The objective is to configure NTP Server on Ubuntu 18.04 Bionic Beaver Linux
Operating System and Software Versions
- Operating System: – Ubuntu 18.04 Bionic Beaver
- Software: – ntpd 4.2.8 or higher
Privileged access to your Ubuntu System as root or via
sudo command is required.
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ – requires given linux commands to be executed as a regular non-privileged user
Other Versions of this Tutorial
Install NTP server
First step is to install NTP server. Use the following linux command to install NTP server daemon on your Ubuntu 18.04 system:
$ sudo apt install ntp
Configure NTP server
The NTP server comes pre-configured by default. However, we may want to switch to the NTP server pool close to our server location.
Use your browser to navigate to NTP Pool Project and find the closest NTP server pool to your location. For example the following is the Australia’s NTP pool list:
0.au.pool.ntp.org 1.au.pool.ntp.org 2.au.pool.ntp.org 3.au.pool.ntp.org
In order to configure your NTP server with a new NTP server pool you should have at least one NTP server. The recommended amount is 3 – 4. In case you do not have enough NTP servers for your country, add the continent NTP servers to the list.
Once you have the list, open the NTP server’s main configuration file
$ sudo nano /etc/ntp.conf
pool 0.ubuntu.pool.ntp.org iburst pool 1.ubuntu.pool.ntp.org iburst pool 2.ubuntu.pool.ntp.org iburst pool 3.ubuntu.pool.ntp.org iburst
With the following list of NTP pool server. For example we will now include Australia’s NTP server pool list:
pool 0.au.pool.ntp.org iburst pool 1.au.pool.ntp.org iburst pool 2.au.pool.ntp.org iburst pool 3.au.pool.ntp.org iburst
Save the file and restart your NTP server:
$ sudo service ntp restart
Check the NTP server status:
$ sudo service ntp status ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2018-03-21 11:08:04 AEDT; 1s ago Docs: man:ntpd(8) Process: 28155 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 28173 (ntpd) Tasks: 2 (limit: 2322) CGroup: /system.slice/ntp.service └─28173 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 111:115
Lastly, if you have an UFW firewall enabled on your system you will need to open the NTP UDP port
123 for incoming connections:
$ sudo ufw allow from any to any port 123 proto udp Rule added Rule added (v6)
If you wish to make your firewall rules more strict visit our How to Open/Allow incoming firewall port guide for more information.
NTP Client configuration
We will now configure the Ubuntu client system to use our previously configured NTP server. To start, we first install the
ntpdate command to test the NTP server configuration:
$ sudo apt install ntpdate
Next, attempt to manually sync time with our NTP server. If your NTP server can be resolved via the
ntp-linuxconfig hostname execute the following
ntpdate command to sync time:
$ sudo ntpdate ntp-linuxconfig 21 Mar 11:16:43 ntpdate: adjust time server 10.1.1.9 offset -0.000100 sec
All seems to be working as expected. The next step is to disable the default Ubuntu systemd’s timesyncd service:
$ sudo timedatectl set-ntp off
timesyncd disabled we will now install NTP daemon and set our own configured NTP server as preferred NTP server for the time synchronization.
Enter the below command to install NTP deamon:
$ sudo apt install ntp
Next, configure NTP daemon to use our previously configured NTP server resolved via the
ntp-linuxconfig host name.
The following linux command will set
ntp-linuxconfig as the preferred NTP time synchronization server. Update the bellow command with your NTP server’s hostname or IP address:
$ sudo bash -c "echo server ntp-linuxconfig prefer iburst >> /etc/ntp.conf"
Then, restart the NTP daemon:
$ sudo service ntp restart
Laslty, use the
ntpq command to list the NTP time synchronization queue:
$ ntpq -p
NTPQ Command column output interpretation:
- remote – The remote server you wish to synchronize your clock with
- refid – The upstream stratum to the remote server. For stratum 1 servers, this will be the stratum 0 source.
- st – The stratum level, 0 through 16.
- t – The type of connection. Can be “u” for unicast or manycast, “b” for broadcast or multicast, “l” for local reference clock, “s” for symmetric peer, “A” for a manycast server, “B” for a broadcast server, or “M” for a multicast server
- when – The last time when the server was queried for the time. Default is seconds, or “m” will be displayed for minutes, “h” for hours and “d” for days.
- poll – How often the server is queried for the time, with a minimum of 16 seconds to a maximum of 36 hours. It’s also displayed as a value from a power of two. Typically, it’s between 64 seconds and 1024 seconds.
- reach – This is an 8-bit left shift octal value that shows the success and failure rate of communicating with the remote server. Success means the bit is set, failure means the bit is not set. 377 is the highest value.
- delay – This value is displayed in milliseconds, and shows the round trip time (RTT) of your computer communicating with the remote server.
- offset – This value is displayed in milliseconds, using root mean squares, and shows how far off your clock is from the reported time the server gave you. It can be positive or negative.
- jitter – This number is an absolute value in milliseconds, showing the root mean squared deviation of your offsets.
NTPQ Command row output interpretation:
- ” ” Discarded as not valid. Could be that you cannot communicate with the remote machine (it’s not online), this time source is a “.LOCL.” refid time source, it’s a high stratum server, or the remote server is using this computer as an NTP server.
- x Discarded by the intersection algorithm.
- . Discarded by table overflow (not used).
- – Discarded by the cluster algorithm.
- + Included in the combine algorithm. This is a good candidate if the current server we are synchronizing with is discarded for any reason.
- # Good remote server to be used as an alternative backup. This is only shown if you have more than 10 remote servers.
- * The current system peer. The computer is using this remote server as its time source to synchronize the clock
- o Pulse per second (PPS) peer. This is generally used with GPS time sources, although any time source delivering a PPS will do. This tally code and the previous tally code “*” will not be displayed simultaneously.