Contributed by sean on from the computers-make-horrible-clocks dept.
I've tried many different things to get it to work right using a LAN local time standard as opposed to an Internet based one. The reason being that a few hundred machines all on the same network requesting time from pool.ntp.org isn't exactly efficient use of resources.
OpenNTPD has come to my rescue.
It is very simple and hard to screw up.
Take some random OpenBSD machine on your network, allow UDP port 123 (namely time) to come and go to that machine. Edit a few lines in /etc/ntpd.conf (for most use uncommenting a few lines is more accurate).
In order to serve up the SNTP protocol you need to tell ntpd(8) to listen on some address. To do this just open up /etc/ntpd.conf and add "listen on W.X.Y.Z" where W.X.Y.Z. is some local IP address.
You could also use '*' (ie. all) or '::1' (ie. localhost) in place of the explict IP address.
NOTE: You cannot just use an interface name (ie. fxp0) or interface groups like you would in PF (at least not yet).
Make sure to choose a remote time standard (with either the server or servers lines, sensor to be discussed later).
Restart ntpd (if already running) or invoke as /usr/sbin/ntpd as no parameters are needed for default operation.
You should now be good to go.
There is one caveat though, if the local time is totally hosed (like the machine was powered off for months and the clock battery died) you will have to force a local sync before any of this will work. Fortunately it is easy to do with rdate(8).
Configure the clients to poll that machine as the local time standard (which sync's itself to the Internet based time standard) and be done with it. The only platform whose client configuration wasn't immediately obvious was Windows. Seeing as though I don't really care to learn much more about it, the following was the minimum amount of effort required to get it running.
Running as a user with Administrative privileges on a particular Windows 2000+ machine.
net time /setsntp:W.X.Y.Z net stop w32time net start w32time net time /querysntpThe last line isn't required but is a confirmation the setting took. I know after doing this Windows XP will poll for time updates every hour. Roll out the above any way you see fit to the rest of your 'virus runtime environments ' (as beck@ refered to the platform). It isn't immediately obvious if and how it would be possible to change the polling interval but this should do for most of us.
(Comments are closed)