How to Install and Configure NTP Server Using NTPd on Fedora 29/Fedora 28

0
2403

In our previous article, we learnt how to setup NTP server using Chronyd on Fedora28/Fedora29. Well, this is yet another guide on how to install and configure NTP server using NTPd on Fedora 29/Fedora 28. Step through this guide in order to setup your NTP server for automatic time adjustments.

Install NTPd

The ntpd deamon is provided by the ntp package. Therefore, run the command below to install ntpd.

dnf install ntp -y

In order to use ntpd the default user space daemon, chronyd, must be stopped and disabled, if at all it is installed on the same system. Run the commands below to stop and disable chronyd from restarting at system start.

systemctl stop chronyd
systemctl disable chronyd

To start and enable ntpd at system start, run the following command;

systemctl start ntpd
systemctl enable ntpd

Configure NTP

The main configuration file for NTP is /etc/ntp.conf. This file is installed together with ntpd and is configured to use time servers from the Fedora pool by default.

Configure Acces control to NTP service

Access to the NTP service can be controlled or restricted by making the use of the restrictcommand in the ntp.conf file. The command syntax is;

restrict option  where option can be;

  • ignore — All packets will be ignored, including ntpq and ntpdc queries.
  • kod — a “Kiss-o’-death” packet is to be sent to reduce unwanted queries.
  • limited — do not respond to time service requests if the packet violates the rate limit default values or those specified by the discard command. ntpq and ntpdc queries are not affected.
  • lowpriotrap — traps set by matching hosts to be low priority.
  • nomodify — prevents any changes to the configuration.
  • noquery — prevents ntpq and ntpdc queries, but not time queries, from being answered. This can help prevent NTP amplification attacks.
  • nopeer — prevents a peer association being formed.
  • noserver — deny all packets except ntpq and ntpdc queries.
  • notrap — prevents ntpdc control message protocol traps.
  • notrust — deny packets that are not cryptographically authenticated.
  • notpport — modify the match algorithm to only apply the restriction if the source port is the standard NTP UDP port 123.
  • version — deny packets that do not match the current NTP version.

To restrict local access to the server, edit the /etc/ntp.conf and add the network range the server is allowed to receive requests from.

vim /etc/ntp.conf
...
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.43.0 mask 255.255.255.0 nomodify notrap
...

Configure time servers

NTP is configured to use time servers from the Fedora pool by default. Therefore, change this by replacing the time servers with the servers close to your timezone area.

...
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.fedora.pool.ntp.org iburst
server 0.africa.pool.ntp.org iburst
server 1.africa.pool.ntp.org iburst
server 2.africa.pool.ntp.org iburst
server 3.africa.pool.ntp.org iburst
...

Configure Firewall to Allow Incoming NTP connections

NTP listens on UDP port 123 and therefore, traffic to this port has to be e permitted through network and host-based firewalls in order for NTP to function. Run the command below to allow packets to port 123/UDP.

firewall-cmd --add-port=123/udp --permanent
firewall-cmd --reload

Restart NTPd daemon

systemctl restart ntpd

To verify if NTP server is working normally, run the command below.

# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*lon1.kakte.com  178.62.115.212   3 u   56   64  377  232.746  115.195 181.208
+ntp3.inx.net.za 0.60.139.194     2 u   13   64  377  289.535   15.691 202.211
+ntp.blueline.mg 193.79.237.14    2 u   55   64  377  501.236  131.465  54.479

Now that all is well, proceed to configure NTP client.

Configure NTP client

In order to receive time synchronization from our NTP server, proceed to configure the client. In this case, you can either use the NTP service daemon (ntpd) or ntpdate command as follows;

LEAVE A REPLY

Please enter your comment!
Please enter your name here