pavement

NTP, configuring

From FreeBSDwiki
Revision as of 18:47, 9 April 2006 by Dave (Talk | contribs)
Jump to: navigation, search

After installing Ntp, you'll want to configure it properly. Remember to allow TCP and UDP ports 123 if you're firewalling the client/server.

NTP Clients

If you're a client, you'll need to listen locally if you've got an NTP server locally to get the time. To start, edit /etc/ntp.conf and make sure it has something like this in it:

# Because the computer clocks drift, keep the drift info somewhere:
driftfile /etc/ntp.drift 

# if we are a client that listens to NTP broadcasts on the LAN, uncomment this line:
#broadcastclient

# Let's setup a log file for NTP:
logfile /var/log/ntp.log

NTP Servers

First, synchronize to a known good time server -- there are many listed at ntp.isc.org, and due to common sense and politeness, I won't list one particular server here, but [the US Navy] has some servers available -- be sure to read their policies for allowed use. Once you've got a server that you can use, run

ntpdate time.someserver.somewhere.com 

and your system will update to that time. You may want to verify that the time is correct, if you've got a Java-capable browser handy, [time.gov] will give you the correct time for the timezone you're in.

Once you've got that done, find a server that you can update from regularly -- be sure you've read through [the documentation] and obtained permission to use the server (seriously, this is important, folks have no sense of humor about this, see links below for why) -- it's time to set up your /etc/ntpd.conf which will at a minimum need to have three lines:

server time.someserver.somewhere.com prefer
driftfile /var/db/ntpd.drift
restrict default ignore

The server line may be repeated, and if you leave out the "prefer" keyword and have multiple server lines, then you'll round-robin through the list. If you have multiple server lines and leave the "prefer" keyword in, you'll only go to the other servers (without the "prefer") if your "preferred" server can't be reached. (stub on how to use restrict)

Auto-starting ntpd

Edit your /etc/rc.conf and add this to the end;

# Make sure that we don't use 'ntpdate'.  It is obsolete.
ntpdate_enable="NO"
xntpd_enable="YES"

Note: This was changed to ntpd_enable in FreeBSD 5.x if you have a previous version use xntpd_enable

# The NTP program is located here:
xntpd_program="/usr/local/bin/ntpd"
# and we want to use it with these options; see man page for details
xntpd_flags="-A -g -N -c /etc/ntp.conf -p /var/run/ntpd.pid -l /var/log/ntpd.log"
Personal tools