Linux NTP time synchronization

Source: Internet
Author: User
Tags iptables

First, build time synchronization server
1. Compile and install NTP server
Rpm-qa | grep NTP
If not found, the NTP package is not installed, the NTP packet is found on the CD, and the
RPM-UVH ntp***.rpm
To install
2. Modify the ntp.conf configuration file
Vi/etc/ntp.conf
①, first configuration: Allows clients of any IP to have time synchronization
Modify the line "restrict default nomodify notrap noquery" to:
Restrict default nomodify Notrap
Configuration file Example:/etc/ntp.conf
②, second configuration: Only allow time synchronization for 192.168.211.*** network segment clients
Add a line after restrict default nomodify notrap noquery (which indicates that all IP is denied by the time synchronization):
Restrict 192.168.211.0 mask 255.255.255.0 nomodify notrap
3. Start the NTP service
Service NTPD Start
Start Service on Boot
Chkconfig ntpd on
4, NTPD start, the client will wait a few minutes to synchronize with their time, otherwise it will prompt "No server suitable for synchronization found" error.


Second, configure the time synchronization client

Manually perform ntpdate <ntp server> to synchronize
Or use crontab to perform
Crontab-e
0 * * * ntpdate 192.168.211.22 >>/root/ntpdate.log 2>&1
Sync every night 9 o'clock
Report:
When querying with ntpdate-d, you will find the following 2 messages that cause no server suitable for synchronization found error:
Error 1. Server Dropped:strata too high
The NTP client runs Ntpdate ServerIP, and no server suitable for synchronization found error occurs.
The NTP client was viewed with ntpdate–d ServerIP and found "Server Dropped:strata too High" error, and "Stratum 16" is displayed. And under normal circumstances stratum this worthwhile range is "0~15".
This is because NTP server is not synchronized with itself or its server.
The following definition is to keep the NTP server in sync with itself, and if the server defined in/ntp.conf is not available, the local time will be used as the NTP service for the NTP client.
Server 127.127.1.0
Fudge 127.127.1.0 Stratum 8

After the NTP service is restarted on the NTP server, the NTP server itself or the synchronization with its server needs a period of time, which may be 5 minutes, which will result in no server suitable when the client runs the ntpdate command at that time. For synchronization found error.
So how do you know when NTP server has completed the process of synchronizing itself?
To use the command on an NTP server:
# Watch Ntpq-p
The screen appears:
Every 2.0s:ntpq-p Thu Jul 10 02:28:32 2008
Remote refID St T when poll reach delay offset jitter
==============================================================================
192.168.30.22 LOCAL (0) 8 u 22 64 1 2.113 179133. 0.001
Local (0) local (0) ten L 21 64 1 0.000 0.000 0.001
Note that this is the NTP server that synchronizes itself with the local.
Note that the REACH value, after starting the NTP Server service, this value is increasing from 0, when increased to 17, from 0 to 17 is 5 times the change, each time is the value of poll seconds, is 64 seconds *5=320 seconds.
If you later synchronize NTP server from NTP Client also fails, use Ntpdate–d to query detailed error information, then make a judgment.
Error 2. Server Dropped:no Data
The error message when executing netdate–d from the client is as follows:
Transmit (192.168.30.22) transmit (192.168.30.22)
Transmit (192.168.30.22)
Transmit (192.168.30.22)
Transmit (192.168.30.22)
192.168.30.22:server Dropped:no Data
Server 192.168.30.22, Port 123
.....
Jul 17:42:24 ntpdate[14148]: No server suitable for synchronization found there may be 2 reasons for this problem:
1. Check the version of NTP, if you are using ntp4.2 (including 4.2) after the version, in the definition of restrict used notrust, will lead to the above error.
Use the following command to check the version of NTP:
# NTPQ-C Version
The following is a description from the NTP official website:
The behavior of Notrust changed between versions 4.1 and 4.2.
In 4.1 (and earlier) notrust meant "Don T trust this host/subnet for time".
In 4.2 (and later) Notrust means "Ignore all NTP packets that is not cryptographically authenticated." This forces remotes servers to authenticate themselves to your (client) ntpd
Solve:
Remove the notrust.
2. Check the firewall for NTP server. The server's firewall may be blocking the UPD 123 port.
You can use the command
#service iptables Stop

To switch off the iptables service and then try to synchronize from the NTP client, if successful, prove to be a firewall problem and need to change the iptables settings.

Or

Because the NTP service needs to use UDP port number 123, UDP port number 123 must be open when the system's Firewall (Iptables) is started.

   (Open 123 port) [[email protected] ~]#/sbin/iptables-i input-p UDP--dport 123-j ACCEPT




Check that the NTP service is booting up and set it to boot.

[Email protected] ~]# chkconfig--list ntpd

NTPD 0:off 1:off 2:off 3:off 4:off 5:off 6:off

[Email protected] ~]# RunLevel

N 3

[[email protected] ~]# chkconfig ntpd on #在运行级别2, 3, 4, 5 set to run automatically

[Email protected] ~]# chkconfig--list ntpd

NTPD 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[Email protected] ~]#

If you want to set up to run automatically at run level, you can use the following command

Chkconfig--level 345 ntpd on

You can use the following command to detect if the NTP service is running

You can use the following command to detect if the NTP service is running

2639
2641
[Email protected] ~]# NETSTAT-TLUNP | grep NTP #如果看到123端口, stating that the NTP service started successfully.
 udp        0      0::1:123                     :::*                                      2639/ ntpd           

Linux NTP time synchronization

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.