Install ntpd

image_print

Installation instructions for Ubuntu 16.04 and 18.04.2 LTS

apt update && apt -y upgrade && apt -y install ntp ntpstat
apt-get purge ntpdate
vi /etc/default/ntp
NTPD_OPTS='-g'

The -g option enables ntpd to ignore the offset limit of 1000s and attempt to synchronize the time even if the offset is larger than 1000s, but only on system start.

configure local timeserver

vi /etc/ntp.conf
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Leap seconds definition provided by tzdata
leapfile /usr/share/zoneinfo/leap-seconds.list

# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

interface ignore wildcard
interface listen 192.168.0.18

# Specify one or more NTP servers.

# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board
# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for
# more information.
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst
server ts1.univie.ac.at iburst
server ts2.univie.ac.at iburst

# Use Ubuntu's ntp server as a fallback.
#pool ntp.ubuntu.com

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap nopeer

# Unrestriced access from specific host
restrict 192.168.0.2
restrict 192.168.0.3

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict -6 ::1

# Needed for adding pool entries
restrict source notrap nomodify noquery

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

#Changes recquired to use pps synchonisation as explained in documentation:
#http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#AEN3918

#server 127.127.8.1 mode 135 prefer    # Meinberg GPS167 with PPS
#fudge 127.127.8.1 time1 0.0042        # relative to PPS for my hardware

#server 127.127.22.1                   # ATOM(PPS)
#fudge 127.127.22.1 flag3 1            # enable PPS API

restart ntpd

service ntp restart
tail -f /var/log/syslog | grep ntpd
netstat -tulpa | grep ntp

Open Port 123 UDP

ufw allow 123/udp

Forward port 123/UDP to timeserver!

adjust time

sntp -s ts1.univie.ac.at

If the file /var/db/ntp-kod does not exist it need to be created:

mkdir -p /var/db && touch /var/db/ntp-kod && chown ntp:ntp /var/db/ntp-kod

otherwise you’ll get the error message

kod_init_kod_db(): Cannot open KoD db file /var/db/ntp-kod: No such file or directory

KoD means Kiss of Death.

Enable network time synchronization

timedatectl set-ntp true
timedatectl
Local time: Wed 2018-08-22 01:04:48 CEST
Universal time: Tue 2018-08-21 23:04:48 UTC
RTC time: n/a
Time zone: Europe/Vienna (CEST, +0200)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-25 01:59:59 CET
Sun 2018-03-25 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-10-28 02:59:59 CEST
Sun 2018-10-28 02:00:00 CET

ntp Status

ntpq -p
ntpstat