NTP Installation and Configuration on CentOS 7 and RHEL 7

In this tutorial, I am going to show you, NTP installation and configuration on CentOS 7 and RHEL 7. We will configure automatically synchronize time with the closest geographically peers available for our server location by using NTP Public Pool Time Servers list. So let’s start.

What is NTP?

NTP stand for Network Time Protocol. NTP is used for clock synchronization between computers system over networks. It’s run over port 123 UDP at Transport Layer.

NTP service installation and configuration

NTP service package is provided by default from official CentOS7 /RHEL7 repositories and we can install by yum with following command.

[[email protected] ~]# yum install ntp
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.excellmedia.net
 * extras: centos.excellmedia.net
 * updates: centos.excellmedia.net
Resolving Dependencies
--> Running transaction check
---> Package ntp.x86_64 0:4.2.6p5-28.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================================================================
 Package                           Arch                                 Version                                                Repository                          Size
========================================================================================================================================================================
Installing:
 ntp                               x86_64                               4.2.6p5-28.el7.centos                                  base                               549 k
Transaction Summary
========================================================================================================================================================================
Install  1 Package
Total download size: 549 k
Installed size: 1.4 M
Is this ok [y/d/N]: y
Downloading packages:
ntp-4.2.6p5-28.el7.centos.x86_ FAILED                                                                                                 ]  1.2 B/s |  44 kB 116:45:40 ETA
http://ftp.iitm.ac.in/centos/7.5.1804/os/x86_64/Packages/ntp-4.2.6p5-28.el7.centos.x86_64.rpm: [Errno 12] Timeout on http://ftp.iitm.ac.in/centos/7.5.1804/os/x86_64/Packages/ntp-4.2.6p5-28.el7.centos.x86_64.rpm: (28, 'Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
Trying other mirror.
ntp-4.2.6p5-28.el7.centos.x86_64.rpm                                                                                                             | 549 kB  00:00:12
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : ntp-4.2.6p5-28.el7.centos.x86_64                                                                                                                     1/1
  Verifying  : ntp-4.2.6p5-28.el7.centos.x86_64                                                                                                                     1/1
Installed:
  ntp.x86_64 0:4.2.6p5-28.el7.centos
Complete!
[[email protected] ~]#

You can see here our NTP service has been successfully installed.

We can select NTP Pool Server list from pool ntp site

After successfully NTP service installation, We need to go to official NTP Public Pool Time Servers, choose your continent area where the server physically is located, then search for your country location after that you can see NTP servers list for selected country. Like this:-

 

After NTP server selection, we have to edit our NTP service configuration file. You can find NTP configuration file on this path:- /etc/ntp.conf. So let’s start NTP configuration. First of all we have to comment the default list of Public Servers from pool.ntp.org project and replace it with the list provided for your country like below configuration in bold:-

[[email protected] ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

#Our Public server list---
server 0.europe.pool.ntp.org iburst
server 1.europe.pool.ntp.org iburst
server 2.europe.pool.ntp.org iburst
server 3.europe.pool.ntp.org iburst

Here is our public NTP Server has been configured in ntp.conf file.

Now we need to add our network which we want to allow

Now we need to allow clients from our networks to synchronize time with our server. To accomplish this, we need to add the following line to NTP configuration file, where restrict statement controls, Here we can define network, which Network we want to allowed to query and sync time – replace network IPs accordingly. Like this:-

[[email protected] ~]# cat /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

#Allow 192.168.1.0/24 network client to synchronize time with this server
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

The nomodify notrap statements suggest that your clients are not allowed to configure the server or be used as peers for time sync.

NTP service Logs enable

If you want to additional information for troubleshooting in case there is any issue with your NTP service then you can add a log file statement which will allow to record all NTP server logs into one dedicated log file. You can add log file /var/log/ntp.log at the end of ntp.conf file. Like this:-

# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
logfile /var/log/ntp.log

NTP Server Configuration has been completed

After all above mandatory configuration changes, we can save ntp.conf file. Our final configuration should be look like this in the below screenshot. In below yellow line is our final configuration.

 

We need to add Firewall Rules for NTP service

NTP service uses UDP port 123 on OSI transport layer (layer 4). We can run this below commands to open 123 port on RHEL7 / CentOS 7 against Firewalld service.

[[email protected] ~]# firewall-cmd --add-service=ntp --permanent
success
[[email protected] ~]# firewall-cmd --reload
success
[[email protected] ~]#

Now port has been successfully open from system firewall.

Now we need to enable and start our NTP server.

