Application examples
08.12.2014
NetPing devices use the NTP protocol to synchronize time. Using this protocol, all devices on the network adjust their time on the specified server. NetPing devices connected to the Internet can use a public NTP server, as recommended in article . If you do not have Internet access, you can configure a local NTP server. This server can be any Windows computer with a configured service. W32time [« Windows Time Service"]. This service does not have a graphical interface and is configured either through the command line or by editing registry keys.
Instructions for setting up an NTP server on Windows 7/8/2008/2012
Consider setting up a time service through editing the registry. The configuration is the same for versions of Windows 7/8, Windows Server 2008, Windows Server 2012.
For this setting, you must have administrator rights for Windows
Open the registry editor or through the " Run"Caused by the keyboard shortcut" Win» + « R", Or through the search form, where we type" regedit».
In the editor that opens, in the left tree menu, open the "branch" " HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ services \\ W32Time \\ TimeProviders \\ NtpServer", Where we are looking for a key with the name" Enable". Right-click and select "Change." Change the key value with 0 on the 1 .
By changing this parameter, we indicated that this computer acts as an NTP server. The computer remains the client at the same time and can synchronize its time on other servers on the Internet or local network. If you want the internal hardware clock to act as a data source, change the value of the key parameterAnnounceflags on the 5 in the branch " HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ W32Time \\ Config».
For the changes to take effect, we need to restart the service. Access to services is through Control Panel"From the menu" Start» -> « Control Panel» -> « Administration» -> « Services". It is also in the search form when entering “ services.msc". In the list of services that appears, we find " Windows Time Service"And through the menu, called with the right mouse button, select" Restart».
The other day, it was again necessary to configure ntp, and, as usual, it turned out that over the past years of the previous setup, everything was forgotten nafik. Therefore, we write ourselves a note for the future, so as not to look for it next time. Well, you will come in handy to my readers.
Installation
The installation platform will be Gentoo, as usual. The ntp service is net-misc / ntp.
First, we update the portage tree:
We install ntp, here we do not need special parameters [at least for now], so we set it with default usages:
Server
Tuning.
Decide who we will take time from. I suggest using the exact time server, Stratum 1 after all.
ntp1.vniiftri.ru
ntp2.vniiftri.ru
ntp4.vniiftri.ru
Ntpd daemon startup options are defined in the /etc/conf.d/ntpd file
# /etc/conf.d/ntpd# Options to pass to the ntpd process
# Most people should leave this line alone ...
# however, if you know what you "re doing, feel free to tweak
NTPD_OPTS \u003d "- g -c /etc/ntp.conf"
Here, the -g -key allows the transition to a large leap in time, -c is the ntp service configuration file, to specify a pid file different from the default, you can use the -p switch, for example:
NTPD_OPTS \u003d "- p /var/run/ntpd.pid -g -c /etc/ntp.conf"
The ntp service is configured by default in the /etc/ntp.conf file, if you specified another in the previous paragraph, then edit the one that you specified
# /etc/ntp.conf
# Our local server
server 192.168.0.1
# Servers on the network
server 195.2.64.6
server ntp1.vniiftri.ru
server ntp2.vniiftri.ru
server ntp4.vniiftri.ru# Service file paths
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntpd.log# Permissions to access our server
restrict default ignore # Access is denied by default
restrict localhost # Locally everything is possible
restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap # On the internal network, you can only read the time# We allow you to synchronize with external servers, otherwise synchronization will not work.
restrict 127.0.0.1
restrict 192.168.0.1
restrict 195.2.64.6
restrict ntp1.vniiftri.ru
restrict ntp2.vniiftri.ru
restrict ntp4.vniiftri.ru# This record allows you to appropriate Stratum 3 to itself, so that the server trusts itself
server 127.127.1.1
fudge 127.127.1.1 stratum 3
We start ntpd
Add ntpd to startup
Now you need to wait 10 to 20 minutes, because synchronization does not occur immediately, but after a while.
