Linux NTPServer(time server)
Date–s 22:12:30 # Set time
leap seconds 7 months 1 days : minutes
at this time, to turn off the NTP service
1.1.Software Installation
Required software: installed by default
Yum Install Ntp-y
ntpdate-4.2.6p5-1.el6.centos.i686
Fontpackages-filesystem-1.41-1.1.el6.noarch
ntp-4.2.6p5-1.el6.centos.i686
1.2.ConfigurationNtp
Configuration file:
Vi/etc/ntp.conf
! NTP policy
Restrict(limit) default Kod nomodify(limited change) Notrap(Limited level query) Nopeer noquery
restrict-6 default Kod nomodify notrapnopeer noquery
# Some of the default permissions -6 is IPV6
# Limit queries refer to the parent server of the server to which the machine is connected, and cannot be queried directly from the upstream server
!
Restrict 127.0.0.1 # IPV4
Restrict-6:: 1 # IPV6
Restrict 192.168.1.0 mask 255.255.255.0nomodify notrap # Specify Query permissions for the 1.0 network segment
!
Restrict [your IP] mask [netmask_ip] [parameter] |
The main parameters of parameter are the following:
Ignore
Deny all types of NTP online;
Nomodify
The client cannot change the time parameters of the NTP server, which means that the client cannot modify the server with both the NTPC and NTPQ programs. However, the client can still use this host to network school;
Noquery
Clients can not use NTPQ, NTPC and other instructions to query the time server, equal to not provide NTP network school;
Notrap
The ability to trap this remote event login (logging) is not available.
· notrust
Deny clients that are not authenticated
# How parameter does not specify any parameters, represents no restrictions
# Set the current segment's permissions on the NTP server within this network segment
! synchronization server for NTP
Server [IP or hostname] [prefer] # Set upper Layer NTP Server
Server 0.centos.pool.ntp.org iburst Server
Server 1.centos.pool.ntp.org Iburst
Server 2.centos.pool.ntp.org Iburst
Server 3.centos.pool.ntp.org Iburst
Server 127.127.1.0 # motherboard chip clock must be set
!
Fudge 127.127.1.1 Stratum # reduce the priority of native synchronization
!
DRIFTFILE/HOME/NTP # Driftfile [ directories and archives that can be ntpd written] record clock chip and higher server time error
! # The file needs to be set to ntpd this daemon can write permissions.
Set Template:
· [email protected] ~]# vi/etc/ntp.conf # in the case of preserving most of the default values, we made a few minor changes: # 1. Deal with permissions issues first: Restrict default nomodify notrap noquery Restrict 220.130.158.71 <== the right to enter the open host under these three lines Restrict 220.130.158.51 Restrict 220.130.158.52 Restrict 127.0.0.1 mask 255.0.0.0 <== internal and LAN permissions Restrict 192.168.1.0 mask 255.255.255.0 nomodify # set Allow network segment # 2. Set the host source! Server 220.130.158.71 prefer <== with this host as the top priority Server 220.130.158.51 Server 220.130.158.51 # 3. An internal time data that was originally built does not need to be altered. Server 127.127.1.0 # Local clock Fudge 127.127.1.0 Stratum 10 # 4. That's the time difference analysis, keep the default values. Driftfile/var/lib/ntp/drift Broadcastdelay 0.008 # 5. The keys related authentication function will not be used for the time being. Keys/etc/ntp/keys |
Then prepare to revise the/ETC/SYSCONFIG/NTPD!
[Email protected] ~]# VI/ETC/SYSCONFIG/NTPD Options= "-U ntp:ntp-p/var/run/ntpd.pid" Sync_hwclock=yes # change him to Yes! This will change the BIOS time as well! |
1.3. Ports and Services
Port 123
Service ntpd Restart
1.4.Firewall Configuration
1.5.Setting the time zone
Vi/etc/sysconfig/clock
# The time zone of the system is defined bythe contents of/etc/localtime.
# This file was only for evaluation by System-config-date,do not rely on its
# contents elsewhere.
Zone= "Asia/shanghai"
/usr/share/zoneinfo/ all time zone files
/etc/localtime
1.6.Client Synchronization
[[email protected] ~]# ntpstat view sync status
# The client will synchronize the clock with the NTP server. Executing on the client
[[email protected] ~]# ntpdate server IP
# manually synchronize the server and clock chip when the client executes ntpdate , the server side must have update synchronization to update
[Email protected] ~]# hwclock–w
1.7.Scheduled Tasks
Crontab:
* * * * */usr/sbin/ntpdate 192.168.1.200>>/usr/local/logs/crontab/ntpdate.log
1.8.Synchronizing Records
[Email protected] ~]# ntpq–p
[Email protected] ~]# ntpq-p
Remote refID(previous level) St T when poll reach delay offset time difference jitter
==============================================================================
202.118.1.130. Init. u-64 0 0.000 0.000 0.001
news.neu.edu.cn. Init. u-64 0 0.000 0.000 0.000
dns1.synet.edu. 202.118.1.46 2 U 1 64 1 54.697 2453.85 0.001
[Email protected] ~]#
# St Level
1.9.Step Essence¡ï ★
1.10.NtpManagement
[[Email protected]]# ntpq-p
Offset time Difference
1.11. Common Errors
[Email protected] ~]# ntpdate 10.17.1.60
11:05:28 ntpdate[7326]: No serversuitable for synchronization found
#restrict(limit) default Kod nomodify(limited to change) Notrap(Limited level query) Nopeer noquery
#restrict-6 default kod nomodify notrapnopeer noquery
Answer: At least one of the above two items is not annotated
This article is from the Linux Technical Exchange blog, so be sure to keep this source http://zhongliang.blog.51cto.com/4507905/1878817
Linux NTP server build explaining