Author: Mike Chirico
CMOS clock — keeps the time. In contrast, when Linux is running the system time — the
time kept by the kernel — is the definitive time source. System time is more accurate than CMOS time. It’s the time provided by the
date command, and it is measured as the number of seconds since 00:00:00 January 1, 1970 UTC. The only way to keep correct UTC time on your computer is to synchronize with an external time source.
Installing and Configuring NTP
The Network Time Protocol (NTP) daemon keeps your system time accurate.
If NTP is not included as a standard part of your distribution, the
software can be downloaded from
ntp.org
.
The Linux ntpd program makes continuous adjustments to your computer’s system time by sampling the time from one or more (preferably three) NTP servers. The correct time is calculated by figuring out the network delay
from a series of queries to the servers, then factoring in this delay to calculate the correct time. The NTP program will deliver accuracy to within 1-50ms, depending on the network path to the server and the server itself. For a workstation, you should use stratum 2 NTP servers. Stratum 1 NTP servers are available only to stratum 2 servers in the same time zone, or by previous arrangement.
NOTE: If your computer clock differs by more than 1,000 seconds — something that would happen if the computer was powered off and the battery was removed — then the ntpd daemon will not start, but instead will enter panic mode and exit. Therefore, your computer should query an NTP server during boot-up for the time, using the ntpdate command or ntpd with the -g option.
Red Hat and Fedora will run ntpdate against any server listed in the /etc/ntp/step_tickers file. Server entries that are queried when ntpd is running must be listed /etc/ntp.config, but on startup, at least one server must be list in /etc/ntp/step_tickers, for time initialization.
All NTP servers give UTC time. In other words, you never have to worry
about what timezone the server is in, but you want to pick a server that is nearby on the network.
NTP on Red Hat and Fedora
If you are running Red Hat or Red Hat’s Fedora you should use Red Hat’s version of NTP, since it has been modified to switch from the root account to the user NTP after startup. When your startup script runs it will automatically read entries in /etc/ntp/step-tickers
to initialize the hardware clock.
STEP 1:
Find three or four public stratum 2 NTP servers near you.
STEP 2:
Specify the NTP servers and restrict the access of these servers. Your computer can query the time from these servers and set the time
correctly based on the best server. However, since you restrict access, the time servers cannot initiate a time change on your computer. For
a workstation, configure your /etc/ntp.conf file as follows:
# A very simple client-only NTP configuration.
server ntp-1.cede.psu.edu
restrict 146.186.218.60
server timeserver1.upenn.edu
restrict 128.91.2.13
server clock.psu.edu
restrict 128.118.25.3
driftfile /etc/ntp/drift
authenticate no
STEP 3:
Create entries in the /etc/ntp/step-tickers file as shown below. Pick a server that is close to you for the initial time set on boot-up.
timeserver1.upenn.edu
clock.psu.edu
STEP 4:
Start or restart the ntpd program as root.
# /etc/init.d/ntpd restart
Shutting down ntpd: [ OK ]
ntpd: Synchronizing with time server: [ OK ]
Starting ntpd: [ OK ]
Note that NTP uses UDP port 123. The ntpd script that comes with Red Hat opens both source port 123 and destination port 123 using the following command:
iptables -D RH-Lokkit-0-50-INPUT -m udp -p udp -s $server/32 --sport 123 -d 0/0 --dport 123 -j ACCEPT
STEP 5:
Check that ntpd is operating correctly with the ntpq command, as follows:
$ ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
*146.186.218.60 204.123.2.5 2 u 613 1024 377 23.953 -5.935 2.263
+128.91.2.13 128.4.40.12 3 u 180 1024 377 11.191 -4.330 1.377
-128.182.58.100 192.5.41.41 2 u 540 1024 377 20.872 15.298 1.507
+128.118.25.3 128.118.25.12 2 u 137 1024 377 26.207 -5.419 0.561
You should be getting values for all fields. If several of the columns
are zero, and jitter is very high, say 4000, then NTP is not working
correctly. But give it a few minutes. You need a few minutes on a DSL or cable modem connection
for enough times stamps to be sent and received.
The following shows a problem.
$ ntpq -pn
remote refid st t when poll reach delay offset jitter
===================================================
tock.usno.navy 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
Setting Up and using NTP from source
STEP 1:
Download, compile, and install the program.
$ wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2.0.tar.gz $ tar -xzvf ntp-4.2.0.tar.gz $ cd ntp-4.2.0 $ ./configure $ make $ su - $ make install
STEP 2:
Add entries to /etc/ntp.conf using three or four of the closest stratum 2
servers near you, as shown above.
STEP 3:
Since NTP uses UDP port 123 for both destination and source, firewall
adjustments may be necessary. Here is an example of opening the 123
port for source and destination on each server above.
$ iptables -A INPUT -m udp -p udp -s 146.186.218.60/32 --sport 123 -d 0/0 --dport 123 -j ACCEPT $ iptables -A INPUT -m udp -p udp -s 128.92.2.13/32 --sport 123 -d 0/0 --dport 123 -j ACCEPT $ iptables -A INPUT -m udp -p udp -s 128.182.58.100/32 --sport 123 -d 0/0 --dport 123 -j ACCEPT $ iptables -A INPUT -m udp -p udp -s 128.118.25.3/32 --sport 123 -d 0/0 --dport 123 -j ACCEPT
STEP 4:
Unlike the Red Hat installation, the source install does not use
/etc/ntp/step-tickers for the initial time set, so you will need to
initialize the time.
To manually set the time, enter the following command,as root, with your
chosen Time Server:
$ su -
# ntpdate -s -b -p 8 timeserver1.upenn.edu
Next, start the ntp daemon:
# /usr/local/bin/ntpdate
Everything OK?
Run the following command under any
account:
$ /usr/sbin/ntpq -crv
status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg,
version="ntpd 4.1.1c-rc1@1.836 Thu Feb 13 12:17:19 EST 2003 (1)",
processor="i686", system="Linux2.6.7-ch0", leap=00, stratum=3,
precision=-17, rootdelay=24.973, rootdispersion=62.575, peer=36276,
refid=b50.cede.psu.edu,
reftime=c4df5922.cae1deac Tue, Aug 31 2004 16:08:02.792, poll=10,
clock=c4df5ca7.738194c0 Tue, Aug 31 2004 16:23:03.451, state=4,
offset=-76.829, frequency=-70.770, jitter=18.474, stability=0.293
Look at the value for stability, which here is equal to 0.293, and
frequency, which is -70.770. These values tend to vary if the computer gets
too hot — the fan stops working — or if you are starting to get hardware
problems.
I like to keep a record of these values throughout the day by putting them into a SQLite database, from which the values
can be compared over time. A sample script to do this, ntplog, can be found in the example
download.