Check on the server
If in response we get something similar:
remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.0.1 .INIT. 16 u - 1024 0 0.000 0.000 0.000
-ntp1.zenon.net 195.2.64.5 2 u 596 1024 377 2.261 -0.104 0.680
* ntp1.vniiftri.r .PPS. 1 u 909 1024 377 4.266 -0.603 0.353
+ ntp2.vniiftri.r .PPS. 1 u 562 1024 377 3.914 -0.453 0.457
+ ntp4.vniiftri.r .PPS. 1 u 554 1024 377 4.487 -0.664 0.249
LOCAL [1] .LOCL. 3 l 229m 64 0 0.000 0.000 0.000
then everything is fine, synchronization has gone. Let us consider in more detail the notation in the resulting table.
Table Fields:
remote - names of
remote ntp servers
refid - the server with which the remote ntp server synchronizes
st - stratum [level] of the remote server. 1 - the highest, 16 - an ordinary car / client.
t - peer type [u \u003d unicast, m \u003d multicast, l \u003d local]
when - indicates how long ago synchronization with the server was made
poll - frequency in seconds at which the NTP daemon synchronizes with the peer
reach - server availability status, this
value is stabilized at 377 if the last 8 attempts to synchronize with the remote server were successful
delay - delay [in milliseconds] of the response from the server
offset - the difference in milliseconds between the system time and the time of the remote server; value with a minus - lag, with a plus - runaway
jitter - time offset on the remote server
Icons in the rows of the table:
* - feast with which the last synchronization was performed
+ - server suitable for updating
- - server unsuitable for updating
x - server is not responding
Check on the client:
If the synchronization is successful, we will receive a response of the following form:
25 Oct 17:28:04 ntpdate: adjust time server 192.168.0.1 offset -0.016567 sec
However, it is possible to receive the following message:
25 Oct 17:29:14 ntpdate: no server suitable for synchronization found
To understand what nonsense we are doing:
We look at the answer:
192.168.0.1: Server dropped: strata too high
server 192.168.0.1, port 123
stratum 16, precision -8, leap 11, trust 000
This means that the level of trust is very small [stratum \u003d 16, the lowest level], that is, the server does not trust itself to give time. You must either wait or change the list of servers with which it is synchronized. Since we have written in the config that the server is our stratum 3, we are unlikely to see such a message.
Customize customers.
LINUX
My clients are also Gentoo, basically, the client configuration is written in the /etc/conf.d/ntp-client file. We’re not wise here, we leave everything as it is, just specify our server in the synchronization settings:
# /etc/conf.d/ntp-client# Command to run to set the clock initially
# Most people should just leave this line alone ...
# however, if you know what you "re doing, and you
# want to use ntpd to set the clock, change this to "ntpd"
NTPCLIENT_CMD \u003d "ntpdate"# Options to pass to the above command
# This default setting should work fine but you should
# change the default "pool.ntp.org" to something closer
# to your machine. See //www.pool.ntp.org/ or
# try running `netselect -s 3 pool.ntp.org`.
NTPCLIENT_OPTS \u003d "- s -b -u 192.168.0.1 "
Add to startup:
# rc-update add ntp-client default
It should be borne in mind that the ntp-client service synchronizes time only once, at system startup, so for machines that work for a long time without restarting, do the following:
Create an executable file with the following contents in the /etc/cron.hourly folder
#! / bin / sh
NTPCLIENT_OPTS \u003d "- s -b -u 192.168.0.1"Ntpdate $ NTPCLIENT_OPTS \u003e\u003e / dev / null 2\u003e & 1
That's it, now our machine will be synchronized with ntp hourly.
WINDOWS 2003 Server
All movements are performed on the command line.
# w32tm / config / syncfromflags: manual /manualpeerlist:192.168.0.1
# w32tm / config / update
Next, on the command line, specify the priority NTP server, restart the time service and force the time synchronization:
#net time /setsntp:192.168.0.1
#net stop w32time && net start w32time
# w32tm / resync
The result should be:
Sync command sent to local computer ...
The command completed successfully.
After a while, you can check the system event log. If everything is configured and worked correctly, then in the log there will be an information message from the W32Time source with code [ID] 37 and the text "NTP client of the time provider receives the correct time data from 192.168.0.1", and then with code 35 and the text "Service time synchronizes the system time with a time source of 192.168.0.1 ".
UPD
WINDOWS 2012 Server
Everything here is similar to Windows 2003 Server, but we do everything in Windows PowerShell running as administrator.
