HOWTO: Set Up an NTP Server

Balaji BandiLINUX

How to Maintain an Accurate System Clock with ntpd

1. Install the NTP daemon

First, install the NTP daemon (ntpd):

Code:
sudo aptitude install ntpd

As was previously mentioned, ntpd can act both as a client (synchronizing your system time) and as a server (providing accurate time for other machines).

Optionally, you may also want to remove the previous (deprecated) time synchronization program, ntpdate. Perhaps it may be wiser to do so after you have ntpd working

Code:
sudo aptitude remove ntpdate

2. Configure the daemon properly

The configuration file for ntpd is located at /etc/ntp.conf. The default Ubuntu file probably requires some modification for optimal performance.

The first section you may want to modify is the list of servers to synchronize with. The default section probably looks as follows:

Code:
# You do need to talk to an NTP server or two (or three).
server ntp.ubuntu.com

In order to get the most accurate time possible, it is preferable to communicate with multiple different NTP servers, and keep them as close to your physical location as possible. There are various different server lists online, probably the best is locatedhere. There is some debate over the proper number of servers to use. One is better than two, and three or more probably is a good idea, so long as you don’t go too overboard. An example of a few time servers that I used follows:

Code:
server nist1-dc.WiTime.net iburst
server ntp0.mcs.anl.gov
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
server 3.us.pool.ntp.org

Once a few good servers have been found, add them to the list, putting ‘iburst’ after the most promising one. For instance:

Code:
server nist1-dc.WiTime.net iburst

This will cause ntpd to synchronize very quickly with this server after starting up. Otherwise, ntpd will slowly tend to drift towards agreement with the server list (as is its nature), and it may take 15-20 minutes to synchronize well enough to act as a time server for the rest of your network.

Also, add a few extra lines to the bottom of your servers list to provide your current local time as a default should you temporarly lose Internet connectivity:

Code:
server 127.127.1.0
fudge 127.127.1.0 stratum 10

This will prevent any nastiness if you’re running ntpd on a laptop or other machine with intermittent periods of disconnectivity from the Internet.

All in all, the server list should look similar to the following (this is mine, your servers will probably be different):

Code:
# You do need to talk to an NTP server or two (or three).
server nist1-dc.WiTime.net iburst
server ntp0.mcs.anl.gov
server 0.us.pool.ntp.org
server 1.us.pool.ntp.org
server 2.us.pool.ntp.org
server 3.us.pool.ntp.org
server 127.127.1.0
fudge 127.127.1.0 stratum 10

3. Make sure the configuration works

Now that you have a proper server list in your /etc/ntp.conf file, it is time to run the daemon and see if you synchronize properly! Make sure you have an active Internet connection, and then run:

Code:
sudo /etc/init.d/ntp restart

Next, monitor your system log to see if you synchronize with a time server:

Code:
tail -f /var/log/syslog

In about 10-15 seconds (or up to 15-20 minutes if you forgot to put ‘iburst’ after your favorite server), you should see something like the following in your system log:

Code:
Jul 17 16:50:22 hostname ntpd[22402]: synchronized to 140.221.9.20, stratum 2

If this message never comes, you have not yet properly synchronized with the NTP server network. Check the list of NTP peers you are communicating with using the following:

Code:
ntpq -c lpeer

If the ‘delay’, ‘offset’, and ‘jitter’ fields are non-zero and you haven’t synchronized, it probably means that you just need to wait a while. Check again that you’ve inserted the ‘iburst’ argument to your servers list! My peers, for reference, look something like the following:

Code:
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*milo.mcs.anl.go 192.5.41.40      2 u    4   64   77   46.213   67.753   2.207
-europium.canoni 193.79.237.14    2 u   63   64   37   97.375   71.020   1.875
-dtype.org       69.25.96.13      2 u    2   64   77   86.956   69.178   1.804
+smtp130.junkema 216.218.254.202  2 u    2   64   77   87.266   67.677   0.916
+kechara.flame.o 216.218.254.202  2 u    -   64   77   89.183   68.717   1.713
-host2.kingrst.c 99.150.184.201   2 u    -   64   77   24.306   62.121   2.608
 LOCAL(0)        .LOCL.          10 l   59   64   37    0.000    0.000   0.002

4. Share! (optional)

Once ntpd is running and is synchronized with the time servers you have selected, you may set it up in order to act as a time server for other machines. To do so, add a section like the following to /etc/ntp.conf:

Code:
# Allow LAN machines to synchronize with this ntp server
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap

You may add as many (or few) CIDR address blocks to allow to synchronize with your machine as you’d like. I included those commonly used with Linksys (192.168.1.*) and SMC (192.168.2.*) routers.