This is yet another guide on how to install and configure NTP server using NTPd on Fedora 29/Fedora 28. Step through this guide in order to setup your NTP server for automatic time adjustments.. In our previous article, we learnt how to setup NTP server using Chronyd on Fedora28/Fedora29.
Installing NTP Server Using NTPd on Fedora 29/Fedora 28
Install NTPd on Fedora
The ntpd deamon is provided by the ntp package. Therefore, run the command below to install ntpd.
dnf install ntp -yIn order to use ntpd the default user space daemon, chronyd, must be stopped and disabled, if at all it is installed on the same system. Run the commands below to stop and disable chronyd from restarting at system start.
systemctl stop chronyd
systemctl disable chronydTo start and enable ntpd at system start, run the following command;
systemctl start ntpd
systemctl enable ntpdConfigure NTP on Fedora
The main configuration file for NTP is /etc/ntp.conf. This file is installed together with ntpd and is configured to use time servers from the Fedora pool by default.
Configure Acces control to NTP service
Access to the NTP service can be controlled or restricted by making the use of the restrictcommand in the ntp.conf file. The command syntax is;
restrict option where option can be;
ignore— All packets will be ignored, including ntpq and ntpdc queries.kod— a “Kiss-o’-death” packet is to be sent to reduce unwanted queries.limited— do not respond to time service requests if the packet violates the rate limit default values or those specified by the discard command. ntpq and ntpdc queries are not affected.lowpriotrap— traps set by matching hosts to be low priority.nomodify— prevents any changes to the configuration.noquery— prevents ntpq and ntpdc queries, but not time queries, from being answered. This can help prevent NTP amplification attacks.nopeer— prevents a peer association being formed.noserver— deny all packets except ntpq and ntpdc queries.notrap— prevents ntpdc control message protocol traps.notrust— deny packets that are not cryptographically authenticated.notpport— modify the match algorithm to only apply the restriction if the source port is the standard NTP UDP port 123.version— deny packets that do not match the current NTP version.
To restrict local access to the server, edit the /etc/ntp.conf and add the network range the server is allowed to receive requests from.
vim /etc/ntp.conf...
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.43.0 mask 255.255.255.0 nomodify notrap
...Configure time servers
NTP is configured to use time servers from the Fedora pool by default. Therefore, change this by replacing the time servers with the servers close to your timezone area.
...
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.fedora.pool.ntp.org iburst
server 0.africa.pool.ntp.org iburst
server 1.africa.pool.ntp.org iburst
server 2.africa.pool.ntp.org iburst
server 3.africa.pool.ntp.org iburst
...
Configure Firewall to Allow Incoming NTP connections
NTP listens on UDP port 123 and therefore, traffic to this port has to be e permitted through network and host-based firewalls in order for NTP to function. Run the command below to allow packets to port 123/UDP.
firewall-cmd --add-port=123/udp --permanent
firewall-cmd --reloadRestart NTPd daemon
systemctl restart ntpdTo verify if NTP server is working normally, run the command below.
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*lon1.kakte.com 178.62.115.212 3 u 56 64 377 232.746 115.195 181.208
+ntp3.inx.net.za 0.60.139.194 2 u 13 64 377 289.535 15.691 202.211
+ntp.blueline.mg 193.79.237.14 2 u 55 64 377 501.236 131.465 54.479
Now that all is well, proceed to configure NTP client.
Configure NTP client
In order to receive time synchronization from our NTP server, proceed to configure the client. In this case, you can either use the NTP service daemon (ntpd) or ntpdate command as follows;
Using NTPd
Install ntp package that provides ntpd daemon.
dnf install ntp -yAfter the installation, you need to edit the /etc/ntp.conf configuration file to add the address of your NTP server.
The server command takes the following syntax;
server addresswhere address is either the IP or resolvable hostname of the NTP server.
...
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.fedora.pool.ntp.org iburst
server 192.168.43.69 iburst
...Save the configuration file and restart ntpd daemon.
Verify the connection to the server using the netcat command;
nc -zuv 192.168.43.69 123Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.43.69:123.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.Now that your client can successfully connect to your NTP server, verify that time synchronization is working;
ntpq -p remote refid st t when poll reach delay offset jitter
==============================================================================
192.168.43.69 167.99.82.6 4 u 31 64 7 0.292 67.320 12.531Using ntpdate
If you want to synchronize the time of your client with NTP server once, you can use ntpdate as follows;
dnf install ntpdate -yOnce the installation is done, you can use the ntpdate to synchronize the time as follows;
Start and enable ntpdate
systemctl start ntpdate
systemctl enable ntpdateTo use ntpdate, you need to stop and disable ntpd
systemctl stop ntpd
systemctl disable ntpdTo verify that time synchronization works fine, run ntpdate command as shown below
ntpdate 192.168.43.6918 Nov 12:30:02 ntpdate[4983]: step time server 192.168.43.69 offset 3608.684470 secGreat. That is all it takes to install and configure NTP server Using NTPd on Fedora 29/Fedora 28.
To configure NTP server on Fedora 30 using NTPd, then check our guide by following the link below;
