ObjectiveThe objective is to configure NTP Server on Ubuntu 18.04 Bionic Beaver Linux
Operating System and Software Versions
- Operating System: - Ubuntu 18.04 Bionic Beaver
- Software: - ntpd 4.2.8 or higher
RequirementsPrivileged access to your Ubuntu System as root or via
sudocommand is required.
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ - requires given linux commands to be executed as a regular non-privileged user
Install NTP serverFirst step is to install NTP server. Use the following linux command to install NTP server daemon on your Ubuntu 18.04 system:
$ sudo apt install ntp
Configure NTP serverThe NTP server comes pre-configured by default. However, we may want to switch to the NTP server pool close to our server location.
Use your browser to navigate to NTP Pool Project and find the closest NTP server pool to your location. For example the following is the Australia's NTP pool list:
0.au.pool.ntp.org 1.au.pool.ntp.org 2.au.pool.ntp.org 3.au.pool.ntp.orgIn order to configure your NTP server with a new NTP server pool you should have at least one NTP server. The recommended amount is 3 - 4. In case you do not have enough NTP servers for your country, add the continent NTP servers to the list.
Once you have the list, open the NTP server's main configuration file
$ sudo nano /etc/ntp.confReplace lines:
With the following list of NTP pool server. For example we will now include Australia's NTP server pool list:
pool 0.ubuntu.pool.ntp.org iburst pool 1.ubuntu.pool.ntp.org iburst pool 2.ubuntu.pool.ntp.org iburst pool 3.ubuntu.pool.ntp.org iburst
Save the file and restart your NTP server:
pool 0.au.pool.ntp.org iburst pool 1.au.pool.ntp.org iburst pool 2.au.pool.ntp.org iburst pool 3.au.pool.ntp.org iburst
$ sudo service ntp restartCheck the NTP server status:
$ sudo service ntp status ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2018-03-21 11:08:04 AEDT; 1s ago Docs: man:ntpd(8) Process: 28155 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 28173 (ntpd) Tasks: 2 (limit: 2322) CGroup: /system.slice/ntp.service └─28173 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:115Lastly, if you have an UFW firewall enabled on your system you will need to open the NTP UDP port
123for incoming connections:
$ sudo ufw allow from any to any port 123 proto udp Rule added Rule added (v6)If you wish to make your firewall rules more strict visit our How to Open/Allow incoming firewall port guide for more information.
NTP Client configurationWe will now configure the Ubuntu client system to use our previously configured NTP server. To start, we first install the
ntpdatecommand to test the NTP server configuration:
$ sudo apt install ntpdateNext, attempt to manually sync time with our NTP server. If your NTP server can be resolved via the
ntp-linuxconfighostname execute the following
ntpdatecommand to sync time:
$ sudo ntpdate ntp-linuxconfig 21 Mar 11:16:43 ntpdate: adjust time server 10.1.1.9 offset -0.000100 secAll seems to be working as expected. The next step is to disable the default Ubuntu systemd's timesyncd service:
$ sudo timedatectl set-ntp offWith the
timesyncddisabled we will now install NTP daemon and set our own configured NTP server as preferred NTP server for the time synchronization.
Enter the below command to install NTP deamon:
$ sudo apt install ntpNext, configure NTP daemon to use our previously configured NTP server resolved via the
The following linux command will set
ntp-linuxconfigas the preferred NTP time synchronization server. Update the bellow command with your NTP server's hostname or IP address:
$ sudo bash -c "echo server ntp-linuxconfig prefer iburst >> /etc/ntp.conf"Then, restart the NTP daemon:
$ sudo service ntp restartLaslty, use the
ntpqcommand to list the NTP time synchronization queue:
$ ntpq -p
AppendixNTPQ Command column output interpretation:
- remote - The remote server you wish to synchronize your clock with
- refid - The upstream stratum to the remote server. For stratum 1 servers, this will be the stratum 0 source.
- st - The stratum level, 0 through 16.
- t - The type of connection. Can be "u" for unicast or manycast, "b" for broadcast or multicast, "l" for local reference clock, "s" for symmetric peer, "A" for a manycast server, "B" for a broadcast server, or "M" for a multicast server
- when - The last time when the server was queried for the time. Default is seconds, or "m" will be displayed for minutes, "h" for hours and "d" for days.
- poll - How often the server is queried for the time, with a minimum of 16 seconds to a maximum of 36 hours. It's also displayed as a value from a power of two. Typically, it's between 64 seconds and 1024 seconds.
- reach - This is an 8-bit left shift octal value that shows the success and failure rate of communicating with the remote server. Success means the bit is set, failure means the bit is not set. 377 is the highest value.
- delay - This value is displayed in milliseconds, and shows the round trip time (RTT) of your computer communicating with the remote server.
- offset - This value is displayed in milliseconds, using root mean squares, and shows how far off your clock is from the reported time the server gave you. It can be positive or negative.
- jitter - This number is an absolute value in milliseconds, showing the root mean squared deviation of your offsets.
- " " Discarded as not valid. Could be that you cannot communicate with the remote machine (it's not online), this time source is a ".LOCL." refid time source, it's a high stratum server, or the remote server is using this computer as an NTP server.
- x Discarded by the intersection algorithm.
- . Discarded by table overflow (not used).
- - Discarded by the cluster algorithm.
- + Included in the combine algorithm. This is a good candidate if the current server we are synchronizing with is discarded for any reason.
- # Good remote server to be used as an alternative backup. This is only shown if you have more than 10 remote servers.
- * The current system peer. The computer is using this remote server as its time source to synchronize the clock
- o Pulse per second (PPS) peer. This is generally used with GPS time sources, although any time source delivering a PPS will do. This tally code and the previous tally code "*" will not be displayed simultaneously.