Thursday, September 4, 2014

setup local NTP server

1- install ntp daemon
root@ntpserver # apt-get install ntp

2- edit ntp.conf file in (/etc/ntp.conf)

the follow config do the following thing:
- join ntp server
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
- allow only network to access 192.168.0.0/24 and 172.16.0.0/24

 root@ntpserver # cat /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
restrict default ignore
# Hosts on local network are less restricted.
restrict 172.16.0.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap



# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org

#broadcast 192.168.1.255 key 42        # broadcast server
#broadcastclient            # broadcast client
#broadcast 224.0.1.1 key 42        # multicast server
#multicastclient 224.0.1.1        # multicast client
#manycastserver 239.255.254.254        # manycast server
#manycastclient 239.255.254.254 key 42    # manycast client

# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server    127.127.1.0    # local clock
fudge    127.127.1.0 stratum 10   

# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8



3- testing time from ntp server
root@ntpclient # ntpdate -q 201.18.71.35
server 201.18.71.35, stratum 11, offset -39296.323866, delay 0.03149
 4 Sep 16:25:40 ntpdate[3112]: step time server 201.18.71.35 offset -39296.323866 sec

No comments:

Post a Comment