We will install on Debian 10.
1) First install the NTP server:
root@NTP01# apt update
root@NTP01# apt-get install ntp
root@NTP01# systemctl status ntp
ntp.service – Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-05-05 12:19:33 +03; 21min ago
Docs: man:ntpd(8)
Process: 2479 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 2485 (ntpd)
Tasks: 2 (limit: 2351)
Memory: 1.2M
CGroup: /system.slice/ntp.service
└─2485 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112
2) I set the NTP service to run at boot. Then I check:
root@NTP01# systemctl enable ntp
Synchronizing state of ntp.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable ntp
root@NTP01# systemctl is-enabled ntp
enabled
3) I’m looking at the Timezone list, I found Europe/Istanbul from here.
root@NTP01# timedatectl list-timezones
Europe/Gibraltar
Europe/Guernsey
Europe/Helsinki
Europe/Isle_of_Man
Europe/Istanbul
Europe/Jersey
Europe/Kaliningrad
Europe/Kiev
Europe/Kirov
Europe/Lisbon
…………………………
4) I set and control timezone
root@NTP01 # timedatectl set-timezone Europe/Istanbul
root@NTP01:# cat /etc/timezone
Europe/Istanbul
5) I set the correct time. If the difference between the real time and the time taken from the internet servers is too much, we may experience synchronization problems.
root@NTP01# timedatectl set-time “2020-05-05 12:52:15”
root@NTP01# timedatectl status
Local time: Tue 2020-05-05 12:52:41 +03
Universal time: Tue 2020-05-05 09:52:41 UTC
RTC time: Tue 2020-05-05 09:52:41
Time zone: Europe/Istanbul (+03, +0300)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
6) I am setting the ntp.conf file. I add servers reserved for Turkey to Pool. If the NTP01 internet ntp server loses its synchronization, I set it to continue to distribute time as STRATUM 10 over the local time. I want it to distribute the time information only to the 192.168.1.0/24 network.
root@NTP01# vi /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
server 0.tr.pool.ntp.org iburst
server 1.tr.pool.ntp.org iburst
server 2.tr.pool.ntp.org iburst
server 3.tr.pool.ntp.org iburst
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
restrict 192.168.1.0 mask 255.255.255.0 notrap nomodify nopeer
Descriptions of parameters:
Limited: Indicates that if a client should abuse the number of packets rate control, the packets will be discarded by the sever. If the Kiss of Death packet is enabled, it will be sent back to the abusive host. The rates are configurable by an admin but the defaults are assumed here.
KOD: Kiss of Death. If a host violates the limit of packets to the server, the server will respond with s KoD packet to the violating host.
Notrap: Decline mode 6 control messages. These control messages are used for remote logging programs.
Nomodify: Prevents ntpq and ntpdc queries that would modify the server’s configuration but informational queries are still permitted.
Noquery: This option prevents hosts from querying the server for information. For example without this option hosts can use ntpdc or ntpq to determine where a particular time server is getting it’s time from or other peer time servers that it may be communicating with.
7) I restart the server.
root@NTP01# systemctl restart ntp
8) I check synchronization from internet ntp servers. If we see * in front of a server, it means that it is in sync.
root@NTP01# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
LOCAL(0) .LOCL. 10 l 1477 64 0 0.000 0.000 0.000
+195.50.171.101 145.253.2.212 2 u 57 64 377 47.614 -1.166 12.103
*85.199.214.98 .GPS. 1 u 44 64 377 62.793 -1.610 1.199
+tor.nocabal.de 130.149.17.21 2 u 58 64 377 50.875 -6.266 45.282
-time.cloudflare 10.50.8.4 3 u 57 64 377 55.883 -22.027 10.172
Here different fields are :
remote : Remote time server hostname/IP
refid : Association ID
st : stratum
t : u: unicast, b: broadcast, l: local
when : sec/min/hr since last received packet
poll : poll interval (log2 s)
reach : reach shift register (octal)
delay: the time delay (in milliseconds) to communicate with the remote.
offset: the offset (in milliseconds) between our time and that of the remote.
jitter: the observed jitter (in milliseconds) of time with the remote.
Also, the very first value displayed is state i.e. + and * sign. These values can be :
* the source you are synchronized to (syspeer)
# source selected, distance exceeds maximum value
o the PPS(Pulse Per Second) source if your ntpd (ppspeer, only if you have a PPS capable system and refclock)
+ candidate, i.e. it is considered a good source
– outlyer, i.e. quality is not good enough
x falseticker, i.e. this one is considered to distribute bad time
blank: source discarded, failed sanity
9) I check ntp sync.
If only PLL, NANO is written, sync has occurred.
If it says (PLL, UNSYNC, NANO), it is in unsync state.
root@NTP01# ntptime
ntp_gettime() returns code 0 (OK)
time e25bc8af.cc832338 Tue, May 5 2020 14:12:47.798, (.798876721),
maximum error 75590 us, estimated error 1758 us, TAI offset 37
ntp_adjtime() returns code 0 (OK)
modes 0x0 (),
offset -9489.013 us, frequency 44.765 ppm, interval 1 s,
maximum error 75590 us, estimated error 1758 us,
status 0x2001 (PLL,NANO),
time constant 7, precision 0.001 us, tolerance 500 ppm,
- Ntpdate ile offset kontrolü yapacağım, önce yükleyelim.
root@NTP01# apt install ntpdate
root@sNTP01# ntpdate -u 85.199.214.98
14 May 02:18:51 ntpdate[2861]: adjust time server 85.199.214.98 offset -0.000106 sec
10) Finally I check with https://time.is/. If your clock writes exactly, everything is ok.
Notes to Myself 