After that we can start NTP server and make sure ntpd server should be enable at the server boot time. So once your server will restart, NTP server automatically start. You can use below commands to start the ntpd service and enable ntpd service at the boot time.

[[email protected] ~]# systemctl start ntpd
[[email protected] ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[[email protected] ~]# systemctl status ntpd
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-05-12 19:45:00 CEST; 17s ago
Main PID: 4990 (ntpd)
CGroup: /system.slice/ntpd.service
└─4990 /usr/sbin/ntpd -u ntp:ntp -g

May 12 19:45:00 urclouds.com systemd[1]: Starting Network Time Service...
May 12 19:45:00 urclouds.com systemd[1]: Started Network Time Service.
May 12 19:45:00 urclouds.com ntpd[4990]: proto: precision = 0.116 usec
May 12 19:45:00 urclouds.com ntpd[4990]: 0.0.0.0 c01d 0d kern kernel time sync enabled
[[email protected] ~]#

You can see here our NTP server has been successfully start.

Now we can Verify NTP Server Time Sync

After NTP server has been successfully started, wait a few minutes for the server to synchronize time with its pool list servers, then run the following commands to verify NTP peers synchronization status and your system time.

[[email protected] ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+249.34.213.162. 145.238.203.14 2 u 26 64 377 302.835 -195.58 54.306
+devrandom.pl 85.199.214.101 2 u 23 64 377 533.723 -374.02 177.357
-stratum2-3.NTP. 129.70.130.71 2 u 65 64 377 666.239 -391.77 123.665
*a.fraho.eu 36.224.68.195 2 u 57 64 377 234.316 -218.82 30.001
[[email protected] ~]# date -R
Sat, 12 May 2018 19:49:33 +0200
[[email protected] ~]#

Here you can see NTP Time Sync successfully.

If you want to query and synchronize against a pool of your choice use ntpdate command, followed by the server or servers addresses, as suggested in the following command line example.

[[email protected] ~]# ntpdate -q 0.europe.pool.ntp.org 1.europe.pool.ntp.org
server 62.210.28.176, stratum 4, offset -0.008740, delay 0.25925
server 91.220.110.116, stratum 2, offset -0.015816, delay 0.31517
server 195.154.105.147, stratum 3, offset -0.015171, delay 0.24710
server 195.222.33.219, stratum 2, offset -0.040328, delay 0.24344
server 144.76.208.242, stratum 1, offset -0.036350, delay 0.26050
server 85.214.194.162, stratum 2, offset -0.017685, delay 0.26956
server 5.34.248.225, stratum 3, offset -0.026745, delay 0.28308
server 62.210.244.146, stratum 2, offset -0.021295, delay 0.23965
12 May 19:52:50 ntpdate[5104]: adjust time server 144.76.208.242 offset -0.036350 sec
[[email protected] ~]#

Synchronize NTP Time has been done with NTP pool server.

Check with timedatectl command

You can also check with timedatectl command and your NTP enabled and NTP synchronized should be yes on your NTP server look like this:-

[[email protected] ~]# timedatectl
Local time: Fri 2018-05-25 14:52:38 CEST
Universal time: Fri 2018-05-25 12:52:38 UTC
RTC time: Fri 2018-05-25 12:52:37
Time zone: Europe/Brussels (CEST, +0200)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-25 01:59:59 CET
Sun 2018-03-25 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-10-28 02:59:59 CEST
Sun 2018-10-28 02:00:00 CET
[[email protected] ~]#

If your NTP synchronized is no then you have to enable with below commands. First you have stop your NTP server and then you have to try to enable NTP synchronized once this enabled you have to start NTP service. Like this:-

[[email protected] ~]# timedatectl
Local time: Fri 2018-05-25 15:26:17 CEST
Universal time: Fri 2018-05-25 13:26:17 UTC
RTC time: Fri 2018-05-25 13:26:16
Time zone: Europe/Brussels (CEST, +0200)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-25 01:59:59 CET
Sun 2018-03-25 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-10-28 02:59:59 CEST
Sun 2018-10-28 02:00:00 CET
[[email protected] ~]#
[[email protected] ~]# systemctl stop ntpd
[[email protected] ~]# timedatectl set-ntp 1
[[email protected] ~]# timedatectl
Local time: Fri 2018-05-25 15:27:47 CEST
Universal time: Fri 2018-05-25 13:27:47 UTC
RTC time: Fri 2018-05-25 13:27:46
Time zone: Europe/Brussels (CEST, +0200)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-25 01:59:59 CET
Sun 2018-03-25 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-10-28 02:59:59 CEST
Sun 2018-10-28 02:00:00 CET
[[email protected] ~]# systemctl start ntpd

Now our NTP server has been successfully installed and configured.

