So you want to have all the machines on your LAN in lockstep. Here's what I use on my home server:
First you need to edit your ntp.conf
file. Here's an example:
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
# --- OUR TIMESERVERS -----
server -4 clock.redhat.com
server -4 us.pool.ntp.org
server -4 dewey.lib.ci.phoenix.az.us
server -4 clock.fmt.he.net
server -4 louie.udel.edu
# --- GENERAL CONFIGURATION ---
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
fudge 127.127.1.1 stratum 3 refid NIST
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
# Gather some runtime info
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
# Other options
statistics sysstats peerstats
Next, check your /etc/sysconfig/ntpd
file. I set mine like this and put my config file in the /etc/ntp directory:
# Drop root to id 'ntp:ntp' by default. Requires kernel >= 2.2.18.
OPTIONS="-U ntp -p /var/run/ntpd.pid -c /etc/ntp/ntp.conf"
Lastly, crank up the service:
If you run your time server behind a firewall as I do, be sure to allow UDP port 123
in and out for your time server machine.
If everything is correct, your server should sync to the masters and begin accepting clients to sync to it. It takes a couple of minutes, good time for a break. When you come back, fire up ntpdc
and issue the command sysinfo
. You should see something like this:
system peer: LOCAL(1)
system peer mode: client
leap indicator: 00
root distance: 0.00000 s
root dispersion: 0.94925 s
reference ID: [127.127.1.1]
reference time: c5060d52.2d65907d Thu, Sep 30 2004 0:42:58.177
system flags: monitor ntp kernel stats
jitter: 0.000000 s
stability: 0.000 ppm
broadcastdelay: 0.003998 s
authdelay: 0.000000 s
Where it says stratum: 4
, this tells you if your server has synchronized to the master time servers. When your server first starts, it wil be in stratum 16. Within just a couple of minutes, it should sync.
Enjoy your new time server and remember to set all your Windows clients to point to it.