Setting up NTPD

Posted in Daemons, OpenBSD - 1 Июнь 2010 - No comment

Here I try to provide a guide to the succesful installation, configuration and usage of NTPD on OpenBSD.

  1. Install the ntp package:

    pkg_add ntp-4.1.1c.tgz
    pkg_add ntp-doc-4.1.1c.tgz

    The «doc» package is optional. It contains the documentation for the NTP daemon.

  2. Edit /etc/rc.conf.local to start the network time services automatically.

    Set «ntpdate_flags» to the IP address of a NTP server, so that when the system boots, the local system clock is synchronized with that remote NTP server. This is a one time only action, only executed at system start.

    ntpdate_flags="129.6.15.28" # for normal use: NTP server; run before ntpd starts

    Why? Well, if the difference of the local system’s time and the remote NTP server(s) time is greater than one hour, the local running NTPD won’t synchronize the local system’s time with the time of the remote NTP server(s).

    Set «ntpd» to «YES» if you’d like to continuesly run a local NTP daemon, which synchronizes the local system’s time with the time offered by one or more remote NTP servers.

    ntpd=YES # run ntpd if it exists

  3. Create a directory where ntpd can store some files like drift:

    mkdir /etc/ntp

  4. Create/edit the file /etc/ntp.conf to configure the workings of ntpd:

    # Keep it rather quiet
    logconfig =syncevents +allclock

    # Drift file. Put this in a directory which the daemon can write to.
    driftfile /etc/ntp/drift

    # Undisciplined Local Clock. This is a fake driver intended for backup
    # and when no outside source of synchronized time is available.
    server 127.127.1.0
    fudge 127.127.1.0 stratum 10

    # NTP servers from NIST for Atlantis
    server 129.6.15.28 iburst
    server 129.6.15.29 iburst

    # Do not allow anybody
    restrict default ignore

    # Do not peer with oneself
    restrict 127.0.0.1 mask 255.255.255.255 nopeer
    restrict 10.0.0.3 mask 255.255.255.255 nopeer
    restrict 192.168.0.3 mask 255.255.255.255 nopeer
    restrict 131.174.117.141 mask 255.255.255.255 nopeer

    # Allow NTP servers to inform us (-:
    restrict 129.6.15.28 mask 255.255.255.255
    restrict 129.6.15.29 mask 255.255.255.255

    For a more detailed working example, see my ntp.conf file.

  5. Reboot the system to have the changes take effect. Alternately, you can execute

    /usr/local/sbin/ntpd -p /var/run/ntpd.pid

    to start the local NTP server.

  6. Check /var/log/daemon if the NTP server was started succesfully.
Tags: ,

Comments are closed.