I would like to set up NTP locally in my servers and client locally. I have no internet connection, what I want to do is all my servers synchronized to one server. lets say I have 5 servers, so 1 of this will be act as a master while the rest is client. I only want those clients to get the time from the server itself.
I tried to configure in /etc/ntp.conf but somehow my configuration wont works. Is there anyone of you have the working configuration that I can use?
lets say
my server IP is 192.168.10.20 (master/server)
my 1st client IP is 192.168.10.30 (client-I want this to sync with the master)
my 2nd client IP is 192.168.10.40 (client-I want this to sync with the master)
and so on...
Please help me on this, I've been trying to configure but somehow it just refuses to.
Can you show us a copy of your server /etc/ntp.conf and a client's /etc/ntp.conf. Your server should map to 127.0.0.1 and your clients to 192.168.10.20
Have you opened your firewall to allow UDP packets on port 123?
Hi, thanks, I will try and get back to you, but what is step-tickers? what do I need to configure there? same configuration?
btw my drift file is located in /var/lib/ntp/drift I guess its redhat default, I check but there is no drift in directory /etc/ntp/
---------- Post updated at 12:53 PM ---------- Previous update was at 12:35 PM ----------
Hi,
I tried again but still unsuccessful, below is the configuration /etc/ntp.conf file from server and client.
This is SERVER
[root@server ntp]# more /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.10.20 netmask 255.255.255.0 nomodify notrap
authenticate no
client ntp.conf
# --- OUR TIMESERVERS -----
# --- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
#
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys /etc/ntp/keys
THIS IS CLIENT
[root@client]# more /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default nomodify notrap noquery
restrict default ignore
authenticate no
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# --- OUR TIMESERVERS -----
server 192.168.10.20
# --- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
#
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
#keys /etc/ntp/keys
Both of them throwing this output
[root@server]# more step-tickers
192.168.10.20
[root@client]# more step-tickers
192.168.10.20
[root@server/client ntp]# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
ntpd: Synchronizing with time server: [FAILED]
Starting ntpd: [ OK ]
[root@server/client]# ntpdate -b 192.168.10.20
26 Jan 12:32:58 ntpdate[30963]: the NTP socket is in use, exiting
Hi, thanks for your reply.
Just to let you know that even the server itself unable to synchronized to itself, so afterall the server output is exactly the same as the client output below.
and all of our servers configuration is exactly the same, we can ping each other, can ssh, can sftp or whatsoever.
Here's the output /var/log/message
Jan 27 10:47:21 client ntpd[22155]: Listening on interface wildcard, 0.0.0.0#123
Jan 27 10:47:21 client ntpd[22155]: Listening on interface wildcard, ::#123
Jan 27 10:47:21 client ntpd[22155]: Listening on interface lo, 127.0.0.1#123
Jan 27 10:47:21 client ntpd[22155]: Listening on interface bond0, 192.168.10.40#123
Jan 27 10:47:21 client ntpd[22155]: Listening on interface bond0:0, 192.168.10.49#123
Jan 27 10:47:21 client ntpd[22155]: Listening on interface bond1, 10.88.88.10#123
Jan 27 10:47:21 client ntpd[22155]: Listening on interface eth3, 192.168.101.41#123
Jan 27 10:47:21 client ntpd[22155]: kernel time sync status 0040
Jan 27 10:47:21 client ntpd[22155]: frequency initialized 0.000 PPM from /var/lib/ntp/drift
Jan 27 10:47:21 client ntpd: ntpd startup succeeded
[root@client ~]# /etc/init.d/ntpd stop
Shutting down ntpd: [ OK ]
[root@client ~]# ntpdate -d 192.168.10.20
27 Jan 10:44:37 ntpdate[20188]: ntpdate 4.2.0a@1.1190-r Thu Oct 5 04:11:32 EDT 2006 (1)
Looking for host 192.168.10.20 and service ntp
host found : 192.168.10.20
transmit(192.168.10.20)
transmit(192.168.10.20)
transmit(192.168.10.20)
transmit(192.168.10.20)
transmit(192.168.10.20)
192.168.10.20: Server dropped: no data
server 192.168.10.20, port 123
stratum 0, precision 0, leap 00, trust 000
refid [192.168.10.20], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Thu, Feb 7 2036 14:28:16.000
originate timestamp: 00000000.00000000 Thu, Feb 7 2036 14:28:16.000
transmit timestamp: cf0a2722.a398b71b Wed, Jan 27 2010 10:44:50.639
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000
27 Jan 10:44:51 ntpdate[20188]: no server suitable for synchronization found
accordingly to your output, the NTP packets are sent to your NTP server 192.168.10.20, but the server didn't replied.
1) Make sure that NTP daemon runs on your server when you execute the ntpdate command on your client.
2) Verify that the NTP packets arrive at the interface of your server, resp. are sent out. If this test is negative, check possible firewall configuration between your clients and your server.
