NTP (Pete's notes)

Mac

Like Linux, Mac OS X gets time using ntpd as a client, but Macs are less flexible than Linux. Macs hide NTP configuration behind System Preferences->Date & Time, which edits /private/etc/ntp.conf behind the scenes. The GUI allows you specify an NTP server to poll, but doesn't allow you to listen to NTP broadcasts. I tried editing /private/etc/ntp.conf to specify "broadcastclient", but it didn't work. That would've been a bad idea anyway because inevitably someone will use the GUI and overwrite the file. So I just poll a time server. I could use the local router, but according to Righ Johnson/CSAC, laptops should get their time from DNS name "tardis.ntp.ucar.edu". That DNS name resolves to different addresses inside or outside the UCAR security perimeter, so you'll get time whether you're inside or outside. Cool!

IMPORTANT: ntpdc seems a better tool than ntpq to see if your ntpd is working.

NTP on Linux

NTP on the Mac

Linux

To get ntpd working, get a version that's at or later than ntp-stable-4.2.0a-20040617. Gunzip it, untar it, run ./configure, make and make install. I couldn't RPM-delete the ntp that's installed, so I hand-deleted all the ntp* binaries in /usr/sbin. I know this isn't optimal. Then I hand-edited the /etc/init.d/ntpd, deleted the /etc/sysconfig/ntpd, and made /etc/sysconfig/iptables allow ntp packets. Then I edited /etc/ntp/conf to comment out all the lines except

restrict 128.117.0.0 mask 255.255.0.0 disable auth broadcastclient

I did

/etc/init.d/ntpd stop /etc/init.d/ntpd start

,,,and waited a few minutes for the router's broadcast packets to be heard. Then I did ntpq and "peers" and saw the router listed.

One other possible problem: if your machine's time is too far out of sync with the router's, ntpd won't correct it. To force synchronization, do "ntpdate mlra".

The ntp.conf file has a section that configures a fake driver. If you leave that on, you'll see the "LOCAL" peer. When you comment it out, ntpq "peers" will give "No association ID's returned".

Ntp version 4.1.0-4 came installed with Red Hat 7.2, but it wasn't turned on. I turned it on by doing

chkconfig ntpd on

THERE ARE NO MAN PAGES, only HTML docs or the xntp home page. The latter includes something about how to check if xntp is working.

WARNING: !!!!! the following discusses ntp configuration files. The dhcpcd program will silently "help" you by overwriting /etc/ntp.conf, destroying whatever you put in /etc/ntp.conf. This isn't a problem for me on the laptop because I use a nondefault config file, but I wasted 1/2 a day figuring it out. If you need to use /etc/ntp.conf, you can use the -N command-line option to dhcpcd to stop the overwriting. Under Red Hat 7.2, dhcpcd is run when /etc/init.d/network runs /etc/sysconfig/network-scripts/ifup.

The NTP daemon reads a configuration file. Under Linux, the default file is /etc/ntp.conf by default. On the laptop, I use /etc/ntp.conf.work-server-client, /etc/ntp.conf.work-broadcast-client, or /etc/ntp.conf.home. The latter two don't work, dunno why. Under Solaris, the file is /etc/xntpd.conf.

To set up to use /etc/ntp.conf.work-server-client as the config file instead of the default /etc/ntp.conf, edit /etc/sysconfig/ntpd so that it contains

# Drop root to id 'ntp:ntp' by default. Requires kernel >= 2.2.18. OPTIONS="-U ntp -c /etc/ntp.conf.work-server-client"

Notes about how to set the file up can be found in DSG NTP configuration page. The contents of /etc/ntp.conf.work-server-client are

logfile /var/log/ntp.log server 128.117.8.251

Under Linux with ipchains, you'll have to allow NTP packets to enter your system. Edit the /etc/sysconfig/ipchains file to add this line:

-A input --source 0/0 --destination 0/0 123 --protocol udp --jump ACCEPT

By default, the /etc/init.d/ntpd startup script starts ntp with the -U ntp command-line option, which causes ntpd to run as user "ntp". This can cause /var/log/ntp.log to get messages like "can't open /etc/ntp.drift.TEMP: Permission denied". To prevent this, do:

touch /etc/ntp.drift /etc/ntp.drift.TEMP chown ntp /etc/ntp.drift /etc/ntp.drift.TEMP

When running with an explicit peer (not in broadcast-client mode), you can see how ntp is doing using the "ntpq" command and then "peers". The "offset" column shows the difference between the local host and the given peer, in millisconds (500 is 1/2 a second).

To run the daemon in debug mode, do

ntpd -d -d -d U ntp -c /etc/ntp.conf.work-server-client

Check file /var/log/ntp.log to see what's happening.

When you run ntpd, it seems to fix the system (software) clock and the hardware clock.

To do a one-time synchronization with a specific NTP server, like mlra, do

ntpdate mlra

WHAT FOLLOWS IS PRE-REDHAT 7.2

Web to the NTP home page. Download and save the distribution into /usr/src.

(as root) cd /usr/src gunzip ntp-4.0.99k23.tar.gz tar xf ntp-4.0.99k23.tar rm ntp-4.0.99k23.tar cd ntp-4.0.99k23 ./configure make make install make clean

This installs the following:

/usr/local/bin/ntp-wait
/usr/local/bin/ntpd
/usr/local/bin/ntpdate
/usr/local/bin/ntptimeset
/usr/local/bin/ntpdc
/usr/local/bin/ntpq
/usr/local/bin/ntptrace
/usr/local/bin/tickadj
/usr/local/bin/ntptime
/usr/local/bin/ntp-genkeys

Then make sure that ntpd is started at boot time. I created an /etc/rc.d/ntpd file by copying the /etc/rc.d/lpd file and making the obvious changes. Then, this:

cd /etc/rc.d/rc2.d ln -s ../ntpd S92ntpd ln -s ../ntpd K06ntpd

Pete Siemsen

Last modified: Thu Nov 2 09:30:30 MST 2006