The Network Time Protocol (NTP) provides accurate, dependable, and synchronized
time for hosts on both wide area networks (WANs) like the Internet
network and local area networks (LANs). In particular, NTP
provides synchronization traceable to clocks of high absolute accuracy,
and avoids synchronization to clocks keeping bad time.
The Digital UNIX NTP subsystem is derived from the University of Maryland's
implementation, xntp version 3.4m. The
/etc/ntp.conf
file is the configuration file for the
xntpd
daemon.
This chapter describes the Digital UNIX NTP subsystem and its components,
guidelines for configuring and administering NTP, NTP configuration planning,
NTP configuration, and day-to-day management tasks.
For introductory information on NTP, see
ntp_intro(7).
You can also choose to set your system time by using the
rdate
command or the
timed
daemon.
Note
The
timeddaemon is provided for compatibility. Digital recommends you use NTP for time synchronization. If you plan to run both thetimeddaemon and NTP, you should configure NTP first.
For more information on the
rdate
command, see
rdate(8)
and
ntp_manual_setup(7).
For more information on the
timed
daemon, see
timed(8)
and
timedsetup(8).
In the Digital UNIX NTP environment, systems can have the following roles:
Figure 10-1 shows a sample NTP configuration on a LAN in which Host D is an NTP server that uses a local reference clock as its time source. Hosts A, B, C, E, F, and G are NTP clients, synchronizing their time with Host D.
Figure 10-2 shows a sample NTP configuration in which host D is an NTP server that uses an Internet time server as its time source. Hosts A, B, C, E, F, and G are NTP clients, synchronizing their time with Host D.
If you are setting up a local NTP server with Internet NTP servers as
its time source, you must select the Internet servers you want to use.
The list of possible Internet servers and information
about their stratum level is available by means of
anonymous File Transfer Protocol (FTP) from
louie.udel.edu.
In the following sample FTP session the
list of NTP servers is copied from the system
louie.udel.edu
to the local host:
%
ftp louie.udel.edu
220 louie.udel.edu FTP server (Version 4.108 Sun Feb 19 22:09:45 EST 1993) ready.
Name (louie.udel.edu:my_name):
anonymous
Password (louie.udel.edu:anonymous):
my_login@my_host
331 Guest login ok, send ident as password.
230 Guest login ok, access restrictions apply.
ftp>
cd pub/ntp/doc
250 CWD command successful.
ftp>
get clock.txt
200 PORT command successful.
150 Opening ASCII mode data connection for clock.txt (57002 bytes).
226 Transfer complete.
local: clock.txt remote: clock.txt
58409 bytes received in 14 seconds (4.2 Kbytes/s)
ftp>
bye
221 Goodbye.
Note
For security reasons, not all systems at a site can have anonymous FTP access.
Appendix A contains a worksheet that you can copy and use to record the information that you need to complete the tasks in this book. If you are viewing this manual online, you can use the print feature to print a copy of this part of the worksheet.
Figure 10-3 shows Part 9 of the Configuration Worksheet. The following sections explain the information you need to record in Part 9 of the worksheet.
ntp_manual_setup(7)
and
ntp.conf(4)
for information on setting up a local reference clock.
ntpd),
Version 2
(xntpd),
or Version 3
(xntpd).
ntpd),
Version 2
(xntpd),
or Version 3
(xntpd).
Servers running Version 3.2 or earlier of the Digital
UNIX operating system run Version 2
(xntpd);
servers running Version 4.0 of the Digital UNIX operating system run Version 3
(xntpd).
After you gather the necessary information and select your Internet servers,
configure NTP by using the
ntpsetup
script. The script enables
you to configure all NTP clients and local NTP servers, provided they use
Internet NTP servers as their time source.
Note
Do not use the
ntpsetupscript to configure NTP on local NTP servers that use a local or external reference clock as a time source. Instead, seentp_manual_setup(7) for instructions.
If you plan to use both NTP and the
timed
daemon, set up NTP prior to setting up the
timed
daemon.
To configure NTP, do the following:
ntpsetup
script by choosing the Network Time
Protocol (NTP) option from the Setup Menu or by entering the following command:
#
/usr/sbin/ntpsetup
An explanation of
ntpsetup
appears on your screen.
If the
timed
daemon has been configured on the system, the
following message appears:
NOTE: timed has been configured on this system.
In order to insure proper coexistence, timed must be configured AFTER NTP.
If you continue with the NTP configuration, the timed configuration data will be removed (which means timed cannot run). You will need to re-enable timed by using timedsetup again.
Do you wish to continue (yes/no) [no default]?
ntpsetup
does.
xntpd
daemon with authentication.
Authentication enables you to verify the authenticity of received NTP packets and indicate authenticity of outgoing NTP packets. If you want to use authentication, enter Y. If you do not want to use authentication, press Return.
For clients, enter the names of your site's local NTP servers. For servers, enter the names the Internet NTP servers. (See Section 10.1.1 for information on selecting Internet servers.) In either case, Digital recommends you specify a minimum of three NTP servers.
For NTP clients, entries in the
ntp.conf
file are designated
server entries because clients can only synchronize their time with them. NTP
servers, however, can contain server and peer entries. The term peer indicates
that the local server can be synchronized to the remote server and that the
remote server can be synchronized by the local server.
If you enter the name of a host that your system cannot find an address
for in the local
/etc/hosts
database or through BIND or NIS, the
ntpsetup
script prompts you for its IP address. For example:
Hostname of NTP server/peer [no default]:
host1
Mode for host1 (server or peer) (s/p) [s]:
[Return]
Looking up host host1
Cannot find an address for "host1".
To add "host1" to the /etc/hosts file, you must know
"host1"'s internet (IP) address.
