Linux NTP server build explaining

Linux NTPServer(time server)

Date–s 22:12:30 # Set time

leap seconds 7 months 1 days : minutes

at this time, to turn off the NTP service

1.1.Software Installation

Required software: installed by default

Yum Install Ntp-y

ntpdate-4.2.6p5-1.el6.centos.i686

Fontpackages-filesystem-1.41-1.1.el6.noarch

ntp-4.2.6p5-1.el6.centos.i686

1.2.ConfigurationNtp

Configuration file:

Vi/etc/ntp.conf

! NTP policy

Restrict(limit) default Kod nomodify(limited change) Notrap(Limited level query) Nopeer noquery

restrict-6 default Kod nomodify notrapnopeer noquery

# Some of the default permissions -6 is IPV6

# Limit queries refer to the parent server of the server to which the machine is connected, and cannot be queried directly from the upstream server

！

Restrict 127.0.0.1 # IPV4

Restrict-6:: 1 # IPV6

Restrict 192.168.1.0 mask 255.255.255.0nomodify notrap # Specify Query permissions for the 1.0 network segment

！

Restrict [your IP] mask [netmask_ip] [parameter]

The main parameters of parameter are the following:

• Ignore
  Deny all types of NTP online;

• Nomodify
  The client cannot change the time parameters of the NTP server, which means that the client cannot modify the server with both the NTPC and NTPQ programs. However, the client can still use this host to network school;

• Noquery
  Clients can not use NTPQ, NTPC and other instructions to query the time server, equal to not provide NTP network school;

• Notrap
  The ability to trap this remote event login (logging) is not available.

· notrust
Deny clients that are not authenticated

# How parameter does not specify any parameters, represents no restrictions

# Set the current segment's permissions on the NTP server within this network segment

! synchronization server for NTP

Server [IP or hostname] [prefer] # Set upper Layer NTP Server

Server 0.centos.pool.ntp.org iburst Server

Server 1.centos.pool.ntp.org Iburst

Server 2.centos.pool.ntp.org Iburst

Server 3.centos.pool.ntp.org Iburst

Server 127.127.1.0 # motherboard chip clock must be set

！

Fudge 127.127.1.1 Stratum # reduce the priority of native synchronization

！

DRIFTFILE/HOME/NTP # Driftfile [ directories and archives that can be ntpd written] record clock chip and higher server time error

! # The file needs to be set to ntpd this daemon can write permissions.

Set Template:

· [email protected] ~]# vi/etc/ntp.conf # in the case of preserving most of the default values, we made a few minor changes: # 1. Deal with permissions issues first: Restrict default nomodify notrap noquery Restrict 220.130.158.71 <== the right to enter the open host under these three lines Restrict 220.130.158.51 Restrict 220.130.158.52 Restrict 127.0.0.1 mask 255.0.0.0 <== internal and LAN permissions Restrict 192.168.1.0 mask 255.255.255.0 nomodify # set Allow network segment # 2. Set the host source! Server 220.130.158.71 prefer <== with this host as the top priority Server 220.130.158.51 Server 220.130.158.51 # 3. An internal time data that was originally built does not need to be altered. Server 127.127.1.0 # Local clock Fudge 127.127.1.0 Stratum 10 # 4. That's the time difference analysis, keep the default values. Driftfile/var/lib/ntp/drift Broadcastdelay 0.008 # 5. The keys related authentication function will not be used for the time being. Keys/etc/ntp/keys

Then prepare to revise the/ETC/SYSCONFIG/NTPD!

[Email protected] ~]# VI/ETC/SYSCONFIG/NTPD Options= "-U ntp:ntp-p/var/run/ntpd.pid" Sync_hwclock=yes # change him to Yes! This will change the BIOS time as well!

1.3. Ports and Services

Port 123

Service ntpd Restart

1.4.Firewall Configuration

1.5.Setting the time zone

Vi/etc/sysconfig/clock

# The time zone of the system is defined bythe contents of/etc/localtime.

# This file was only for evaluation by System-config-date,do not rely on its

# contents elsewhere.

Zone= "Asia/shanghai"

/usr/share/zoneinfo/ all time zone files

/etc/localtime

1.6.Client Synchronization

[[email protected] ~]# ntpstat view sync status

# The client will synchronize the clock with the NTP server. Executing on the client

[[email protected] ~]# ntpdate server IP

# manually synchronize the server and clock chip when the client executes ntpdate , the server side must have update synchronization to update

[Email protected] ~]# hwclock–w

1.7.Scheduled Tasks

Crontab:

* * * * */usr/sbin/ntpdate 192.168.1.200>>/usr/local/logs/crontab/ntpdate.log

1.8.Synchronizing Records

[Email protected] ~]# ntpq–p

[Email protected] ~]# ntpq-p

Remote refID(previous level) St T when poll reach delay offset time difference jitter

==============================================================================

202.118.1.130.         Init. u-64 0 0.000 0.000 0.001

news.neu.edu.cn.        Init. u-64 0 0.000 0.000 0.000

dns1.synet.edu. 202.118.1.46 2 U 1 64 1 54.697 2453.85 0.001

[Email protected] ~]#

# St Level

1.9.Step Essence¡ï ★

1.10.NtpManagement

[[Email protected]]# ntpq-p

Offset time Difference

1.11. Common Errors

• tip 1:

[Email protected] ~]# ntpdate 10.17.1.60

11:05:28 ntpdate[7326]: No serversuitable for synchronization found

#restrict(limit) default Kod nomodify(limited to change) Notrap(Limited level query) Nopeer noquery

#restrict-6 default kod nomodify notrapnopeer noquery

Answer: At least one of the above two items is not annotated

• Tip 2

This article is from the Linux Technical Exchange blog, so be sure to keep this source http://zhongliang.blog.51cto.com/4507905/1878817

Linux NTP server build explaining