How to Install and Configure NTP Server Using NTPd on Fedora 29/Fedora 28

0
4242

This is yet another guide on how to install and configure NTP server using NTPd on Fedora 29/Fedora 28. Step through this guide in order to setup your NTP server for automatic time adjustments.. In our previous article, we learnt how to setup NTP server using Chronyd on Fedora28/Fedora29.

How to Install and Configure NTP Server Using NTPd on Fedora 29/Fedora 28

Install NTPd on Fedora

The ntpd deamon is provided by the ntp package. Therefore, run the command below to install ntpd.

dnf install ntp -y

In order to use ntpd the default user space daemon, chronyd, must be stopped and disabled, if at all it is installed on the same system. Run the commands below to stop and disable chronyd from restarting at system start.

systemctl stop chronyd
systemctl disable chronyd

To start and enable ntpd at system start, run the following command;

systemctl start ntpd
systemctl enable ntpd

Configure NTP on Fedora

The main configuration file for NTP is /etc/ntp.conf. This file is installed together with ntpd and is configured to use time servers from the Fedora pool by default.

Configure Acces control to NTP service

Access to the NTP service can be controlled or restricted by making the use of the restrictcommand in the ntp.conf file. The command syntax is;

restrict option  where option can be;

  • ignore — All packets will be ignored, including ntpq and ntpdc queries.
  • kod — a “Kiss-o’-death” packet is to be sent to reduce unwanted queries.
  • limited — do not respond to time service requests if the packet violates the rate limit default values or those specified by the discard command. ntpq and ntpdc queries are not affected.
  • lowpriotrap — traps set by matching hosts to be low priority.
  • nomodify — prevents any changes to the configuration.
  • noquery — prevents ntpq and ntpdc queries, but not time queries, from being answered. This can help prevent NTP amplification attacks.
  • nopeer — prevents a peer association being formed.
  • noserver — deny all packets except ntpq and ntpdc queries.
  • notrap — prevents ntpdc control message protocol traps.
  • notrust — deny packets that are not cryptographically authenticated.
  • notpport — modify the match algorithm to only apply the restriction if the source port is the standard NTP UDP port 123.
  • version — deny packets that do not match the current NTP version.

To restrict local access to the server, edit the /etc/ntp.conf and add the network range the server is allowed to receive requests from.

vim /etc/ntp.conf
...
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.43.0 mask 255.255.255.0 nomodify notrap
...

Configure time servers

NTP is configured to use time servers from the Fedora pool by default. Therefore, change this by replacing the time servers with the servers close to your timezone area.

...
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.fedora.pool.ntp.org iburst
server 0.africa.pool.ntp.org iburst
server 1.africa.pool.ntp.org iburst
server 2.africa.pool.ntp.org iburst
server 3.africa.pool.ntp.org iburst
...

Configure Firewall to Allow Incoming NTP connections

NTP listens on UDP port 123 and therefore, traffic to this port has to be e permitted through network and host-based firewalls in order for NTP to function. Run the command below to allow packets to port 123/UDP.

firewall-cmd --add-port=123/udp --permanent
firewall-cmd --reload

Restart NTPd daemon

systemctl restart ntpd

To verify if NTP server is working normally, run the command below.

ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*lon1.kakte.com  178.62.115.212   3 u   56   64  377  232.746  115.195 181.208
+ntp3.inx.net.za 0.60.139.194     2 u   13   64  377  289.535   15.691 202.211
+ntp.blueline.mg 193.79.237.14    2 u   55   64  377  501.236  131.465  54.479

Now that all is well, proceed to configure NTP client.

Configure NTP client

In order to receive time synchronization from our NTP server, proceed to configure the client. In this case, you can either use the NTP service daemon (ntpd) or ntpdate command as follows;

Using NTPd

Install ntp package that provides ntpd daemon.

dnf install ntp -y

After the installation, you need to edit the /etc/ntp.conf configuration file to add the address of your NTP server.

The server command takes the following syntax;

server address

where address is either the IP or resolvable hostname of the NTP server.

...
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.fedora.pool.ntp.org iburst
server 192.168.43.69 iburst
...

Save the configuration file and restart ntpd daemon.

Verify the connection to the server using the netcat command;

nc -zuv 192.168.43.69 123
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.43.69:123.
Ncat: UDP packet sent successfully
Ncat: 1 bytes sent, 0 bytes received in 2.01 seconds.

Now that your client can successfully connect to your NTP server, verify that time synchronization is working;

ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.43.69   167.99.82.6      4 u   31   64    7    0.292   67.320  12.531

Using ntpdate

If you want to synchronize the time of your client with NTP server once, you can use ntpdate as follows;

dnf install ntpdate -y

Once the installation is done, you can use the ntpdate to synchronize the time as follows;

Start and enable ntpdate

systemctl start ntpdate
systemctl enable ntpdate

To use ntpdate, you need to stop and disable ntpd

systemctl stop ntpd
systemctl disable ntpd

To verify that time synchronization works fine, run ntpdate command as shown below

ntpdate 192.168.43.69
18 Nov 12:30:02 ntpdate[4983]: step time server 192.168.43.69 offset 3608.684470 sec

Great. That is all it takes to install and configure NTP server Using NTPd on Fedora 29/Fedora 28.

To configure NTP server on Fedora 30 using NTPd, then check our guide by following the link below;

Configure NTP Server using NTPd on Fedora 30

LEAVE A REPLY

Please enter your comment!
Please enter your name here