Linux Admin Reference - NTP Configuration and Troubleshooting PDF

4/10/2016 Linux Admin Reference – NTP Configuration and Troubleshooting – Red Hat Enterprise Linux : – unixadminschool.
com
Linux Admin Reference – NTP Configuration and
Troubleshooting – Red Hat Enterprise Linux :
+ In this post we will be Discussing about : [hide]
::: What are Clock Sources available by Default for Red hat Linux Server?
::: How to Configure Basic NTP server:

::: How to Configure Basic NTP Client:
::: How to Verify NTP status from Client
:::: Advanced NTP server Configuration
::: Important points about NTP Configuration:
::: How to Restart NTPD service and enable it for Auto start during boot.

::: How to Stop to NTP client to stop using its Undisciplined Clock Local Clock)
## How to Sync the System Clock to NTP server – immediately.

## What is the Significance “*”, “+” or “empty space” in front of NTP Server from the “ntp q” output ?
## How to Diagnosis NTP Error – “no server suitable for synchronization found” ?
## How to address NTP Error : “ntpd: Synchronizing with time server:[FAILED]”
::: Check ntp.conf
::: Ensure that all servers in ntp.conf are functional:
::: Check /etc/ntp/steptickers and find servers that are not functional.

### what is the purpose of ntpdate and ntpd services, which one starts first during reboot?
Share & Discuss
NTP stands for Network Time Protocol, and it is an Internet protocol used to
synchronize the clocks of computers to some time reference. NTP is
an Internet standard protocol originally developed by Professor David L.
Mills at the University of Delaware.
Time usually just advances. If you have communicating programs running on
different computers, time still should even advance if you switch from one
computer to another. Obviously if one system is ahead of the others, the
others are behind that particular one. From the perspective of an external
observer, switching between these systems would cause time to jump
forward and back, a nondesirable effect.
As a consequence, isolated networks may run their own wrong time, but as soon as you connect to the Internet, effects will be visible. Just
imagine some EMail message arrived five minutes before it was sent, and there even was a reply two minutes before the message was
sent. Even on a single computer some applications have trouble when the time jumps backwards. For example, database systems using
transactions and crash recovery like to know the time of the last good state. Therefore, air traffic control was one of the first applications for
NTP. (……… Ref : ntp.org)
In this Article We will be discussing about NTP related operations in Red Hat Enterprise Linux Environment
::: What are Clock Sources available by Default for Red hat
Linux Server?
http://unixadminschool.com/blog/2014/06/redhatenterpriselinuxntpquickrefernce/ 1/7
4/10/2016 Linux Admin Reference – NTP Configuration and Troubleshooting – Red Hat Enterprise Linux : – unixadminschool.com

All servers have two kinds of clocks:

– The System Clock – Owned by OS
– The hardware clock – Owned by CMOS.

When the Server is running, it usually provides it’s system clock as the clock resource. However, when the server is shutdown, the system
clock will sync to hardware and when rebooted the hardware clock will sync to system. Note: If the server has been shutdown for a longtime
and reboot again, the hardware clock may sync to system that may not be accurate.

::: How to Configure Basic NTP server:

Install the ntp package:
[root@host ~]# yum install ntp
Ensure the following entries are in /etc/ntp.conf:
The below example functions as a NTP server to the 192.168. network.
[root@ntp.server.com ~]# cat /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict 6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict 6 ::1
server stratum2.ntp.com
server stratum2.ntp2.com
server stratum2.ntp3.com
restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
Note: The public stratum 2 servers for your network’s NTP server can be found on ntp.org.

