Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Setting Up A Local Time Server
redman
 Posted: Apr 19 2011, 06:17 PM
Quote Post


Retired SLF Administrator
********

Group: Admins
Posts: 1276
Member No.: 2
Joined: 8-April 11









Setting up your local time server in your network is simple.

What do you need?
One server and one or more workstations.
Install the package "ntp" (yum install ntp) on all systems.
Open port 123 (both tcp and udp) on the server.

On the server, edit the file /etc/ntp.conf and give it the following content:

QUOTE
# Which timeserver to use for synchronisation?
server europe.pool.ntp.org
server oceania.pool.ntp.org
server asia.pool.ntp.org

# backup-procedure in case the internet blew up
server 127.127.1.1
fudge 127.127.1.1 stratum 10

# What permissions do the external timeservers have?
restrict europe.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict oceania.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict asia.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery

# Who has access to YOUR timeserver?
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 127.0.0.1
restrict -6 ::1

# drift file
driftfile /var/lib/ntp/drift

# key file
keys /etc/ntp/keys


The settings are relatively simple:
1) only computers connected to the LAN (IP range 192.168.1.x) are allowed access
2) external timeserver may only be queried, they can't change things here
3) your server looks for 3 external timeservers
4) no internet? use the internal clock (as backup)

How to start it up?
On the server (as root):
"service ntpd stop" (to stop the timeserver)
"ntpdate -u europe.pool.ntp.org" (used to synchronise your timeserver online - step 1)
"ntpdate -u europe.pool.ntp.org" (used to synchronise your timeserver online - step 2)
"ntpdate -u europe.pool.ntp.org" (used to synchronise your timeserver online - step 3)
"service ntpd start" (start the service again)
"chkconfig ntpd on" (make sure it stays on after reboot)

On each workstation:
Open the application to change system date & time (system-config-date) and select the option that you want to synchronise through the network. Enter the IP address of your local timeserver and you're done.

--------------------
"Sometimes the best helping hand you can give is a good, firm push."
PM
^
krachbumm
 Posted: Dec 12 2013, 07:38 AM
Quote Post


SLF Member
***

Group: Members
Posts: 66
Member No.: 1961
Joined: 15-October 12









adding some commands that I found useful

CODE

$ ntpdc -c monlist                          #  list information up to 600 ntp clients
$ ntpdc -c peers                             #  prints a brief list of the peers(where the time comes from)

http://www.eecis.udel.edu/~mills/ntp/html/ntpdc.html (ntp home)



client-side
CODE

$ date {MMDDhhmmYYYY}           # set date manully
$ yum install ntp                            # install ntp on client
$ hwclock --systohc                      # hwclock should not be totally off, sync to system
$ tzselect                                        # set timezone
$ cat /etc/sysconfig/clock            # set timezone manully
ZONE="Europe/Berlin"
UTC=false
$ ntpdate {IP/DNS-timeserver}   # force timesync, only works after "service ntpd stop"



Find timeservers at http://www.pool.ntp.org
PM
^
krachbumm
 Posted: Apr 26 2014, 04:22 PM
Quote Post


SLF Member
***

Group: Members
Posts: 66
Member No.: 1961
Joined: 15-October 12









SL6.5 still comes with ntp 4.2.6p5. This version can be exploited for a DOS attack (DRDoS_Amplification_Attack_using).
In short, the reply to ntpdc -c monlist is redirected. The default configuration of /etc/ntp.conf is not affected (bugzilla_ntp-4.2.6p5_id1047854).

Testing ntp-server; nothing is good here:
CODE
# ntpdc -c monlist 1.2.3.4
1.2.3.4: timed out, nothing received
***Request timed out


The important part of the default configuration /etc/ntp.conf:
CODE
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
PM
^
tux99
 Posted: Apr 26 2014, 06:01 PM
Quote Post


SLF Moderator
********

Group: Moderators
Posts: 1276
Member No.: 224
Joined: 28-May 11









I prefer openntpd which is in my Linuxtech repo.

I wrote about it here:
http://scientificlinuxforum.org/index.php?showtopic=1401

--------------------
My personal SL6 repository, specialized in audio/video software: http://pkgrepo.linuxtech.net/el6/
(can be used together with EPEL and ELRepo repositories) - repository mirror: http://linuxsoft.cern.ch/linuxtech/el6/
PM
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll