Follow through this guide to learn how to setup NTP server using NTPd on Debian 10 Buster.
Setup NTP server Using NTPd on Debian 10 Buster
Run System Update
Before you can proceed, run the command below to update your system packages.
apt update -y
Install NTP on Debian 10 Buster
The ntp package provides the NTPd deamon that is responsible for setting and maintaining the system time of day in synchronism with Internet standard time servers. The ntp package is available on the default Debian 10 Buster repositories. Hence, you can install be executing the command below;
apt install ntp -y
Running NTP Service
NTP is started and enabled to run on system boot after the installation. To check the status;
systemctl status ntp
● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-07-31 15:36:19 EDT; 4min 17s ago Docs: man:ntpd(8) Main PID: 6163 (ntpd) Tasks: 2 (limit: 4701) Memory: 1.4M CGroup: /system.slice/ntp.service └─6163 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 107:115
To check if it is enabled to run on system reboot;
systemctl is-enabled ntp
Configure NTP Pool
NTP is configured to use time servers from the Debian pool by default for time synchronization. You can configure your NTP server to use time servers close to your timezone.
The obtain a list of the servers on your timezone (or your Continent) from NTP Public Pool Time Servers. Next, open NTP configuration file and comment the Debian pool servers and add your timezone NTP pool time servers. For example, to use NTP time pool servers from Europe, you would add the lines below to NTP configuration.
server 0.europe.pool.ntp.org server 1.europe.pool.ntp.org server 2.europe.pool.ntp.org server 3.europe.pool.ntp.org
... #pool 0.debian.pool.ntp.org iburst #pool 1.debian.pool.ntp.org iburst #pool 2.debian.pool.ntp.org iburst #pool 3.debian.pool.ntp.org iburst server 0.europe.pool.ntp.org server 1.europe.pool.ntp.org server 2.europe.pool.ntp.org server 3.europe.pool.ntp.org ...
Configure NTP Server Access Control
To allow only specific NTP clients to query time services from your NTP server for time synchronization, you need to set the access control to define which clients to allow. This can be done using the NTP restrict parameter which takes the syntax;
restrict address [mask mask] [other options]
For example, to allow hosts on 192.168.1.0/24 network to query the just time and statistics from your NTP server;
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer
... # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Allow hosts from 192.168.1.0/24 network to query time and statistics restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer ...
nomodifyoptions prevents any changes to the configuration
ntpdccontrol message protocol traps.
nopeeroption prevents a peer association being formed
For a basic NTP server setup, that is just about the configuration. Save the configuration and restart the NTP service.
systemctl restart ntp
Check NTP server connection to NTP peers and the summary of their state by running the command;
remote refid st t when poll reach delay offset jitter ============================================================================== +dbn-ntp.mweb.co 184.108.40.206 2 u 8 64 377 91.919 14.732 36.071 *ntp4.inx.net.za 0.60.139.194 2 u 5 64 377 108.066 -0.762 30.303 +ns2.botsnet.bw 220.127.116.11 2 u 11 64 377 79.363 14.837 44.564 +ns1.botsnet.bw 18.104.22.168 2 u 4 64 377 123.420 -12.651 10.062
As you can see, our NTP server is now peered to ntp4.inx.net.za. The asterisk (*) shows preferred time source.
Open NTP on Firewall
If UFW is running, you can simply allow NTP incoming queries from the specific network.
ufw allow from 192.168.1.0/24 to any port 123 proto udp
Configure NTP Client
To verify that the configured server is actually working, you need to setup an NTP client to query time from our NTP server. This guide similarly uses Debian 10 Buster as an NTP client.
Well, if you need to just run time synchronization once, you can simply use the ntpdate command. To install ntpdate;
apt install ntpdate
Once the installation is done, you can query time services from the server using ntpdate by running the command;
3 Aug 09:02:15 ntpdate: adjust time server 192.168.1.107 offset 0.006268 sec
If you need to automatically set your client to query time from the NTP server all the time, you can use NTP daemon itself. Hence, install NTP package and configure it to query time services from your NTP server.
apt install ntp
Once the installation is done, configure your NTP client to query the NTP server. This can be done by using the server command which takes the form;
The iburst option improve the time taken for initial synchronization.
You can as comment out the default Debian NTP time pool servers so you can just use your own NTP server.
Hence, open the NTP configuration file
... # You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example server 192.168.1.107 iburst # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> #pool 0.debian.pool.ntp.org iburst #pool 1.debian.pool.ntp.org iburst #pool 2.debian.pool.ntp.org iburst #pool 3.debian.pool.ntp.org iburst
Save and quit the configuration file.
Next, disable Systemd timesyncd ntp.
timedatectl set-ntp off
Restart NTP service
systemctl restart ntp
Verify time synchronization
remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.107 22.214.171.124 3 u 2 64 1 0.080 1102276 0.000
Great. You have successfully installed and setup NTP server using NTPd on Debian 10 Buster. You have also setup the client and tested the working of your NTP server. Enjoy.