edit or do any other action. There are many ways to download photos from iCloud to devices like iPhone, Mac or even Windows computer. Download photos from the iCloud website No matter what device you are using, you can log into your Apple ID account to download photos directly from the iCloud website . You can number up to 1000 images at a time. If you need more downloads, split them into multiple downloads. This method creates a copy of your photos on iCloud. This means the original photo is still in iCloud, and any edits you make on the downloaded photo won't affect your iCloud library. To download photos on the iCloud website to iPhone: Open Safari , go to iCloud.com . Sign in to your iCloud account , then go to the Photos page. Press Select and select the photos you want to download. Click the More button (...) below and select Downl...
Đọc thêm

Some Ways To Fix Dns Server Not Responding Error On Windows 7/8/10

Hình ảnh
DNS Server Not Responding error is one of the most common errors occurring on Windows 7/8 / 8.1 and Windows 10. If you encounter this error, you cannot connect to the Internet to access the network. Usually when you fix this error with the Windows Network Diagnostics feature, you will get the message "Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding" Why is DNS server not responding First, consider the source of the problem. Access the website from another device, possibly using a 4G connection, to see if it loads. If everything is working properly, then the problem is with the router or device. Connect to the router with another device to see if the web page loads like that. If so, the problem is probably with the device side. Besides, reason of dns server not responding windows 10 could be due to: Network card or Router error. The DNS service on the computer is interrupted. Antivirus programs or Firewall ...
Đọc thêm