NTP Config Guide
时间:2006-11-24 来源:oychw
1. 修改SUNDIAL-1000的IP(如没有可跟踪GPS的一级服务器,该步省略) 5
2. 二级时间服务器配置.... 5
2.1. 修改/etc/ntp.conf 文件. 5
2.2. 重新启动NTP进程.... 5
2.3. 检查.... 5
3. 客户端配置.... 6
3.1. Linux客户端: 6
3.2. Solaris客户端: 6
3.3. 检查.... 6
4. 二级时间服务器ntp.conf配置示例:.... 6
5. linux客户端ntp.conf示例:.... 9
6. solaris客户端ntp.conf配置示例;.... 11
1. 修改SUNDIAL-1000的IP(如没有可跟踪GPS的一级服务器,该步省略)
1. telnet SUNDIAL-1000
2. cd /bin
3. type ./_netconfig to modify the server IP
4. after modify IP successful,type ./_genkey to generate keys
2. 二级时间服务器配置
2.1. 修改/etc/ntp.conf 文件.
(具体参考二级时间服务器配置示例)
1.注释 # restrict default ignore
#:restrict 127.0.0.1
2.增加 server 10.50.10.36 maxpoll 4 minpoll 4 (如没有可跟踪GPS的一级服务器,该步省略)
3 ##### 设置广播网段 ########
4 #### 设置本机级别 #########
2.2. 重新启动NTP进程
1 #killall ntpd
2 #ntpd
2.3. 检查
#ntpq –p
remote refid st t when poll reach delay offset jitter
====================================================================
*10.50.10.36 .GPS. 1 u 60 64 77 0.479 0.968 0.471
LOCAL(0) LOCAL(0) 3 l 59 64 77 0.000 0.000 0.008
10.50.21.255 0.0.0.0 16 - - 64 0 0.000 0.000 4000.00
10.50.12.255 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
10.50.14.255 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00
当二级服务器与一级服务器时间相差较大时,时间同步调整需要较长时间,这种情况下,可以用命令:ntpdate 10.50.10.36 强制立刻调整时间
3. 客户端配置
3.1. Linux客户端
修改/etc/ntp.conf 文件(参见:linux客户端ntp.conf示例)
1. 注释 # restrict default ignore
#:restrict 127.0.0.1
2. 增加 server 10.50.21.21 maxpoll 4 minpoll 4
3. 重新启动ntpd
# killall ntpd
# ntpd
3.2. Solaris客户端
a. # cd /etc/inet
b. # cp ntp.client ntp.conf
c 修改/etc/inet/ntp.conf(参见solaris客户端ntp.conf配置示例)
增加server 10.50.21.21 maxpoll 4 minpoll 4
d 启动ntp
# cd /usr/lib/inet
# xntpd
3.3. 检查
#ntpq –p
remote refid st t when poll reach delay offset jitter
======================================================================
*10.50.21.21 10.50.10.36 2 u 14 16 377 0.228 0.026 0.086
offset: 本ntp client 与10.50.21.21的时间偏差(毫秒),稳定的情况下,局域网内在1毫秒之内
当client与sever时间相差较大时,时间同步调整需要较长时间,这种情况下,可以用命令:ntpdate 10.50.10.36 强制立刻调整时间
4. 二级时间服务器ntp.conf配置示例
# Prohibit general access to this service.
# restrict default ignore
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
# restrict 127.0.0.1
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# --- OUR TIMESERVERS -----
# or remove the default restrict line
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery
# server mytrustedtimeserverip
# --- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
#restrict 10.50.14.0 mask 255.255.255.0 nomodify
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server 10.50.10.36 prefer #### 跟踪一级服务器 ######
