Network Time Protocol (NTP) is a TCP/IP protocol for synchronizing time over a network. Although Ubuntu has a built-in clock that is helpful for keeping track of local events, it may create issues when the server is connected over a network and provides time-critical services to the clients. This problem can be solved with the help of NTP time synchronization. NTP works by synchronizing time across all servers on the Internet.
NTP uses hierarchies of servers with top-level servers synchronizing time with atomic clocks. This hierarchy levels are known as stratum, and the level can range between 1 and 15, both inclusive. The highest stratum level is 1 and is determined by the accuracy of the clock the server synchronizes with. If a server synchronizes with other NTP server with stratum level 3, then the stratum level for this server is automatically set to 4.
Another time synchronization tool provided by Ubuntu is
ntpdate
, which comes preinstalled with Ubuntu. It executes once at boot time and synchronizes the local time with Ubuntu's NTP servers. The problem with ntpdate
is that it matches server time with central time without considering the big drifts in local time, whereas the NTP daemon ntpd
continuously adjusts the server time to match it with the reference clock. As mentioned in the ntpdate
manual pages (man ntpdate
), you can use ntpdate
multiple times throughout a day to keep time drifts low and get more accurate results, but it does not match the accuracy and reliability provided by ntpd.
In this recipe, we will set up a standalone time server for an internal network. Our time server will synchronize its time with public time servers and provide a time service to internal NTP clients.
Following are the steps to install and configure NTP daemon:
ntpdate
command:$ ntpdate -s ntp.ubuntu.com
$ sudo apt-get install ntp
/etc/ntp.conf
NTP configuration file to add/remove external NTP servers:$ sudo nano /etc/ntp.conf
server ntp.ubuntu.com
restrict
line, and add the following command:restrict default noquery notrust nomodify
restrict 192.168.1.0 mask 255.255.255.0
$ sudo service ntp restart
Sometimes, the NTP daemon refuses to work if the time difference between local time and central time is too big. To avoid this problem, we have synchronized the local time and central time before installing ntpd. As ntpd and ntpdate both use the same UDP port, 123, the ntpdate
command will not work when the ntpd service is in use.
After installing the NTP server, you may want to set time servers to be used. The default configuration file contains time servers provided by Ubuntu. You can use the same default servers or simply comment the lines by adding #
at the start of each line and add the servers of your choice. You can dig into http://www.pool.ntp.org to find time servers for your specific region. It is a good idea to provide multiple reference servers, as NTP can provide more accurate results after querying each of them.
Additionally, we have set a fallback server that can be used in case of network outage or any other problems when our server cannot communicate with external reference servers. You can also use a system clock as a fallback, which can be accessed at 127.127.1.0
. Simply replace the fallback server with the following line to use a system clock as a fallback:
server 127.127.0.1
Lastly, we have set access control parameters to protect our server from external access. The default configuration is to allow anyone to use the time service from this server. By changing the first restrict
line, we blocked all external access to the server. The configuration already contains the exception to local NTP service indicated by the following:
restrict 127.0.0.1
We created another exception by adding a separate line to allow access to the clients on local network (remember to replace the IP range with your network details):
restrict 192.168.1.0 mask 255.255.255.0
A central DHCP server can be configured to provide NTP settings to all DHCP clients. For this to work, your clients should also be configured to query NTP details from DHCP. A DHCP client configuration on Ubuntu already contains the query for network time servers.
Add the following line to your DHCP configuration to provide NTP details to the clients:
subnet 192.168.1.0 netmask 255.255.255.0 { ... option ntp-servers your_ntp_host; }
On the clientside, make sure that your dhclient.conf
contains ntp-servers
in its default request
:
request subnet-mask, broadcast-address, time-offset, routers, ... rfc3442-classless-static-routes, ntp-servers,