Configure NTP Client on Windows Machine.

Now we are going to configure our Windows to synchronize time with our NTP server. Go to Time from the right side of Taskbar -> Change Date and Time Settings -> Internet Time tab -> Change Settings -> Check Synchronize with an Internet time server -> put your server’s  IP or FQDN on Server filed -> Update now -> OK.

After that our windows will be sync with our NTP server.

Configure NTP Client on Linux server

Now I am going to show you how to configure NTP client on Linux7 and CentOS7. We need to install ntp package on client as like NTP server.

[[email protected] ~]# yum install ntp

After package installation we need to add NTP server IP in /etc/ntp.conf file like this:-

After that we need to enable and start our ntp service on NTP client. Like this:-

[[email protected] ~]# systemctl enable ntpd
[[email protected] ~]# systemctl start ntpd

Now you have to check with timedatectl command and your  output will be look like below. If there is any different you can perform above NTP server timedateclt steps to correct it.

[[email protected] ~]# timedatectl
Local time: Fri 2018-05-25 16:14:10 CEST
Universal time: Fri 2018-05-25 14:14:10 UTC
RTC time: Fri 2018-05-25 14:14:08
Time zone: Europe/Brussels (CEST, +0200)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-25 01:59:59 CET
Sun 2018-03-25 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-10-28 02:59:59 CEST
Sun 2018-10-28 02:00:00 CET
[[email protected] ~]#

After that you can see you client date automatically sync with your NTP server.

That’s all  we have completed NTP server and NTP Client installation and Configuration.

You can also check with below link how to configure DNS on CentOS 7 and RHEL 7

DNS Server and Client Configuration in CentOS 7

 

20 thoughts on “NTP Installation and Configuration on CentOS 7 and RHEL 7

  1. It’s going to be end of mine day, except before finish I am reading this great article to increase my knowledge.

  2. Hi, Neat post. There’s an issue together with your website in web explorer, might test
    this? IE nonetheless is the marketplace chief and a
    big component to people will miss your excellent writing because of this problem.

  3. I’m not sure where you are getting your information,
    but good topic. I needs to spend some time learning more or understanding more.
    Thanks for wonderful info I was looking for this information for
    my mission.

  4. Nice replies in return of this matter with real arguments and telling everything concerning that.

  5. I simply needed to thank you so much once again. I’m not certain the things I might have worked on in the absence of the creative ideas provided by you over my area. Previously it was a very troublesome scenario for me, however , understanding the very professional way you treated that made me to cry with happiness. Now i am grateful for this service and as well , trust you know what an amazing job that you are accomplishing instructing people via your webblog. I am sure you’ve never come across any of us.

  6. This design is steller! You certainly know how to keep a reader amused. Between your wit and your videos, I was almost moved to start my own blog (well, almost…HaHa!) Excellent job. I really enjoyed what you had to say, and more than that, how you presented it. Too cool!

  7. We absolutely love your blog and find many of your post’s to be exactly I’m looking for. Does one offer guest writers to write content to suit your needs? I wouldn’t mind producing a post or elaborating on many of the subjects you write with regards to here. Again, awesome web log!

  8. Hello There. I found your blog using msn. This is a very well written article. I will be sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will certainly comeback.

  9. Wow! This can be one particular of the most beneficial blogs We’ve ever arrive across on this subject. Basically Magnificent. I am also an expert in this topic therefore I can understand your effort.

  10. I have read so many articles or reviews concerning the blogger lovers but this post is truly a nice piece of writing, keep it up.

  11. I do not even know the way I finished up here, but I assumed this
    put up used to be great. I don’t understand
    who you might be however definitely you’re going to a well-known blogger when you
    aren’t already. Cheers!

  12. I blog often and I really thank you for
    your information. This great article has really peaked my interest.

    I am going to take a note of your blog and keep checking
    for new details about once per week. I subscribed to your RSS feed too.

  13. I’ll right away clutch your rss feed as I can’t find your e-mail subscription hyperlink or e-newsletter service.
    Do you have any? Kindly permit me recognize
    in order that I may subscribe. Thanks.

  14. Right now it sounds like Movable Type is the top blogging platform out there right now.
    (from what I’ve read) Is that what you are using on your blog?

  15. Wow that was odd. I just wrote an really long comment but after I clicked submit my comment didn’t show up. Grrrr… well I’m not writing all that over again. Anyways, just wanted to say superb blog!

Leave a Reply

Your email address will not be published. Required fields are marked *