source : http://www.thegeekstuff.com/2014/06/linux-ntp-server-client/
SERVER SIDE configuration :
======================
1) set /etc/hosts file :
[root@pbldc-ntpsrv ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.20.163.16 pbldc-ntpsrv.pbl.com pbldc-ntpsrv
2) install package :
yum install ntp
3) Working Port :
UDP 123
4) Setup Restrict values in ntp.conf
Modify the /etc/ntp.conf file to make sure it has the following two restrict lines.
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
>>The first restrict line allows other clients to query your time server.
This restrict line has the following parameters :
> noquery prevents dumping status data from ntpd.
> notrap prevents control message trap service.
> nomodify prevents all ntpq queries that attempts to modify the server.
> nopeer prevents all packets that attempts to establish a peer association.
> Kod – Kiss-o-death packet is to be sent to reduce unwanted queries
The value -6 in the second line allows forces the DNS resolution to the IPV6 address
resolution. For more information on the access parameters list, Please refer
to documentation on “man ntp_acc”
5) Allow Only Specific Clients
To only allow machines on your own network to synchronize with your NTP server, add the following restrict line to your /etc/ntp.conf file:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
If the localhost needs to have the full access to query or modify, add the following line to /etc/ntp.conf
restrict 127.0.0.1
6) Add Local Clock as Backup
Add the local clock to the ntp.conf file so that if the NTP server is disconnected from the internet, NTP server provides time from its local system clock.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
In the above line, Stratum is used to synchronize the time with the server based on distance. A stratum-1 time server acts as a primary network time standard. A stratum-2 server is connected to the stratum-1 server over the network. Thus, a stratum-2 server gets its time via NTP packet requests from a stratum-1 server. A stratum-3 server gets its time via NTP packet requests from a stratum-2 server, and so on.
Also stratum 0 devices are always used as reference clock.
7) Setup NTP Log Parameters
Specify the drift file and the log file location in your ntp.conf file
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
driftfile is used to log how far your clock is from what it should be, and slowly ntp should lower this value as time progress.
6. Start the NTP Serrver
service ntpd start
After setting up appropriate values in the ntp.conf file, start the ntp service:
service ntpd start
CLIENT SIDE configuration :
======================
1) cat /etc/ntp.conf
server pbldc-ad iburst
#restrict pbldc-ad mask 255.255.255.255 nomodify notrap noquery
2) Start ntp service :
>> Also Concentrate following configurations :
1) ntpd service should be up
2) No need to set any crontab entry .
>> Crontab Script :
[root@pbldc-ntpsrv ~]# cat ntp.sh
#!/bin/bash
/usr/sbin/ntpdate -s bd.pool.ntp.org
[root@pbldc-ntpsrv ~]# cron
crond crontab
[root@pbldc-ntpsrv ~]# crontab -l
#Time Syn with NTP
#* * * * * sh /root/ntp.sh
SERVER SIDE configuration :
======================
1) set /etc/hosts file :
[root@pbldc-ntpsrv ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.20.163.16 pbldc-ntpsrv.pbl.com pbldc-ntpsrv
2) install package :
yum install ntp
3) Working Port :
UDP 123
4) Setup Restrict values in ntp.conf
Modify the /etc/ntp.conf file to make sure it has the following two restrict lines.
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
>>The first restrict line allows other clients to query your time server.
This restrict line has the following parameters :
> noquery prevents dumping status data from ntpd.
> notrap prevents control message trap service.
> nomodify prevents all ntpq queries that attempts to modify the server.
> nopeer prevents all packets that attempts to establish a peer association.
> Kod – Kiss-o-death packet is to be sent to reduce unwanted queries
The value -6 in the second line allows forces the DNS resolution to the IPV6 address
resolution. For more information on the access parameters list, Please refer
to documentation on “man ntp_acc”
5) Allow Only Specific Clients
To only allow machines on your own network to synchronize with your NTP server, add the following restrict line to your /etc/ntp.conf file:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
If the localhost needs to have the full access to query or modify, add the following line to /etc/ntp.conf
restrict 127.0.0.1
6) Add Local Clock as Backup
Add the local clock to the ntp.conf file so that if the NTP server is disconnected from the internet, NTP server provides time from its local system clock.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
In the above line, Stratum is used to synchronize the time with the server based on distance. A stratum-1 time server acts as a primary network time standard. A stratum-2 server is connected to the stratum-1 server over the network. Thus, a stratum-2 server gets its time via NTP packet requests from a stratum-1 server. A stratum-3 server gets its time via NTP packet requests from a stratum-2 server, and so on.
Also stratum 0 devices are always used as reference clock.
7) Setup NTP Log Parameters
Specify the drift file and the log file location in your ntp.conf file
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
driftfile is used to log how far your clock is from what it should be, and slowly ntp should lower this value as time progress.
6. Start the NTP Serrver
service ntpd start
After setting up appropriate values in the ntp.conf file, start the ntp service:
service ntpd start
CLIENT SIDE configuration :
======================
1) cat /etc/ntp.conf
server pbldc-ad iburst
#restrict pbldc-ad mask 255.255.255.255 nomodify notrap noquery
/etc/init.d/ntpd startNOTE :
>> Also Concentrate following configurations :
1) ntpd service should be up
2) No need to set any crontab entry .
>> Crontab Script :
[root@pbldc-ntpsrv ~]# cat ntp.sh
#!/bin/bash
/usr/sbin/ntpdate -s bd.pool.ntp.org
[root@pbldc-ntpsrv ~]# cron
crond crontab
[root@pbldc-ntpsrv ~]# crontab -l
#Time Syn with NTP
#* * * * * sh /root/ntp.sh
No comments:
Post a Comment