Keeping Time With NTPd

General Information

Many services on your FreeBSD either workstation or server benefit from knowing the time accurately, whether they are cron tasks or if you are sharing files around your network and you need the timestamps to be consistent across the network. The NTP daemon and the ntpdate program allow you to keep accurate time on your FreeBSD machine via the Network Time Protocol. The ntpdate program is being slowly replaced by NTPd, and indeed ntpd -q will act the same as ntpdate, so it is on its way out. Also the ntpdate program has reduced accuracy when compared to the ntpd. This guide will show you how to setup your machine to keep time using the NTP daemon, and also show you how you can setup the NTP daemon to act as a Time Server for your local network.

Requirements

  1. Local root access on the box or be able to su to root.
  2. A SSH client such as puTTy or SecureCRT (if you are setting it up remotely).
  3. A plain text editor, I prefer nano

Installation

We need to tell the machine that we want ntpd started at boot so login or su to root.

Add ntpd_enable=”YES” to your rc.conf file manually or enter the below command to append it to the end

# echo 'ntpd_enable="YES"' >> /etc/rc.conf

Note: This was changed to ntpd_enable in FreeBSD 5.x if you have a previous version use xntpd_enable

Create the Drift file which ntpd will use

# touch /var/db/ntpd.drift

Configuration

Firstly you should find a ntp server reasonably local to you. It’s not required, but it seems like a good idea.

Create the /etc/ntpd.conf file with the ntp servers you wish to synchronize with; I chose ‘chronos.csr.net’

# nano -w /etc/ntp.conf
server chronos.csr.net prefer
driftfile /var/db/ntpd.drift
restrict default ignore

Save the file and close nano. The first line specifies your default ntp server, you can add other below it — just leave off the prefer at the end, as this tells ntpd that this server is the default. The driftfile line fairly obviously specifies the drift file for ntpd to use. Ntpd uses this file to automatically compensate for the natural drift of your systems clock, this allows it to keep fairly accurate time even when the machine is unable to update from any external sources. The final line prevents your NTP server daemon from being accessed by other machines.

If you want to allow other machines on your network to access your NTP daemon to obtain their time settings then you need to add them to the ntpd.conf file below the ‘restrict default ignore’ line. If you don’t want the other machines to either configure the server or be used to sync from then you can add them like this:

restrict 10.10.10.4 mask 255.255.255.0 notrust nomodify notrap

Where 10.10.10.4 is an IP address on your network and 255.255.255.0 is your subnet mask. The notrust prevents them from being used for synchronization purposes, the nomodify stops the client machine from altering server settings, and notrap prevents remote logging. Finally for client FreeBSD machines to sync from your NTP server use the same ntpd setup as above, with the same ntpd.conf file, but set the preferred server as the IP or DNS address of your NTP Server.

To start the daemon, either reboot or issue:

# ntpd -c /etc/ntp.conf -f /var/db/ntpd.drift

Speak Your Mind

*