Network Time Protocol

Basic Configuration
The following command will synchronise the local system time against another server, ensuring nearest possible time is available before configuring the NTP server.
[bash]# ntpdate -b time.smg.gov.mo
Before we adjust any configuration files, its always recommended that we make a backup of the original in case things go wrong, then we can edit the file and make changes as required.
[bash]# cp /etc/ntp.conf /etc/ntp.conf.original
[bash]# vi /etc/ntp.conf

Finding a Time Source
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server time.smg.gov.mo <-- add one entry below the default entries

Access Controls
The following restrict statement defines the suggested access controls for all default connections.
restrict default kod nomodify notrap noquery nopeer

The following table lists and defines some of the more commonly used access control parameters.
Parameters Definitions
ignore Deny all packets and queries
kod Send Kiss-Of-Death packet on access violation
nomodify Deny ntpq / ntpdc queries that attempt to modify the server
notrap Deny control message trap service
noquery Deny all ntpq / ntpdc queries
noserve Deny all queries - except ntpq / ntpdc
notrust Deny access unless cryptographically authenticated (ver 4.2 onwards)
nopeer Deny all packets that attempt to establish a peer association

To allow full control to the localhost, add the following entry to the configuration.
restrict 127.0.0.1

To allow all the workstations inside the internal private network to be able to query the time from your server, use the following access control rule (adjust subnet if needed).
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Finally we need the following declarations in the /etc/ntp.conf file.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
keys /etc/ntp/keys

The above configuration parameters are as follows:
server Specifies that a server is running on the host (own local clock)
fudge Passes additional information to the clock driver
stratum 10 Manually sets the Stratum the server should operate at (1-15)
driftfile Specifies the location of the frequency file
broadcastdelay Sets the propagation delay from the server when broadcasting
keys Store a list of keys needed for any cryptographic links

Starting NTP
[bash]# ntpdate -b time.smg.gov.mo
[bash]# chkconfig --level 2345 ntpd on
[bash]# /etc/init.d/ntpd restart
[bash]# grep ntpd /var/log/messages
galaxy ntpd[1110]: ntpd 4.2.0a@1.1196-r Thu Feb 23 04:42:00 EST 2006 (1)
galaxy ntpd[1110]: precision = 2.000 usec
galaxy ntpd[1110]: Listening on interface wildcard, 0.0.0.0#123
galaxy ntpd[1110]: Listening on interface wildcard, ::#123
galaxy ntpd[1110]: Listening on interface lo, 127.0.0.1#123
galaxy ntpd[1110]: Listening on interface eth0, 192.168.1.1#123
galaxy ntpd[1110]: kernel time sync status 0040
galaxy ntpd[1110]: frequency initialized 0.000 PPM from /var/lib/ntp/drift

You can now query the NTP server with the ntpq (query) tool. The output display after ntpd has been (re)started will be similar to the first table. As ntpd is allowed to run for a while, the table will start to fill with synchronization details.
[bash]# ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
80.26.104.184 .INIT. 16 u - 64 0 0.000 0.000 4000.00
128.95.231.7 .INIT. 16 u - 64 0 0.000 0.000 4000.00
64.112.189.11 .INIT. 16 u - 64 0 0.000 0.000 4000.00
127.127.1.0 LOCAL(0) 10 l - 64 0 0.000 0.000 4000.00

remote refid st t when poll reach delay offset jitter
==============================================================================
*80.26.104.184 217.127.32.90 2 u 66 256 377 470.247 32.058 33.497
+128.95.231.7 140.142.2.8 3 u 254 256 377 217.646 -3.832 2.734
+64.112.189.11 128.10.252.6 2 u 2 256 377 258.208 2.395 47.246
127.127.1.0 LOCAL(0) 10 l 56 64 377 0.000 0.000 0.002

Client Configuration
Linux Client
[bash]# vi /etc/ntp.conf
server 192.168.1.1
restrict default ignore
restrict 127.0.0.1
restrict 192.168.1.1 mask 255.255.255.255 nomodify notrap noquery
driftfile /var/lib/ntp/drift
The Linux client will also need to have the ntpd service started.

Microsoft Client
To configure a Microsoft Windows (XP) client, follow the sequence of commands below.
C:\>net time /setsntp:192.168.1.1
The command completed successfully.

C:\>net time /querysntp
The current SNTP value is: 192.168.1.1

The command completed successfully.

C:\>net stop w32time && net start w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

The Windows Time service is starting.
The Windows Time service was started successfully.

The standard time query interval for Windows (XP) is one query every 7 days, which for time critical applications and environments is ineffective. To adjust the time interval for Windows (XP), a registry value needs to be adjusted.

Windows (XP) stores the following registry key in a hexadecimal format, which converted to decimal will amount to the time in seconds between time queries. Select the new time (in seconds) that you require the Windows (XP) system to poll the server, then convert it to hexadecimal (86400 seconds is 1 day). This should be the "DWORD" value.
!!! Adjusting the Windows registry may cause your computer system to become unstable, do so at your own risk.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpClient]
"SpecialPollInterval"=dword:00093a80