Keeping accurate, synchronized time across your network is important for all sorts of reasons: for accurate time stamps in logs, for ensuring that processes run on time, and also for applications that depend on keeping good time. Fortunately, it doesn’t have to be a difficult process to manage, as ntpd, the NTP (network time protocol) daemon, can do all the work for you.
Typically, with ntpd you can “set it and forget it.” The hard part is wading through the documentation and finding the bits that tell you how to implement and configure it, and what programs and configuration files you’ll need. You know the old cliché about asking the time and being told how to build a watch? I think the NTP project may have inspired it.
In this article we’ll cover how to set up a local time server on a LAN, without discussing the protocol itself at all, even though it is very cool. Instead, we shall stay focused on telling the time, not on building a watch.
Most Linux distributions include a motley collection of time and date utilities: hwclock.sh, date, 822-date, tzselect, tzsetup, vcstime, uptime, zdump, ddate, rdate, ctime, and doubtless several more. These tools have all sorts of odd, specialized functions, and are fun to play with on occasion. In the olden days we kept time with hwclock.sh, rdate, or ntpdate. They ran at boot or were put in cron jobs for periodic updating.
ntpd replaces hwclock.sh, rdate, and ntpdate. I recommend disabling any of these that are set to run automatically, whether from init or cron, and instead let ntpd be your sole timekeeper. With one exception — for ntpdate, don’t delete those init scripts; save them.
After installation, all you need to do is:
- Add some public time servers to /etc/ntp.conf
- Set your time zone. Make a symlink from /etc/localtime to the appropriate file in /usr/share/zoneinfo
- Make sure that UDP port 123 is open through your firewall
- Run ntpdate to set the system time
- Start up ntpd
Let’s take these steps one at a time.
Finding Public Time Servers
First up, where to find time servers? Visit Public NTP Time Servers. Select servers that are closest to you. Geographically close is good, or you can test network proximity with ping and traceroute.
Select three to five servers; don’t rely on any single one. Be sure to pay attention to the access policies for each server, because some are open and some have restrictions (musn’t be guilty of time server abuse).
ntp.conf entries look like this:
While your time zone is probably set correctly already, it’s easy enough to check:
$ ls -al /etc/localtime
lrwxrwxrwx 1 root root 30 Nov 25 13:45 /etc/localtime -> /usr/share/zoneinfo/US/Pacific
If you need to change it, use the ln command:
# ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime
If your system time is off by more than a few minutes, ntpd will not correct it. ntpdate will give it a good jumpstart:
# ntpdate [server name]
Starting ntpd depends on your Linux distribution. If you installed it from RPM or apt-get, it’s probably already running and the init scripts are in place. On Red Hat, try ‘restart’ or ‘start’ first:
# service ntpd restart
On other Linuxes:
# /etc/init.d/ntpd restart
Debian Is Different, Of Course
Note that Debian uses the ntp-simple package, and you have to install ntp-docs separately. After installation, you’ll find them on your system at /usr/share/doc/ntp-doc/html/.
Debian also uses /etc/default/ntp-servers to set the time servers for /etc/init.d/ntpdate. The easiest time server configuration method on Debian is:
# dpkg-reconfigure ntp-simple
You may also edit the configuration files directly. dpkg-reconfigure will add your server list to both /etc/default/ntp-servers and /etc/ntp.conf.
To restart the ntp daemon on Debian, use this command:
# /etc/init.d/ntp-simple restart
When your ntpd setup is working, it can function as the time server for your LAN. This is extremely preferable to configuring every PC on your network to synchronize with the public time servers. (That is time server abuse.)
Install and configure ntpd on them, just like for your local server, with one difference: edit /etc/ntp.conf to point to your local time server. And that’s all there is to it. (Don’t forget /etc/default/ntp-servers on Debian.)
Is It Working?
Use the following command to ensure everything is working. Note, though, that it’s normal for this command to not show any results for 30-60 minutes after starting NTP.
# ntpq -p
remote refid st t when poll reach delay offset jitter
+clock.fmt.he.ne .GPS. 1 u 37 64 377 105.562 26.771 2.539
+dewey.lib.ci.ph reaper.twc.weat 2 u 25 64 377 398.666 -30.285 51.555
*clock.sjc.he.ne .CDMA. 1 u 21 64 377 98.269 15.298 4.000
There are two useful things in this output: 1) it’s working, and 2) the * and + prefixes indicate that the time servers are good and that ntpd can use them. Any other prefix indicates a problem of some sort. The simplest fix is to delete the entry in ntp.conf and try a different server.
More ntp.conf Entries
These additional entries are helpful to have:
The driftfile is where ntpd writes variations between your system clock and the time servers so that it can instantly calculate a starting point after a reboot. Otherwise, it has to start re-calculating with each reboot, and that takes time. Be sure to create these files if they don’t already exist.
If you don’t specify a logfile, ntpd will dump entries into the system log.
Intermittent Internet Connection
ntpd works best on a full-time Internet connection. If you’re on dial-up, it will still work and you can still have a local machine designated as the LAN time server. The trick here is to add ntpdate to the brew. Run ntpdate every time your dial-up connection starts. Put this script in /etc/ppp/ip-up.d and name it anything you like. I call it “ntpdate”:
# ntpdate script
# run /etc/init.d/ntpdate every time PPP starts
if [ -x /etc/init.d/ntpdate]; then
This makes it executable for all users – season to taste:
# chmod a+rx /etc/ppp/ip-up.d/ntpdate
And that, in a nutshell, is how to have your own local time server. Yes, it really is that simple.