Specify which ntp server to use for synchronization:
PS C: \\\u003e w32tm / config / syncfromflags: manual /manualpeerlist:192.168.0.1 / syncfromflags: MANUAL
PS C: \\\u003e w32tm / config / update
Next, on the command line, restart the time service and force the time synchronization:
PS C: \\\u003e Service-Stop w32time
PS C: \\\u003e Service-Start w32time
PS C: \\\u003e w32tm / resync
The result should be:
Sending a synchronization command to the local computer
The command completed successfully.
We
check:
The output should get something like this:
Interference indicator: 0 [no warnings]
Stratum: 3 [secondary link - synchronized using [S] NTP]
Accuracy: -6 [15.625ms per cycle time]
Root Delay: 0.0356903s
Root Dispersion: 7.8069513s
Reference Time Id: 0xC0A86301 [Source IP: 192.168.0.1]
The time of the last successful synchronization: 03/22/2016 16:21:25
Setting time on Windows server operating systems using the NTP protocol is critical for many services. Without the correct time set, or rather, when the clock is mismatched, many Active Directory protocols and synchronization services cannot work correctly on the server and workstations. Installing and maintaining the watch using NTP is a simple task, sometimes connected, however, with some of the difficulties that we will try to consider in this article.
For example, we will not use the latest system - Windows Server 2012. It is the most common and, at the same time, for many other systems, including Windows Server 2008, Windows Server 2016, similar commands and rules apply. It should be noted that the description is about setting up an environment with a single PDC master. More complex options are not considered.
Reset NTP
In order to put the NTP service in the "default" state, you must run the following commands:
Stop- Service w32time w32tm / unregister w32tm / register
Stop-Service w32time w32tm / unregister w32tm / register
In this case, they stop the service, unregister the service and re-register it in the system. These commands should be executed only if essential. As a rule, there is no need for them - NTP is configured if other circumstances of the system are taken into account.
NTP installation commands in the normal case
In order to configure the network time protocol on a Windows Server controller, you first need to disable synchronization using Hyper-V if the controller is virtualized using this technology. To do this, go to the settings and uncheck the Time Synchronization item in the Management -\u003e Integration Services section
For those who do not use Hyper-V, the previous step can be omitted.
w32tm / config /manualpeerlist:"0.de.pool.ntp.org 1.de.pool.ntp.org "/ syncfromflags: MANUAL
UDP for NTP and Firewall Blocking
The time protocol uses the UDP port 123 for its communication in the standard configuration. You must ensure that the firewall does not block this port. In case the lock occurs, the ntp logs will contain a lot of information that the connection is impossible:
Log Name: System
Source: Microsoft-Windows-Time-Service
Event ID: 47
Level: Warning
Description: Time Provider NtpClient: No valid response has been received from manually configured peer pool.ntp.org after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a new peer with this DNS name. The error was: The peer is unreachable.
In order to make sure that this is the problem, you can enable the output of additional debugging information. We configure Windows Server logs so that they write all the necessary information, but they do not grow more than 20 megabytes:
w32tm / debug / disable
Lock ntp caught by the firewall phrase in debugging:
- Logging error: NtpClient has been configured to acquire time from one or more time sources, however none of the sources are currently accessible and no attempt to contact a source will be made for 1 minutes. NTPCLIENT HAS NO SOURCE OF ACCURATE TIME.
In this case [yes, in general, immediately for the purpose of verification], it is necessary to check the rule in the firewall
And, if necessary, change the rule or add it.
Checking ntp for proper operation
To check if everything is working correctly, you can start synchronization manually:
If everything went well, get a message:
Sending resync command to local computer
The command completed successfully.
If there are problems - a message:
The computer did not resync because no time data was available.
In the second case, it is necessary to check everything all over again: the firewall, the correctness of the specified servers [are there any errors in the name]. If anything, we have already provided information about resetting the settings.
The release of WordPress 5.3 improves and extends the Word Editor 5.0 block editor with a new block, more intuitive interaction, and improved accessibility. New features in the editor [...]
After nine months of development, the multimedia package FFmpeg 4.2 is available, which includes a set of applications and a collection of libraries for operations on various multimedia formats [recording, conversion and [...]
Linux Mint 19.2 is a long-term support release that will be supported until 2023. It comes with updated software and contains improvements and many new [...]
