Contributed by sean on from the computers-make-horrible-clocks dept.
I've tried many different things to get it to work right using a LAN local time standard as opposed to an Internet based one. The reason being that a few hundred machines all on the same network requesting time from pool.ntp.org isn't exactly efficient use of resources.
OpenNTPD has come to my rescue.
It is very simple and hard to screw up.
Take some random OpenBSD machine on your network, allow UDP port 123 (namely time) to come and go to that machine. Edit a few lines in /etc/ntpd.conf (for most use uncommenting a few lines is more accurate).
In order to serve up the SNTP protocol you need to tell ntpd(8) to listen on some address. To do this just open up /etc/ntpd.conf and add "listen on W.X.Y.Z" where W.X.Y.Z. is some local IP address.
You could also use '*' (ie. all) or '::1' (ie. localhost) in place of the explict IP address.
NOTE: You cannot just use an interface name (ie. fxp0) or interface groups like you would in PF (at least not yet).
Make sure to choose a remote time standard (with either the server or servers lines, sensor to be discussed later).
Restart ntpd (if already running) or invoke as /usr/sbin/ntpd as no parameters are needed for default operation.
You should now be good to go.
There is one caveat though, if the local time is totally hosed (like the machine was powered off for months and the clock battery died) you will have to force a local sync before any of this will work. Fortunately it is easy to do with rdate(8).
rdate pool.ntp.org
Configure the clients to poll that machine as the local time standard (which sync's itself to the Internet based time standard) and be done with it. The only platform whose client configuration wasn't immediately obvious was Windows. Seeing as though I don't really care to learn much more about it, the following was the minimum amount of effort required to get it running.
Running as a user with Administrative privileges on a particular Windows 2000+ machine.
net time /setsntp:W.X.Y.Z net stop w32time net start w32time net time /querysntpThe last line isn't required but is a confirmation the setting took. I know after doing this Windows XP will poll for time updates every hour. Roll out the above any way you see fit to the rest of your 'virus runtime environments ' (as beck@ refered to the platform). It isn't immediately obvious if and how it would be possible to change the polling interval but this should do for most of us.
(Comments are closed)
By phessler (209.204.157.100) on
Comments
By sean (139.142.208.98) on
That is a good point. time.nist.gov is like reflex for me. I'll update the article to change it.
Comments
By Richard Johnson (128.117.43.105) on
>
> That is a good point. time.nist.gov is like reflex for me. I'll update the article to change it.
It's a reflex for a lot of people. It's fine to use it, by policy, but you'll probably get better response from other servers.
That's not because it's an alpha with a disciplined oscillator and a modem to make sure it's still in synch with the atomic clock at NIST; it keeps time quite, quite well that way. Instead, it's because it's seeing up to 80,000 packets per second as of June 2006, and your UDP queries may not be seen.
By Anonymous Coward (209.91.190.26) on
Comments
By sthen (85.158.44.148) on
...but you do need working DNS to avoid long delays in /etc/rc.
Comments
By Anonymous Coward (58.84.102.143) on
where rdate uses a psychic connection and doesn't need DNS?
By frantisek holop (165.72.200.11) on
i don't think this is openntpd specific, seen it with "proper" nptd servers also.
By Anonymous Coward (193.63.217.208) on
Forgive my possibly lacking understanding of NTP etiquette but isn't the described solution the preferred one? Set up your own stratum on your local network and slave all your systems to your local NTP server... Slaving all your separate systems to pool.ntp.org seems like a slightly insane idea.
Perhaps my perspective is skewed by having OpenBSD as my router/firewall so having it serve up NTP as well was a no-brainer...
Comments
By phessler (209.204.157.100) on
>
> Perhaps my perspective is skewed by having OpenBSD as my router/firewall so having it serve up NTP as well was a no-brainer...
my objection is slaving any system to nist. slave that one guy to the pool, and its perfectly fine. I do that at multiple sites.
By Anonymous Coward (63.237.125.20) on
>
> Perhaps my perspective is skewed by having OpenBSD as my router/firewall so having it serve up NTP as well was a no-brainer...
No he is correct.
The OpenBSD server running ntpd syncs to pool.ntp.org with:
"server pool.ntp.org" in ntpd.conf
then serves out time locally with:
"listen on W.X.Y.Z"
and the M$ workstations sync to his OpenBSD server at W.X.Y.Z
"net time /setsntp:W.X.Y.Z"
Comments
By Anonymous Coward (63.237.125.20) on
+"servers pool.ntp.org" in ntpd.conf
By Anonymous Coward (63.237.125.20) on
ntpd_flags=""
in rc.conf.local, or rc.conf
Comments
By Anonymous Coward (66.225.187.196) on
>
> ntpd_flags=""
>
> in rc.conf.local, or rc.conf
ntpd_flags="-s"
and it removes the need for ntpdate.
By Anonymous Coward (69.70.68.38) on
WinXP (not sure of Win2k and less), double click on the clock, then click on 'internet time' tab and set to pool.ntp.org, or other, or better yet, local OpenNTP server name or IP and you're set. In an MS Windows 'Domain / AD' environment, there's probly other ways to set the NTP server to, via GPO's?
Comments
By wob (12.109.229.8) wob@bonch.org on
>
> WinXP (not sure of Win2k and less), double click on the clock, then click on 'internet time' tab and set to pool.ntp.org, or other, or better yet, local OpenNTP server name or IP and you're set. In an MS Windows 'Domain / AD' environment, there's probly other ways to set the NTP server to, via GPO's?
I am currently running Windows XP Professional SP2 on my laptop and I do not have this option under my clock. If I use my home machine (used for games), I DO have this option, and it runs WIndows XP Media edition SP2.
So, YMMV if this tab will exist in WinXP or not. Gotta love the consistency of windows...
By RC (71.105.39.54) on
By Anonymous Coward (81.149.188.25) on
Comments
By Otto Moerbeek (87.210.142.234) otto@drijf.net on http://www.drijf.net
Please provide a proper report of what you are seeing to misc@ or bugs@
By scot bontrager (216.62.11.163) MyFirstName...@indievisible.org on
>
>
It was wonky (0.5s slew at any given moment) on amd64-MP 3.8-3.9 but much better since 4.0. It has always been fine on i386.
Comments
By Anonymous Coward (192.165.213.18) on
> >
> >
>
> It was wonky (0.5s slew at any given moment) on amd64-MP 3.8-3.9 but much better since 4.0. It has always been fine on i386.
It seems to be a problem on HP DL380's, DL360's are fine. I'll endeavour to submit details.