Start the ntpd service:
[root@ntp.server.com ~]# service ntpd start

::: How to Configure Basic NTP Client:

Ensure the following entries are in /etc/ntp.conf:
[root@ntp.client.com ~]# cat /etc/ntp.conf
restrict default kod nomodify notrap nopeer noquery
restrict 6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict 6 ::1
server ntp.server.com
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
Start the NTP service:
[root@ntp.client.com ~]# service ntpd start

::: How to Verify NTP status from Client

[root@ntp.client.com ~]# ntpq p
remote refid st t when poll reach delay offset jitter
================================================================================
ntp.server.com some.ip 3 u 20 128 377 0.003 0.4312 0.3482

[root@ntp.client.com ~]# ntpq c as
ind assID status conf reach auth condition last_event cnt
================================================================================
1 31893 9614 yes yes none sys.peer reachable 1

:::: Advanced NTP server Configuration

For the Requirement:

– Allow hosts within two example IP subnets (10.0.0.0/255.0.0.0 and 192.168.0.0/255.255.255.0) to use this server as an NTP server
– Queries from all other hosts except localhost (127.0.0.1) will not be accepted
– For Time Synchronization from External sources – Only Servers mentioned with server statements will be treated as Trusted Stable Time
Sources.

Sample Configuration Entries from /etc/ntp.conf:

Entry 1 > restrict default nomodify notrap noquery
Entry 2 > restrict 127.0.0.1
Entry 3 > restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
Entry 4 > restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
Entry 5 > server 0.pool.ntp.org
Entry 8 > driftfile /var/lib/ntp/drift
Entry 9 > broadcastdelay 0.008
Entry 10> keys /etc/ntp/keys

Entry 1 : default restrictions – apply these to anyone not specified by a better matching “restrict statement”. We will
trust any host named as a server, but will not allow queries, traps, or modifications to our service
parameters by default.
Entry 2: Permit all access over the loopback interface.
Entry 3,4 related to Client Network : Permit systems on this network to synchronize with this time service. Do not
permit those systems to modify the configuration of this service.
Entry 5,6,7 related to TIMESERVER – servers we want to use as stable time sources we “trust” by default (see ‘default’
statement above) so we shouldn’t need special ‘restrict’ statements for these servers to trust them as time sources.
Entry 8,9 – Drift file.
Entry 10 – Keys file.

::: Important points about NTP Configuration:

– NTP uses UDP port 123. In order for the server to both synchronize itself with its trusted time sources and service NTP clients.
– The server’s firewall configuration must allow UDP traffic to destination port 123.
– The noquery restriction used in the default restrict statement will protect the server from functioning as an NTP server to hosts not
defined with restric statements as mentioned in the Entry 3 and 4 in the previous configuration example.
::: How to Restart NTPD service and enable it for Auto start
during boot.

# service ntpd restart
Shutting down ntpd: [ OK ]
ntpd: Synchronizing with time server: [ OK ]
Starting ntpd: [ OK ]

# chkconfig –level 345 ntpd on

::: How to Stop to NTP client to stop using its Undisciplined
Clock Local Clock)

in the case of unavailable Network Time Sources
( For Example – Some Network connectivity issues between local NTP server and Remote NTP Source)

The Undisciplined Local Clock is a fake driver that can simulate a reference clock when no external synchronization sources are available.

Commenting below lines from the /etc/ntp.conf will prevent ntpd from using the BIOS realtimeclock as a backup time source

# server 127.127.1.0
# fudge 127.127.1.0 stratum 10

## How to Sync the System Clock to NTP server – immediately.

# /sbin/service ntpd status
ntpd (pid 2249) is running…

# /sbin/service ntpd stop
Shutting down ntpd: [ OK ]

The below command will step the System Clock to NTP server immediately:
# /usr/sbin/ntpdate time.nist.gov
20 May 16:27:51 ntpdate[1364]: adjust time server 192.43.244.18 offset 0.000041 sec

# /sbin/service ntpd start
ntpd: Synchronizing with time server: [ OK ]
Starting ntpd: [ OK ]

# /usr/sbin/ntpq p
==============================================================================
clock.util.phx2 .CDMA. 1 u 1 64 1 276.170 0.691 0.001
file.pek.redhat .INIT. 16 u – 64 0 0.000 0.000 0.000

After Complete Sync with NTP server ( may take 1015 minutes. The output will appear as below

# /usr/sbin/ntpq p
==============================================================================
*clock.util.phx2 .CDMA. 1 u 23 64 377 275.905 0.646 0.323
file.pek.redhat .INIT. 16 u – 64 0 0.000 0.000 0.000

## What is the Significance “*”, “+” or “empty space” in front
of NTP Server from the “ntp q” output ?

– if there is a “*” before the ntp server name, it means the ntpd have collected enough time data and trusts the time server. ntpd will
continuously sync with the ntp server.
– If there is no “*” on any ntp server or the “*” is on a local fudge server after 1015 minutes, that means the ntp haven’t trust the ntp
server and Further Checks required for ntp server and configuration.
– Th + indicates that this peer is a candidate
– An empty space indicates that the peer unreachable and therefore rejected (stratum 16)
## How to Diagnosis NTP Error – “no server suitable for
synchronization found” ?

