How to configure a basic NTP server/client using ntpd -... https://access.redhat.

com/solutions/412843

Subscriptions Downloads Containers Support Cases

Products & Services Knowledgebase How to configure a basic NTP server/client using ntpd

$ - Updated September 14 2021 at 12:40 AM - English

Environment
• Red Hat Enterprise Linux (RHEL) 4
• Red Hat Enterprise Linux 5
• Red Hat Enterprise Linux 6
• Red Hat Enterprise Linux 7
• ntp

Issue
• Need to implement basic NTP (Network Time Protocol) timekeeping on my network.

Resolution

• Install the ntp package:

[root@server ~]# yum install ntp

• The below example functions as an NTP server to the 192.168.1.0/24 network.

• Ensure the following entries are in /etc/ntp.conf:

1 of 6 5/5/23, 14:01
How to configure a basic NTP server/client using ntpd -... https://access.redhat.com/solutions/412843

[root@server ~]# cat /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not

# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could

# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1

# Hosts on local network are less restricted.

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst

# Undisciplined Local Clock, to serve time to others even when no external

sources are reachable.
server 127.127.1.0
fudge 127.127.1.0 stratum 10

#broadcast 192.168.1.255 autokey # broadcast server

#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.

#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.

#trustedkey 4 8 42

2 of 6 5/5/23, 14:01
How to configure a basic NTP server/client using ntpd -... https://access.redhat.com/solutions/412843

# Specify the key identifier to use with the ntpdc utility.

#requestkey 8

# Specify the key identifier to use with the ntpq utility.

#controlkey 8

# Enable writing of statistics records.

#statistics clockstats cryptostats loopstats peerstats

*Note: [0-3].rhel.pool.ntp.org are public NTP servers from the NTP Pool Project.

• Start the ntpd service and enable ntpd at system start (RHEL 4, 5, and 6):

[root@server ~]# service ntpd start

[root@server ~]# chkconfig ntpd on

• Start the ntpd service and enable ntpd at system start (RHEL 7):

[root@server ~]# systemctl start ntpd.service

[root@server ~]# systemctl enable ntpd.service

Disclaimer: Links contained herein to external website(s) are provided for convenience only.
Red Hat has not reviewed the links and is not responsible for the content or its availability. The
inclusion of any link to an external website does not imply endorsement by Red Hat of the
website or their entities, products or services. You agree that Red Hat is not responsible or
liable for any loss or expenses that may result due to your use of (or reliance on) the external
site or content.

• Ensure the following entries are in /etc/ntp.conf:

[root@client ~]# cat /etc/ntp.conf

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server myntp.server.com //Replace myntp.server.com with the correct name for
your environemnt.
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys

3 of 6 5/5/23, 14:01
How to configure a basic NTP server/client using ntpd -... https://access.redhat.com/solutions/412843

• Start the ntpd service and enable ntpd at system start (RHEL 4, 5, and 6):

[root@client ~]# service ntpd start

[root@client ~]# chkconfig ntpd on

• Start the ntpd service and enable ntpd at system start(RHEL 7):

[root@client ~]# systemctl start ntpd.service

[root@client ~]# systemctl enable ntpd.service

• To check if the client is synchronizing, use the ntpq command:

[root@client ~]# ntpq -p

remote refid st t when poll reach delay offset jitter
==============================================================================
*myntp.server.com pool.ntporg 1 u 66 64 377 35.428 11.765
4.114

• For more details about ntpd, please see Chapter 19, Configuring NTP using ntpd

Root Cause
• Accurate time keeping is important for a number of reasons in IT.
• In networking for example, accurate time stamps in packets and logs are required. Logs
are used to investigate service and security issues and so time stamps made on
different systems must be made by synchronized clocks to be of real value.
• As systems and networks become increasingly faster, there is a corresponding need for
clocks with greater accuracy and resolution.
• In some countries there are legal obligations to keep accurately synchronized clocks.
• NTP (Network Time Protocol) is implemented by a daemon running in user space.
• The default NTP user space daemon in Red Hat Enterprise Linux 7 is chronyd. It must
be disabled if you want to use the ntpd daemon.
• See Chapter 18, Configuring NTP using the chrony suite for information on chrony.

Diagnostic Steps

4 of 6 5/5/23, 14:01
How to configure a basic NTP server/client using ntpd -... https://access.redhat.com/solutions/412843

[root@client ~]# ntpq

ntpq> peers
remote refid st t when poll reach delay offset jitter
==============================================================================
*myntp.server.com pool.ntp.org .ONBR. 1 u 76 128 377 36.960
9.491 4.053

ntpq> as

ind assid status conf reach auth condition last_event cnt

===========================================================
1 28126 963a yes yes none sys.peer sys_peer 3

ntpq> rv 28126
associd=28126 status=963a conf, reach, sel_sys.peer, 3 events, sys_peer,
srcadr=myntp.server.com, srcport=123, dstadr=192.168.122.34, dstport=123,
leap=00, stratum=1, precision=-24, rootdelay=0.000, rootdisp=0.992,
refid=pool.ntp.org, reftime=e4e9fb1c.2cad2882 Mon, Sep 13 2021 13:30:20.174,
rec=e4e9fb1d.2dbcd83a Mon, Sep 13 2021 13:30:21.178, reach=377,
unreach=0, hmode=3, pmode=4, hpoll=7, ppoll=7, headway=0, flash=00 ok,
keyid=0, offset=9.491, delay=36.960, dispersion=6.009, jitter=4.053,
xleave=0.029,
filtdelay= 42.57 37.37 38.49 41.87 37.46 59.08 36.96 38.93,
filtoffset= 12.22 10.28 10.09 9.19 10.07 19.67 9.49 11.11,
filtdisp= 0.00 2.06 4.11 5.15 6.15 7.14 8.15 9.17

ntpq> quit

This solution is part of Red Hat’s fast-track publication program, providing a huge library of
solutions that Red Hat engineers have created while supporting our customers. To give you
the knowledge you need the instant it becomes available, these articles may be presented in
a raw and unedited form.

5 of 6 5/5/23, 14:01
How to configure a basic NTP server/client using ntpd -... https://access.redhat.com/solutions/412843

Solution - Mar 30, Solution - Jun 8, Solution - Mar 22,

2023 2022 2022

17 October 2019 4:07 PM

Daniel Sichel

an explanation, or a link to an explanation of what the contents of the ntp.conf file

actually do would make this useful.
26 Points

≤ Reply

Copyright © 2023 Red Hat, Inc.

6 of 6 5/5/23, 14:01