The release of the Linux Mint 19.2 distribution, the second update of the Linux Mint 19.x branch, formed on the Ubuntu 18.04 LTS package base and supported until 2023, is presented. The distribution is fully compatible [...]
New BIND service releases are available that provide bug fixes and feature enhancements. New releases can be downloaded from the download page on the developer's site: [...]
Exim is a messaging agent [MTA] developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available in accordance with [...]
After almost two years of development, the release of ZFS on Linux 0.8.0, the implementation of the ZFS file system, designed as a module for the Linux kernel, is presented. The module has been tested with Linux kernels from 2.6.32 to [...]
The IETF [Internet Engineering Task Force], a protocol and Internet architecture development team, has completed the formation of an RFC for the ACME [Automatic Certificate Management Environment] protocol [...]
The community-controlled Let’s Encrypt Certification Authority, which provides certificates free of charge to everyone, summed up the results of the past year and talked about plans for 2019. [...]
In the article, we will consider the configuration of the NTP client.
To begin with, we look at what time zone we have set. To do this, use the command.
# date Fri Mar 8 17:38:47 MSK 2019
If the time zone is set incorrectly, then set the correct time zone. To do this, create the file / etc / localtime with the appropriate time zone from the directory / usr / share / zoneinfo /. For example, for Moscow.
Ln -sf / usr / share / zoneinfo / Europe / Moscow / etc / localtime
Configure NTP Client Synchronization with NTP Server
Install the ntp package
Yum install ntp
To synchronize a local client machine on Linux with an NTP server, you need to edit the file /etc/ntp.conf. The following example shows several time servers, which is useful in case one of them is unavailable. Or you can register other external servers, for example pool.ntp.org
Server 0.rhel.pool.ntp.org iburst server 1.rhel.pool.ntp.org iburst server 2.rhel.pool.ntp.org iburst server 3.rhel.pool.ntp.org iburst
iburst: this parameter improves the accuracy of synchronization; instead of one packet, eight are sent. When the server does not respond, packets are sent every 16 seconds, when it responds - every 2 seconds.
Server 192.168.1.1 prefer
prefer: if this option is specified, the specified server is considered preferable over the others, but if the response of this server will significantly differ from the responses of other servers, it will be ignored. Instead of 192.168.1.1 specify the ip address of your server
Start NTP Service
After changing ntp.conf and setting the necessary parameters, start the NTP service [daemon]. Depending on the settings, it can work both as a server and as a client.
Systemctl start ntpd
and add it to startup
Systemctl enable ntpd
to check the time, type the command
Checking NTP Status
You can check the status of NTP using the ntpq command. If you get a connection failure error, it means the time server is not responding, the NTP service on the client is not running, or the port is closed.
Sudo ntpq –p remote refid st t when poll reach delay offset jitter \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d * elserver1 192.168.1.1 3 u 300 1024 377 1.225 -0.071 4.606
remote - name or address of the time server. Before it is indicated a service symbol, in this case “*”, which means the server used. "+" Means that the server is suitable for updating, "-" - which is unsuitable, "x" - the server is unavailable;
refid - The server higher in the Stratum hierarchy;
st - server level in the Stratum hierarchy;
t - connection type [u - unicast, single connection, b - broadcast, broadcast connection, l - local clock];
when - time elapsed since the last response;
poll - polling period in seconds;
reach - accessibility state [when represented in binary form, 1 means successful attempt, 0 means failure. After 8 successful attempts, the value is 377];
delay - time of double turn of the package;
offset - current time offset relative to the server;
jitter - standard deviation of time.
Value jitter should be low; if not, check the offset relative to the clock in the driftfile. If it is too large, you may need to change the NTP server. The following command manually synchronizes the time with the NTP server:
Manual time synchronization
To poll the NTP server and set the date and time manually, use the command ntpdate. This is usually required only once.
First, disable the ntp service
Systemctl stop ntpd
Start synchronization by indicating the server from which you want to synchronize time
Ntpdate 192.168.1.1
Start the ntp service
Systemctl start ntpd
After this initial synchronization, the NTP client will regularly poll the NTP server to ensure that the local time matches the exact time.
If you find an error, please select a piece of text and press Ctrl + Enter.