Running ntpdate command ( to set the date and time using NTP server) with diagnosis switch as below, will help to identify the causes for the
error

# ntpdate d time.unixadminschool.com
20 Oct 00:20:51 ntpdate[26388]: ntpdate 4.2.2p1@1.1570o Thu Nov 26 11:34:35 UTC 2009 (1)
Looking for host time.unixadminschool.com and service ntp
host found : time.unixadminschool.com
transmit(66.125.13.54)
receive(66.125.13.54)
transmit(66.125.13.54)
receive(66.125.13.54)
transmit(66.125.13.54)
receive(66.125.13.54)
transmit(66.125.13.54)
receive(66.125.13.54)
transmit(66.125.13.54)
server 66.125.13.54, port 123
stratum 1, precision 16, leap 00, trust 000
refid [CDMA], delay 0.32297, dispersion 0.00040
transmitted 4, in filter 4
reference time: d245a5fe.2fdfe09b Mon, Oct 17 2011 0:20:38.187
originate timestamp: d245a60c.e2117d1e Mon, Oct 17 2011 0:20:52.883
transmit timestamp: d245a60c.b9c9b413 Mon, Oct 17 2011 0:20:52.725
filter delay: 0.32361 0.32382 0.32297 0.32619
0.00000 0.00000 0.00000 0.00000
filter offset: 0.003892 0.004005 0.003607 0.004972
0.000000 0.000000 0.000000 0.000000
delay 0.32297, dispersion 0.00040
offset 0.003607

20 Oct 00:20:53 ntpdate[26388]: adjust time server 66.187.233.4 offset 0.003607 sec

## How to address NTP Error : “ntpd: Synchronizing with time

server:[FAILED]”

Steps fo Diagnosis the issue:

::: Check ntp.conf
$ grep i server /etc/ntp.conf

server my.ntp.server
server my.ntp2.server

::: Ensure that all servers in ntp.conf are functional:
$ ntpdate d my.ntp.server
$ ntpdate d my.ntp2.server

::: Check start up script for ntpd, /etc/init.d/ntpd, and find that if /etc/ntp/steptickers exists on startup the script executes
ntpdate command against servers written in the file.
ntpstep=/etc/ntp/steptickers
if [ s “$ntpstep” o n “$dostep” ]; then

# Synchronize with servers if steptickers exists
# or the x option is used
echo n $”$prog: Synchronizing with time server: “
/usr/sbin/ntpdate $dropstr s b p 8 $tickers
RETVAL=$?
[ $RETVAL eq 0 ] && success || failure
echo
if [ $RETVAL eq 0 ]; then
[ “$SYNC_HWCLOCK” = “yes” ] && sync_hwclock
else
OPTIONS=”$OPTIONS g”
fi
else

::: Check /etc/ntp/steptickers and find servers that are not functional.
#ntpdate d bad.ntp.server

Finally, If you find that any of the servers mentioned in the /etc/ntp/steptickers, then replace them with funcational ntp servers.

### what is the purpose of ntpdate and ntpd services, which one
starts first during reboot?

First ntpdate will sync the system clock with the NTP server and then ntpd will keep it on sync.
The ntp daemon may not sync if the offset is beyond the permitted limit i.e. 128 ms. Because the default behavior is to slew the clock but to
sync beyond 128 ms, we need to step the clock


Linux Admin Reference - NTP Configuration and Troubleshooting PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux Admin Reference - NTP Configuration and Troubleshooting PDF

Uploaded by

Copyright:

Available Formats

4/10/2016 Linux Admin Reference – NTP Configuration and Troubleshooting – Red Hat Enterprise Linux : – unixadminschool.

## How to address NTP Error : “ntpd: Synchronizing with time

You might also like