Published on

NTP Server

Authors
  • Name
    Jackson Chen

Network Time Protocol

https://en.wikipedia.org/wiki/Network_Time_Protocol

NTP uses a hierarchical, semi-layered system of time sources. Each level of this hierarchy is termed a stratum and is assigned a number starting with zero for the reference clock at the top. A server synchronized to a stratum n server runs at stratum n + 1. The number represents the distance from the reference clock and is used to prevent cyclical dependencies in the hierarchy. Stratum is not always an indication of quality or reliability; it is common to find stratum 3 time sources that are higher quality than other stratum 2 time sources.

Stratum 0

These are high-precision timekeeping devices such as atomic clocks, GPS or other radio clocks. They generate a very accurate pulse per second signal that triggers an interrupt and timestamp on a connected computer. Stratum 0 devices are also known as reference clocks. NTP servers cannot advertise themselves as stratum 0. A stratum field set to 0 in NTP packet indicates an unspecified stratum.

The upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized.

Stratum 0
    # Atomic clock and their signals broadcast over radio and GPS
Stratum 1
    # Computer with radio clock, GPS clock, or atomic clock attached
Stratum 2
    # Reads from stratum 1; Serves to lower strata
Stratum 3
    # Reads from stratum 2; Serves to lower strata
Stratum n+1
    # Reads from stratum n; Serves to lower strata
Stratum 15
    # Reads from stratum 14; This is the lowest stratum.
This process continues down to Stratum 15 which is the lowest valid stratum. 
    The label Stratum 16 is used to indicated an unsynchronized state.

chrony

chrony comes by default in Red Hat distributions and is available in the Ubuntu repositories.

Windows Time

https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings

All Microsoft Windows versions since Windows 2000 include the Windows Time service (W32Time), which has the ability to synchronize the computer clock to an NTP server.

Important

Windows Server 2016 has improved the time synchronization algorithms to align with RFC specifications. 

Therefore, if you want to set the local time client to point to multiple peers, we recommended that you prepare three or more different time servers.

Useful Windows w32tm Command Options

  1. Set client to use two time servers
w32tm /config /manualpeerlist:"ntpserver.contoso.com clock.adatum.com" /syncfromflags:manual /update
  1. Set client to sync time automatically from a domain source To configure a client computer that is currently synchronizing time using a manually-specified computer to synchronize time automatically from the AD domain hierarchy
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
  1. Check client time configuration
W32tm /query /computer:contosoW1 /configuration
or
reg query HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
  1. Compare client time with NTP source
w32tm /stripchart /computer:NTP-Source
  1. Resync client computer time
w32tm /resync /nowait /force
w32tm /query /status
  1. To list peers and NTP sources
w32tm /query peers
w32tm /query /source

Configure Red Hat Chrony

chrony consists of chronyd, a daemon that runs in user space, and chronyc, a command line program which can be used to monitor the performance of chronyd and to change various operating parameters when it is running.

  1. Verify client time with NTP source This will show time difference between client and NTP source
chronyd -q 'server ntp.example.com iburst'
  1. Install Chrony NTP
dnf install chrony
yum install chrony
  1. Enable chrony to start after boot
systemctl enable chronyd
  1. Red Hat chrony can be configured as NTP client or NTP server
Modify /etc/chrony.conf
# Configure chrony as NTP client, and synchronize time with <NTP-Source-IP>
Server <NTP-Source-IP>

# Configure chrony as NTP server for the network clients
allow  192.168.1.0/24

# Restart chrony NTP daemon to apply the change
systemctl restart chronyd
  1. If chrony as NTP server, open firewall port to allow incoming NTP reuests
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
  1. Verify client ntp request to chrony (RHEL server)
ntpupdate <RHEL-chrony-server>
  1. Check NTP server source on the chrony server
chronyc sources
  1. Check NTP client list on the NTP server
chronyc clients
Discuss on TwitterView on GitHub