How to Set up a Time Server
One of my boxes kept losing 15 seconds a day .. and ntpdate on a cronjob didnt fix it, so ..
first in console as root
apt-cache search ntp
apt-get update && apt-get install ntpdate ntp ntp-doc
update-rc.d -f ntp defaults
Find the docs on your system at
/usr/share/doc/ntp-doc/html/index.html <- and bookmark it!
It is a large doc,and not all of it applies, but its got it all.
ntp will not activated until you reboot, but you should set your time as accurately as possible before
ntp and ntpdate are run as services ..
ntpdate is only run at-boot, when it will get time from the list of servers in /etc/ntp.conf, which is the main file to edit,
Both ntpdate and the ntpd daemon [called ntp] poll the list of timeservers near the top of /etc/ntp.conf.. heres my current list as example:
pool.ntp.org maps to more than 100 low-stratum NTP servers.
# Your server will pick a different set every time it starts up.
#
* Please consider joining the pool! *
#
* <>∞> *
server 192.168.3.24
server ntp.blueyonder.co.uk
server uk.pool.ntp.org
server 1.uk.pool.ntp.org
server 2.uk.pool.ntp.org
server 0.europe.pool.ntp.org
server 1.europe.pool.ntp.org
server 2.europe.pool.ntp.org
The first one is the other box on my network, also running ntp
the second is the timeserver of my isp.
Next are some of the uk.pool,then a few europeans for good luck
By the way , your own isp-nameservers are often also timeservers
you can check this by running
ntpdate -v <ip>
This will not which change anything, but will return a time-result,something like:
# ntpdate -v 192.168.3.24
19 Sep 19:09:27 ntpdate[13329]: ntpdate 4.2.2@1.1532-o Wed Aug 9 12:08:54 UTC 2006 (1)
Then you want to allow access to your local boxes
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1 nomodify
restrict 192.168.24
Now you want to broadcast:
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 192.168.3.255
The ntp.conf file itself is a bit odd, its treated as a diff if you just click on it
ok .. before you start ntp, you must set the time, ie
# ntpdate -u -b uk.pool.ntp.org
19 Sep 19:19:33 ntpdate[15641]: step time server 62.3.200.116 offset 0.001523 sec
Then start ntp, as a service,to start at every boot
after ntp has run for a few, do:
ntpq -pn
If alls gone well, you should see something like:
# ntpq -pn
remote refid st t when poll reach delay offset jitter
192.168.3.24 .INIT. 16 u - 1024 0 0.000 0.000 0.000
+194.117.157.4 192.5.41.40 2 u 97 128 377 7.849 1.548 30.157
*82.219.3.1 195.66.241.2 2 u 101 128 377 17.755 0.794 24.722
82.133.58.132 .INIT. 16 u - 1024 0 0.000 0.000 0.000
+194.153.168.75 195.66.241.3 2 u 37 128 377 23.475 3.259 12.203
+82.68.126.114 209.81.9.7 2 u 101 128 377 44.567 -1.366 46.922
+194.88.2.88 194.159.73.44 3 u 90 128 377 17.208 -5.569 27.527
+130.226.232.145 213.112.52.151 3 u 89 128 377 62.130 -0.797 39.999
127.127.1.0 .LOCL. 10 l 18 64 377 0.000 0.000 0.001
192.168.3.255 .BCST. 16 u - 64 0 0.000 0.000 0.001
That asterisk, the *, is the active timeserver,thats deemed most worthy,and it means you are now keeping good time..and it uses port 123 .. my iptables line is
# Network Time Protocol (NTP) Server
$IPT -A udp_inbound -p UDP -s 0/0 --destination-port 123 -j ACCEPT
$IPT -A INPUT -j ACCEPT -p tcp --dport 123%%
Submitted by etorix
