CentOS Build NTP server

One, build time synchronization server
1, compile and install NTP server
RPM- QA | grep NTP
If not found, the NTP package is not installed, the NTP package is found on the CD, and the
RPM-UVH ntp***.rpm
is used to install
2, modify the ntp.conf configuration file
vi/etc/ntp.conf
①, the first configuration: Allow clients of any IP to have time synchronization
Change the line "Restrict default nomodify notrap noquery" to:
Restrict default nomodify notrap
Configuration file Example:/etc/ntp.conf
②, second configuration: Allow only the client of the 192.168.211.*** network segment to synchronize time
in restrict Add a line after default nomodify notrap noquery (which means time synchronization for all IPs is denied by defaults):
Restrict 192.168.211.0 mask 255.255.255.0 nomodify notrap
3, start NTP service
Services ntpd start
Start service
Chkconfig ntpd on
4, ntpd startup, The client waits a few minutes before synchronizing with its time, otherwise it will prompt "No server suitable for synchronization found" error.

Second, configure the time synchronization client
Manually perform ntpdate <ntp server> to synchronize
Or use crontab to perform
Crontab-e
0 * * * ntpdate 192.168.211.22 >>/root/ntpdate.log 2>&1
Sync every night 9 o'clock
Report:
When querying with ntpdate-d, you will find the following 2 messages that cause no server suitable for synchronization found error:
Error 1. Server Dropped:strata too high
The NTP client runs Ntpdate ServerIP, and no server suitable for synchronization found error occurs.
The NTP client was viewed with ntpdate–d ServerIP and found "Server Dropped:strata too High" error, and "Stratum 16" is displayed. And under normal circumstances stratum this worthwhile range is "0~15".
This is because NTP server is not synchronized with itself or its server.
The following definition is to keep the NTP server in sync with itself, and if the server defined in/ntp.conf is not available, the local time will be used as the NTP service for the NTP client.
Server 127.127.1.0
Fudge 127.127.1.0 Stratum 8

After the NTP service is restarted on the NTP server, the NTP server itself or the synchronization with its server needs a period of time, which may be 5 minutes, which will result in no server suitable when the client runs the ntpdate command at that time. For synchronization found error.
So how do you know when NTP server has completed the process of synchronizing itself?
To use the command on an NTP server:
# Watch Ntpq-p
The screen appears:
Every 2.0s:ntpq-p Thu Jul 10 02:28:32 2008
Remote refID St T when poll reach delay offset jitter
==============================================================================
192.168.30.22 LOCAL (0) 8 u 22 64 1 2.113 179133. 0.001
Local (0) local (0) ten L 21 64 1 0.000 0.000 0.001
Note that this is the NTP server that synchronizes itself with the local.
Note that the REACH value, after starting the NTP Server service, this value is increasing from 0, when increased to 17, from 0 to 17 is 5 times the change, each time is the value of poll seconds, is 64 seconds *5=320 seconds.
If you later synchronize NTP server from NTP Client also fails, use Ntpdate–d to query detailed error information, then make a judgment.
Error 2. Server Dropped:no Data
The error message when executing netdate–d from the client is as follows:
Transmit (192.168.30.22) transmit (192.168.30.22)
Transmit (192.168.30.22)
Transmit (192.168.30.22)
Transmit (192.168.30.22)
192.168.30.22:server Dropped:no Data
Server 192.168.30.22, Port 123
.....
Jul 17:42:24 ntpdate[14148]: No server suitable for synchronization found there may be 2 reasons for this problem:
1. Check the version of NTP, if you are using ntp4.2 (including 4.2) after the version, in the definition of restrict used notrust, will lead to the above error.
Use the following command to check the version of NTP:
# NTPQ-C Version
The following is a description from the NTP official website:
The behavior of Notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don T trust this host/subnet for time".
In 4.2 (and later) Notrust means "Ignore all NTP packets that is not cryptographically authenticated." This forces remotes servers to authenticate themselves to your (client) ntpd
Solve:
Remove the notrust.
2. Check the firewall for NTP server. The server's firewall may be blocking the UPD 123 port.
You can use the command
#service iptables Stop

To switch off the iptables service and then try to synchronize from the NTP client, if successful, prove to be a firewall problem and need to change the iptables settings.

This article is from the "Elephant" blog, make sure to keep this source http://zlyang.blog.51cto.com/1196234/1739478

CentOS Build NTP server