Would you like to add "host1" to the /etc/hosts
file (y/n) [y]?
[Return]
What is host1's internet (IP) address [no default] ?
120.105.1.2
Is 120.105.1.2 correct (y/n) [no default] ?
y
Is host1 running ntpd (V1) or xntpd (V2/V3) (V1/V2/V3) [V3] ?
V2 [Return]
Hostname of NTP server/peer [no default]:
host2
Mode for host1 (server or peer) (s/p) [s]:
[Return]
Looking up host host2 ...found.
Is host2 running ntpd (V1) or xntpd (V2/V3) (V1/V2/V3) [V3] ?
V2 [Return]
Hostname of NTP server/peer [no default]:
host3
Mode for host1 (server or peer) (s/p) [s]:
[Return]
Looking up host host3 ...found.
Is host3 running ntpd (V1) or xntpd (V2/V3) (V1/V2/V3) [V3] ?
V2 [Return]
Hostname of NTP server/peer [no default]:
[Return]
If you have selected to use authentication,
ntpsetup
prompts you for a key number to be associated with each server after it prompts
you for the mode, as follows:
Enter the key number to be associated with hostname:
The
ntpsetup
script then displays the list of servers that you
entered. If the list is correct, enter
c
to continue. If the
list in incorrect or incomplete, enter
r
to redo it.
routed
or the
gated
daemon to access them.
For information on running the
gated
or
routed
daemon, see
Chapter 2.
xntpd
daemon with the
-g
option.
The
-g
option allows
xntpd
to correct time
differences of more than 1000 seconds between your system and that of your
system's NTP servers that occur after the
xntpd
daemon is
started. Initial time differences are corrected before the
xntpd)
daemon is started by the
ntpdate
command, which is run at boot time by the
/sbin/init.d/settime
script.
If your system is sensitive to security threats, do not use the
-g
option.
If you do not use the
-g
option, time differences of more than
1000 seconds will cause the
xntpd
daemon to log a message to
syslog
and exit.
xntpd
daemon with the
-x
option.
The
-x
option prevents
xntpd
from setting the
system time backward. The default is to allow
xntpd
to set the system time backward.
/etc/ntp.keys
file. Enter as many
as you need. For example:
Enter key and key identifiers separated by one space (no default):
1 defcd
Enter key and key identifiers separated by one space (no default):
[Return]
The
ntpsetup
script then displays the list of keys and key
identifiers that you entered. If the list is correct, enter
c
to continue. If the list in incorrect or incomplete, enter
r
to redo it.
The
ntpsetup
script displays a message similar to the
following and exits:
Configuring your system to run NTP...done.
Starting the NTP daemon (xntpd)... Setting kernel timezone variable Setting the current time and date with ntpdate Ntpdate succeeded. Network Time Service started To monitor NTP, type "/usr/bin/ntpq -p".
You monitor the hosts running the
xntpd
daemon by using either the
ntpq
command or the
xntpdc
command.
To monitor the local host's NTP status using the
ntpq
command,
use the following syntax:
ntpq [options...]
To monitor remote hosts' NTP status using the
ntpq
command,
use the following syntax:
ntpq [options...] host1 host2...
Table 10-1
shows the
ntpq
command options.
| Option | Function |
|
Interprets
command
as an interactive format command and adds it
to a list of commands to be executed on the specified host or hosts
|
-i
|
Forces
ntpq
to operate in interactive mode
|
-p
|
Prints a list of peers and a summary of their state |
In interactive mode, use the
host
command to set the host to use
as a reference for the other options; the local host is the default. Use the
peers
option to display the offsets between the current host and its
xntpd
servers. See
ntpq(8)
for more information.
The following example shows normal output from the
ntpq
command with the
-p
option:
%
ntpq -p
remote refid st when poll reach delay offset disp
==========================================================================
*host2.corp.com host121.corp.co 2 47 64 377 31.3 93.94 16.5
+host4.corp.com host2.corp.com 3 212 1024 377 33.8 89.58 16.9
host8.corp.com host2.corp.com 16 never 64 0 0.0 0.00 64000
The last line of the previous example shows that
host8
is either not running NTP or cannot be reached.
To monitor the local host's NTP status using the
xntpdc
command, use the following syntax:
xntpdc [options...]
To monitor remote hosts' NTP status using the
xntpdc
command, use the following syntax:
xntpdc [options...] host1 host2...
Table 10-2
shows some of the
xntpdc
command options.
| Option | Function |
|
Interprets
command
as an interactive format command and adds it
to a list of commands to be executed on the specified host or hosts.
|
-i
|
Forces
xntpdc
to operate in interactive mode.
|
-l
|
Prints a list of peers that are known to the server. |
-p
|
Prints a list of peers and a summary of their state. This is similar in format
to the
ntpq -p
command.
|
See
xntpdc(8)
for more information on this command and its options.
The following example shows normal output from the
xntpdc
command with the
-p
option:
%
xntpdc -p
remote refid st when poll reach delay offset disp
==========================================================================
*host2.corp.com host121.corp.co 2 47 64 377 31.3 93.94 16.5
+host4.corp.com host2.corp.com 3 212 1024 377 33.8 89.58 16.9
.host5.corp.com host12.usc.edu 2 111 1024 377 39.1 46.98 17.7
You can monitor the hosts running the
ntpd
daemon by using the
ntpdc
command; however, Digital recommends that you use the
xntpdc
command. The
xntpdc
command works with
all versions of NTP and provides additional features.
You can query time by using the
ntp
and
ntpdate
commands. However, Digital recommends that you use
ntpdate
because it works with all versions of NTP and provides
additional features to those provided by
ntp.