Configuring NTP on a LINUX Server
The Network Time Protocol was originally developed to overcome time synchronisation issues on the Internet. NTP is an Internet protocol designed to synchronise network time clients with an accurate time source or reference. NTP defines algorithms and protocol messages to aid the synchronisation of network time clients. This article provides information on how to install and configure the publicly available NTP software distribution. It also shows how to synchronise time with an Internet based time reference.
Internet based NTP time server systems fall into two categories: primary and secondary reference servers. Primary reference servers utilise a highly accurate external timing reference, such as GPS or radio clocks, to provide precise time. Secondart reference servers synchronise their time with primary reference servers and therefore offer slightly reduced accuracy. Primary reference time servers are stratum one servers, while secondary servers have a stratum greater than one.
The NTP source code is freely downloadable under the GNU public license from the NTP web site at 'ntp.org'. NTP was originally developed for the LINUX operating system, however, a port to Windows NT is also available. Once the source code has been obtained, it should be installed, compiled and configured on the host computer. This process is automated with the installation and configuration scripts supplied in the distribution. Many Linux based operating systems have the NTP package pre-installed. However, it may be wise to download the most recent version, which is currently 4.2.4.
The NTP daemon is configured via a configuration file 'ntp.conf'. This configuration file may contain a list of public NTP server references that can be used by the host to synchronise time. The 'server' command can be used to specify public NTP time references, characters specified after the # symbol are comments:
server time-a.nist.gov # Public NTP server: NIST, Gaithersburg, Maryland server time-c.timefreq.bldrdoc.gov # Public NTP Server: NIST, Boulder, Colorado
When the configuration file is complete the NTP daemon can be started using the 'ntpd start' script. Other scripts are vailable that can be used to control the daemon: 'ntpd stop', 'ntpd restart'. There is also a query script available that shows the current synchronisation status of the daemon: 'ntpq -p'.
The 'restrict' command can be used to control access premissions to the NTP server. There are a number of permutations or the 'restrict' command; a few examples are listed below.
restrict default ignore #Restrict all access to the time server restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Only allow local computers access
Multiple commands can be specified to restrict or disallow access to a range of computers.
NTP provides an additional level of security by utilising authentication codes. This is a mechanism where matching key codes can be specified on a client and server which are encrypted and passed between the server and client. This allows a client to confirm the source of a time message. Authentication keys are configured in the 'ntp.keys' file. They are specified using a key reference, encryption code and authentication key. Additionally, trusted authentication keys can be specified using the 'trusted key' command is the 'ntpd.conf' configuration file.