Installing and setting up ntpd under Ubuntu

Posted on May 17, 2010 by billy

Install NTP on your home server

sudo apt-get install ntp

Bare in mind that I’m in the UK so I’m obviously I’m going to choose NTP servers that are geographically close to me.

After reading a fair bit about configuring ntp safely, what to include and what to block. My server is now serving all the machines on my home network.

My /etc/ntp.conf now looks like this, feel free to use it if you wish (I take no responsibility if it doesn’t work or isn’t correct for your network) works fine with mine though :-D

ntp.conf file below.

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift

# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# You do need to talk to an NTP server or two (or three).
server uk.pool.ntp.org
server ntp2a.mcc.ac.uk
server ntp.maths.tcd.ie
restrict uk.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict ntp2a.mcc.ac.uk mask 255.255.255.255 nomodify notrap noquery
restrict -4 ntp.maths.tcd.ie mask 255.255.255.255 nomodify notrap noquery

# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page
# might also be helpful.
#
# Note that “restrict” applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

# By default block connections from unauthorized hosts
restrict default ignore
restrict -6 default ignore

# By default, exchange time with everybody, but don’t allow configuration.
# restrict -4 default kod notrap nomodify nopeer noquery
# restrict -6 default kod notrap nomodify nopeer noquery

# restricted to my subnet without cryptograpically authentication
# This does work
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# This IP6 address is for documentation purposes, you would put your own in.
restrict -6 2001:838:0:1:: mask ffff:ffff:ffff:ffff:: nomodify notrap

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
# restrict 192.168.1.0 mask 255.255.255.0 notrust

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
# broadcast 192.168.1.255

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient

References :-

Linuxware Blog – http://linuxwave.blogspot.com/
Access Restrictions -  http://support.ntp.org
UbuntuGeeks – http://www.ubuntugeek.com

About billy

Senior IT Technician working in Edinburgh, Scotland.
This entry was posted in Computing Tips, Linux and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>