/Guides/FreeBSD/Misc/

General Information

Many services on your FreeBSD either workstation or server benefit from knowing the time accurately, whether they are cron tasks or if you are sharing files around your network and you need the timestamps to be consistent across the network.  The NTP daemon and the ntpdate program allow you to keep accurate time on your FreeBSD machine via the Network Time Protocol.  The ntpdate program is being slowly replaced by NTPd, and indeed ntpd -q will act the same as ntpdate, so it is on its way out.  Also the ntpdate program has reduced accuracy when compared to the ntpd.  This guide will show you how to setup your machine to keep time using the NTP daemon, and also show you how you can setup the NTP daemon to act as a Time Server for your local network.

Requirements

1. Local root access on the box or be able to su to root.
   
2. A SSH client such as puTTy or SecureCRT (if you are setting it up remotely).
   
3. A plain text editor, I prefer nano

Installation

We need to tell the machine that we want ntpd started at boot so login or su to root.

Add ntpd_enable="YES" to your rc.conf file manually or enter the below command to append it to the end

#	echo 'ntpd_enable="YES"' >> /etc/rc.conf

Note:  This was changed to ntpd_enable in FreeBSD 5.x if you have a previous version use xntpd_enable

Create the Drift file which ntpd will use

#	touch /var/db/ntpd.drift

Configuration

Firstly you should find a ntp server reasonably local to you.  It's not required, but it seems like a good idea.

Create the /etc/ntpd.conf file with the ntp servers you wish to synchronize with; I chose 'chronos.csr.net'

# nano -w /etc/ntp.conf server chronos.csr.net prefer driftfile /var/db/ntpd.drift restrict default ignore

Save the file and close nano.  The first line specifies your default ntp server, you can add other below it -- just leave off the prefer at the end, as this tells ntpd that this server is the default.  The driftfile line fairly obviously specifies the drift file for ntpd to use.  Ntpd uses this file to automatically compensate for the natural drift of your systems clock, this allows it to keep fairly accurate time even when the machine is unable to update from any external sources.  The final line prevents your NTP server daemon from being accessed by other machines.

If you want to allow other machines on your network to access your NTP daemon to obtain their time settings then you need to add them to the ntpd.conf file below the 'restrict default ignore' line.  If you don't want the other machines to either configure the server or be used to sync from then you can add them like this:

restrict 10.10.10.4 mask 255.255.255.0 notrust nomodify notrap

Where 10.10.10.4 is an IP address on your network and 255.255.255.0 is your subnet mask.  The notrust prevents them from being used for synchronization purposes, the nomodify stops the client machine from altering server settings, and notrap prevents remote logging.  Finally for client FreeBSD machines to sync from your NTP server use the same ntpd setup as above, with the same ntpd.conf file, but set the preferred server as the IP or DNS address of your NTP Server.

To start the daemon, either reboot or issue:

#	ntpd -c /etc/ntp.conf -f /var/db/ntpd.drift

Author: Geffy
w00t at stealth-ninja dot co dot uk

This guide still refers to /etc/ntpd.conf
It should be /etc/ntp.conf (at least with FreeBSD 5.4)

I have some difficulties with the driftfile:

Aug  8 18:25:00 rtr01 ntpd[5820]: ntpd 4.2.0-a Fri Jul 22 13:33:37 CEST 2005 (1)
Aug  8 18:25:00 rtr01 ntpd[5820]: precision = 3.911 usec
Aug  8 18:25:00 rtr01 ntpd[5820]: kernel time sync status 2040
Aug  8 18:25:00 rtr01 ntpd[5820]: Frequency format error in /var/db/ntpd.drift
Aug  8 18:25:00 rtr01 kernel: Aug  8 18:25:00 rtr01 ntpd[5820]: Frequency format error in /var/db/ntpd.drift


Is what I get when starting ntpd.

I've changed rights, removed it, recreated it (0 size)... nothing helps. ntpd works when I don't use a driftfile.

Any help would be appreciated :)

Nevermind, it appears this file is populated after some time :) Maybe nice to add this as a note or so :)

It would be nice to mention here the ports, which need to be allowed in the firewall to let it send requests and get responce from the NTP Servers.
NTPd sends requests to the 123 port.
Don't know about responce yet.

NTP uses the UDP port 123 for connections.  Open it outboound to make connections to servers and open it inbound if you want clients connecting to you for the time.

As of FBSD 6.2, you don't need to specify an ntpd.drift file in ntp.conf--it is automatically placed in /var/db.  Also, for other machines behind a firewall that will sync to the main ntpd machine, I find 'timed' pretty easy to use.  

I don't know how 'timed' compares to 'ntpd' for either internal bandwidth or accuracy, but when I check individual machines against outside ntp servers, they are all <0.01sec off.  Good enough for what I do!

Hi,

Just want to put a note here for those who setup ntpd on FreeBSD and the XP clients sync to it. By default, it takes around 17 minutes (maxpoll) for the ntpd to be ready. If not, XP clients will complaint "An error occurred while Windows was synchronizing with <<ntpd address>>. The time sample was rejected because: The peer's stratum is less than the host's stratum."

Another thing, if starting (/etc/rc.d/ntpd start) ntpd failed with /var/log/messages complaint error 15 (blah blah blah), try :
1. /etc/rc.d/ntpd stop
2. killall ntpd
3. /etc/rc.d/ntpd start
the reason for the error 15 is because ntpd detected another instance is runnning. killall ntpd make sure all instance are kill.

Cheers !

There is an interesting issue with NTPd in Mac OS X.  Apparently Apple went to their own implementation, and it only serves ntp info if you buy and install the Server version of the OS.  This makes it difficult if you want to have 1 machine on a LAN sync to net time and provide it to the rest.  Several other standard Unix services are likewise crippled unless you pay for "Server".