NTP server configuration

NTP server configuration 1. NTP service Introduction NTP (network time Protocol) is a network Protocol used to synchronize computer clocks. It can synchronize time between computers and other servers or clock sources. The time server verifies the time in three ways with other time servers (1) Broadcast/Multicast this method is suitable for LAN, with low accuracy (2) in this way, the next server can obtain the clock from the remote server or provide the clock information to the remote server. The precision is relatively high. The client/server of www.2cto.com (3) is similar to that of symmetic, the clock information can be provided to the client without providing time information to other servers. 2. It is easy to install the NTP server on the NTP server. I installed it on Ubuntu12.04. If you use the apt-get command to install apt-get install apt, you must configure the server. to meet our requirements, some configurations are required after NTP is installed. The main configuration is/etc/NTP. conf file 1) First, describe the start, stop, and restart/etc/init of the ntp service. d/ntp start # start/etc/init. d/ntp stop # stop/etc/init. d/ntp restart # restart/etc/init. d/ntp reload # Heavy Load/etc/init. d/ntp status # view the ntp service startup status 2) set the ntp service to automatically load. Use the chkconfig command to set the running status of the NTP service to chkconfig ntp on at the next startup. # set the system running level to 2, 3, 4, and 5 to automatically run chkconfig ntp off. # When the system running level is 2, 3, 4, or 5, it is set to not run automatically. 3) configuration file/etc/ntp. conf describes several main parameters in the configuration file, the restrict <ip address> <subnet mask> | <network segment> <subnet mask> [ignore | nomodify | noquery | notrap | nopeer | notrust | nokod] specifies NTP for communication. the address and network segment ignore disable all NTP service nomodify clients. You cannot change the time parameter of the server, you can use the server for time verification. noquery does not provide client Time query. notrap does not provide remote event logon. nopeer does not synchronize time with other servers on the same layer. notrust rejects non-authenticated client kod. prevents "kiss of death" packets (a DOS attack) damage to the server: server [IP | FQDN] [prefer] specifies When multiple NTP servers are specified, the server with the prefer parameter has the highest priority. If no prefer parameter is used, the server priority is increased from top to bottom in order. After the upper-layer server is specified, the time verification will be performed with the upper-layer NTP server at least 15 minutes. Fudge: Modify the NTP server parameter www.2cto.com driftfile file name: by default, the NTP server time is calculated based on the BIOS chip vibration frequency, but this value may be different from the upper-layer server, therefore, the NTP server automatically calculates the frequency of the NTP server and the upper-layer NTP server, and records the error of the two frequencies in the file specified by the driftfile parameter. You do not need to modify this parameter. Use the default configuration in the file. Broadcast subnet mask: Specifies the network segment for NTP time broadcast. If no parameter is specified, the NTP server broadcasts all accessible network segments. Logfile name: Specifies the NTP service log file 4) for simple NTP server configuration, we first reject all operations for the default client restrict default kod nomodify notrap nopeer noquery, and then allow all operations on the local address restrict 127.0.0.1. Finally, we allow all clients in the LAN to connect to this server. synchronization time. however, they are not allowed to modify the time restrict 192.168.1.0 mask expires 255.255.0 nomodify on the server.