server 127.127.1.0
fudge 127.127.1.0 stratum 3 #### 设置本机级别(小于10大于1),
##### 作用:当一级服务器不可跟踪时,避免二级时间服务器级别成为16,
##### 而导致客户端跟踪不了二级服务器 ,客户端默认级别为10
logconfig all
logfile /var/log/xntpd ###### 日志
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /etc/ntp/drift
broadcast 10.50.21.255 ##### 设置广播网段 ########
broadcast 10.50.12.255
broadcast 10.50.14.255
#
# Authentication delay. If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate no
#
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys /etc/ntp/keys
5. linux客户端ntp.conf示例
# Prohibit general access to this service.
#restrict default ignore
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
#restrict 127.0.0.1
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service. Do not permit those systems to modify the
# configuration of this service. Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# --- OUR TIMESERVERS -----
# or remove the default restrict line
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
# restrict mytrustedtimeserverip mask 255.255.255.255 nomodify notrap noquery
# server mytrustedtimeserverip
# --- NTP MULTICASTCLIENT ---
#multicastclient # listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
#
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
logconfig all
logfile /var/log/xntpd
driftfile /etc/ntp/drift
broadcastdelay 0.008
server 10.50.21.21 maxpoll 4 minpoll 4
###设置服务器 ,每2的4次方(16秒),产生一同步信号###
#
# Authentication delay. If you use, or plan to use someday, the
# authentication facility you should make the programs in the auth_stuff
# directory and figure out what this number should be on your machine.
#
authenticate no
#
# Keys file. If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys /etc/ntp/keys
6. solaris客户端ntp.conf配置示例
# @(#)ntp.client 1.2 96/11/06 SMI
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#
server 10.50.21.21 maxpoll 4 minpoll 4
###设置服务器 ,每2的4次方(16秒),产生一同步信号###
#multicastclient 224.0.1.1
其他参考资料:
http://www.ceass.com/index.php?play=reply&id=5
SERVER的配置
2006-06-26 09:41:52
关于NTP SERVER的配置说明
NTP server的安装
如果你的服务器是Linux,请先用如下指令查看本机是否已安装ntp server
rpm -qa|grep ntp
如无,则安装上此RPM包。
也可安装tar包。
配置NTP server
NTP server的主配置文件为/etc/ntp.conf
现对/etc/ntp.conf的各项进行说明
#设置此服务器同上层服务器做时间同步的IP地址,prefer意味着首选IP地址
server 61.246.176.141 prefer
server 210.59.157.10 prefer
server 202.112.7.150 prefer
server 203.116.5.254 #asia.pool.ntp.org
server 202.162.32.12 #1.asia.pool.ntp.org
server 202.155.248.212 #0.asia.pool.ntp.org
#记录上次我们的NTP server与上层NTP server连线时所花费的时间
driftfile /etc/ntp/drift
#设置默认策略为允许任何主机进行时间同步
restrict default ignore
#设置允许访问此时间服务器的时间服务的IP地址
restrict 127.0.0.1 # 开启內部环路lo
restrict 192.168.0.2 # 主机本身的 IP 也同時开启
restrict 211.101.48.56
restrict 192.168.1.0 mask 255.255.255.0 意味着允许192.168.1.0/24子网内主机可同步
restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap #允许任何主机跟此服务器进行时间同步
#指定阶层编号为5,降低其优先度。
fudge 127.127.1.1 stratum 5
#设置ntp日志的path
statsdir /var/log/ntp/
#设置ntp日志文件
logfile /var/log/ntp/ntp.log
keys /etc/ntp/keys
三、NTP server的维护
1、 启动
service ntpd start或者ntpd –p /var/log/ntpd.pid或手工指定配置文件的带path的全名
如ntpd –c /etc/ntp/ntp.conf –p /var/log/ntpd.pid
2、 停止
service ntpd stop
3、 ntpq –p 查看本机和上层服务器的时间同步结果
4、 ntptrace 可以用來追踪某台时间服务器的时间对应关系
5、 ntpdate IP 客户端要和NTP server进行时钟同步。
6、 查看ntp日志/var/log/ntp/ntp.log
四、客户端的配置
LINUX客户端:
echo “10 5 * * * root /usr/sbin/ntpdate 192.168.5.3;/sbin/hwclock -w”>>/etc/crontab
意为每天凌晨的5:10同NTP server进行一次时钟同步,并写入本机BIOS
Solaris客户端:
echo “15 5 * * * /usr/sbin/ntpdate 192.168.5.3”>>/etc/crontab
相关阅读 更多 +
