Objective
The objective is to configure private NTP server on Debian 9 Stretch Linux
Operating System and Software Versions
- Operating System: – Debian 9 Stretch
- Software: – ntpd 4.2.8
Requirements
Privileged access to your Debian server installation will be required.
Difficulty
EASY
Conventions
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudocommand - $ – requires given linux commands to be executed as a regular non-privileged user
Instructions
If you are running a single system or small local area network with few hosts, setting up a dedicated NTP server could be considered as an overkill. However, for a large network, setting up a private NTP server, privately serving LAN clients only is recommended.
NTP Server Installation
The installation of NTP server is easy as one command execution:
# apt install ntp
After installation, confirm that your NTP server is up and running:
# systemctl status ntp
● ntp.service - LSB: Start NTP daemon
Loaded: loaded (/etc/init.d/ntp; generated; vendor preset: enabled)
Active: active (running) since Fri 2017-06-16 10:19:45 AEST; 3s ago
Docs: man:systemd-sysv-generator(8)
Process: 1259 ExecStop=/etc/init.d/ntp stop (code=exited, status=0/SUCCESS)
Process: 1308 ExecStart=/etc/init.d/ntp start (code=exited, status=0/SUCCESS)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/ntp.service
└─1318 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 108:112
NTP Server Configuration
The NTP sever comes pre-configured out of the box. The configuration of your NTP server can be managed via /etc/ntp.conf configuration file. The default NTP server configuration relies on debian.pool.ntp.org server group:
pool 0.debian.pool.ntp.org iburst pool 1.debian.pool.ntp.org iburst pool 2.debian.pool.ntp.org iburst pool 3.debian.pool.ntp.org iburst
Depending on your location you may edit the above NTP server group to any know NTP server closer to your location. Alternatively, use country specific pool.ntp.org sub-groups. For example to limit NTP server sub-group to United States edit your /etc/ntp.conf with:
pool 0.us.pool.ntp.org iburst pool 1.us.pool.ntp.org iburst pool 2.us.pool.ntp.org iburst pool 3.us.pool.ntp.org iburst
This works for most countries. For example if you are within Australia the 0.debian.pool.ntp.org will become 0.au.pool.ntp.org, for India 0.in.pool.ntp.org and so on.
Additionally, you may want to restrict access to your NTP server only to a specific LAN clients. For example by adding the bellow line within your /etc/ntp.conf NTP config file the server will restrict NTP use only to 10.0.0.0 network with mask 255.0.0.0.
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
After you have made changes to /etc/ntp.conf NTP configuration file issue server restart:
# systemctl restart ntp
To enable your server to start after reboot run:
# systemctl enable ntp ntp.service is not a native service, redirecting to systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable ntp
Client Configuration
To configure client to use NTP server, first you need to install ntpdate package:
# apt install ntpdate
Once installed, attempt to query your new NTP server. Given that the NTP server can be resolved via host name linuxconfig.ntp execute:
# ntpdate linuxconfig.ntp 6 Jun 10:59:05 ntpdate[11190]: adjust time server 10.1.1.125 offset -0.005883 sec
What remains, is to edit /etc/default/ntpdate file to force your client to use your new NTP server permanently.