NTP Server configuration on Ubuntu 18.04 Bionic Beaver Linux

Objective

The objective is to configure NTP Server on Ubuntu 18.04 Bionic Beaver Linux

Operating System and Software Versions

  • Operating System: – Ubuntu 18.04 Bionic Beaver
  • Software: – ntpd 4.2.8 or higher

Requirements

Privileged access to your Ubuntu System as root or via sudo command is required.

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user

Other Versions of this Tutorial

Ubuntu 20.04 (Focal Fossa)

Instructions

Install NTP server

First step is to install NTP server. Use the following linux command to install NTP server daemon on your Ubuntu 18.04 system:

$ sudo apt install ntp

Configure NTP server

The NTP server comes pre-configured by default. However, we may want to switch to the NTP server pool close to our server location.

Use your browser to navigate to NTP Pool Project and find the closest NTP server pool to your location. For example the following is the Australia’s NTP pool list:

0.au.pool.ntp.org
1.au.pool.ntp.org
2.au.pool.ntp.org
3.au.pool.ntp.org

In order to configure your NTP server with a new NTP server pool you should have at least one NTP server. The recommended amount is 3 – 4. In case you do not have enough NTP servers for your country, add the continent NTP servers to the list.

Once you have the list, open the NTP server’s main configuration file /etc/ntp.conf

$ sudo nano /etc/ntp.conf 

Replace lines:

pool 0.ubuntu.pool.ntp.org iburst
pool 1.ubuntu.pool.ntp.org iburst
pool 2.ubuntu.pool.ntp.org iburst
pool 3.ubuntu.pool.ntp.org iburst

With the following list of NTP pool server. For example we will now include Australia’s NTP server pool list:

pool 0.au.pool.ntp.org iburst
pool 1.au.pool.ntp.org iburst
pool 2.au.pool.ntp.org iburst
pool 3.au.pool.ntp.org iburst

Save the file and restart your NTP server:

$ sudo service ntp restart

Check the NTP server status:

$ sudo service ntp status
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-03-21 11:08:04 AEDT; 1s ago
     Docs: man:ntpd(8)
  Process: 28155 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
 Main PID: 28173 (ntpd)
    Tasks: 2 (limit: 2322)
   CGroup: /system.slice/ntp.service
           └─28173 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:115

Lastly, if you have an UFW firewall enabled on your system you will need to open the NTP UDP port 123 for incoming connections:

 $ sudo ufw allow from any to any port 123 proto udp
Rule added
Rule added (v6)

If you wish to make your firewall rules more strict visit our How to Open/Allow incoming firewall port guide for more information.



NTP Client configuration

We will now configure the Ubuntu client system to use our previously configured NTP server. To start, we first install the ntpdate command to test the NTP server configuration:

$ sudo apt install ntpdate

Next, attempt to manually sync time with our NTP server. If your NTP server can be resolved via the ntp-linuxconfig hostname execute the following ntpdate command to sync time:

$ sudo ntpdate ntp-linuxconfig
21 Mar 11:16:43 ntpdate[6090]: adjust time server 10.1.1.9 offset -0.000100 sec

All seems to be working as expected. The next step is to disable the default Ubuntu systemd’s timesyncd service:

$ sudo timedatectl set-ntp off

With the timesyncd disabled we will now install NTP daemon and set our own configured NTP server as preferred NTP server for the time synchronization.

Enter the below command to install NTP deamon:

$ sudo apt install ntp

Next, configure NTP daemon to use our previously configured NTP server resolved via the ntp-linuxconfig host name.

The following linux command will set ntp-linuxconfig as the preferred NTP time synchronization server. Update the bellow command with your NTP server’s hostname or IP address:

$ sudo bash -c "echo server ntp-linuxconfig prefer iburst >> /etc/ntp.conf"

Then, restart the NTP daemon:

$ sudo service ntp restart

Laslty, use the ntpq command to list the NTP time synchronization queue:

$ ntpq -p
Using NTP server on Ubuntu 18.04

The * sign indicates that our NTP server ntp-linuxconfig is selected as the current time synchronization source. Read the below appendix for more information on how to interpret the ntpq command’s output.


Appendix

NTPQ Command column output interpretation:

  • remote – The remote server you wish to synchronize your clock with
  • refid – The upstream stratum to the remote server. For stratum 1 servers, this will be the stratum 0 source.
  • st – The stratum level, 0 through 16.
  • t – The type of connection. Can be “u” for unicast or manycast, “b” for broadcast or multicast, “l” for local reference clock, “s” for symmetric peer, “A” for a manycast server, “B” for a broadcast server, or “M” for a multicast server
  • when – The last time when the server was queried for the time. Default is seconds, or “m” will be displayed for minutes, “h” for hours and “d” for days.
  • poll – How often the server is queried for the time, with a minimum of 16 seconds to a maximum of 36 hours. It’s also displayed as a value from a power of two. Typically, it’s between 64 seconds and 1024 seconds.
  • reach – This is an 8-bit left shift octal value that shows the success and failure rate of communicating with the remote server. Success means the bit is set, failure means the bit is not set. 377 is the highest value.
  • delay – This value is displayed in milliseconds, and shows the round trip time (RTT) of your computer communicating with the remote server.
  • offset – This value is displayed in milliseconds, using root mean squares, and shows how far off your clock is from the reported time the server gave you. It can be positive or negative.
  • jitter – This number is an absolute value in milliseconds, showing the root mean squared deviation of your offsets.

NTPQ Command row output interpretation:

  • ” ” Discarded as not valid. Could be that you cannot communicate with the remote machine (it’s not online), this time source is a “.LOCL.” refid time source, it’s a high stratum server, or the remote server is using this computer as an NTP server.
  • x Discarded by the intersection algorithm.
  • . Discarded by table overflow (not used).
  • Discarded by the cluster algorithm.
  • + Included in the combine algorithm. This is a good candidate if the current server we are synchronizing with is discarded for any reason.
  • # Good remote server to be used as an alternative backup. This is only shown if you have more than 10 remote servers.
  • * The current system peer. The computer is using this remote server as its time source to synchronize the clock
  • o Pulse per second (PPS) peer. This is generally used with GPS time sources, although any time source delivering a PPS will do. This tally code and the previous tally code “*” will not be displayed simultaneously.

Ref: https://pthree.org/2013/11/05/real-life-ntp/