{"id":1445,"date":"2018-11-18T12:43:13","date_gmt":"2018-11-18T09:43:13","guid":{"rendered":"http:\/\/kifarunix.com\/?p=1445"},"modified":"2024-03-11T21:34:01","modified_gmt":"2024-03-11T18:34:01","slug":"how-to-install-and-configure-ntp-server-using-ntpd-on-fedora-29-fedora-28","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/how-to-install-and-configure-ntp-server-using-ntpd-on-fedora-29-fedora-28\/","title":{"rendered":"How to Install and Configure NTP Server Using NTPd on Fedora 29\/Fedora 28"},"content":{"rendered":"\n<p>This is yet another guide on how to install and configure NTP server using NTPd on Fedora 29\/Fedora 28. Step through this guide in order to setup your NTP server for automatic time adjustments.. In our previous article, we learnt <a href=\"https:\/\/kifarunix.com\/howtos\/how-to-install-and-configure-ntp-server-using-chrony-on-fedora-29\/2\/\" target=\"_blank\" rel=\"noopener noreferrer\">how to setup NTP server using <strong>Chronyd<\/strong>&nbsp;on Fedora28\/Fedora29<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing NTP Server Using NTPd on Fedora 29\/Fedora 28<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Install NTPd on Fedora<\/h3>\n\n\n\n<p>The ntpd deamon is provided by the ntp package. Therefore, run the command below to install ntpd.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install ntp -y<\/code><\/pre>\n\n\n\n<p>In order to use ntpd the default user space daemon, chronyd, must be stopped and disabled, if at all it is installed on the same system. Run the commands below to stop and disable chronyd from&nbsp;restarting at system start.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl stop chronyd\nsystemctl disable chronyd<\/code><\/pre>\n\n\n\n<p>To start and enable ntpd at system start, run the following command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start ntpd\nsystemctl enable ntpd<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Configure NTP on Fedora<\/h2>\n\n\n\n<p>The main configuration file for NTP is <code>\/etc\/ntp.conf<\/code>. This file is installed together with ntpd and is configured to use time servers from the Fedora pool by default.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Configure Acces control to NTP service<\/h4>\n\n\n\n<p>Access to the NTP service can be controlled or restricted by making the use of the <code>restrict<\/code>command in the ntp.conf file. The command syntax is;<\/p>\n\n\n\n<p><code>restrict option<\/code>&nbsp; where option can be;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ignore<\/code> \u2014 All packets will be ignored, including ntpq and ntpdc queries.<\/li>\n\n\n\n<li><code>kod<\/code> \u2014 a \u201cKiss-o&#8217;-death\u201d packet is to be sent to reduce unwanted queries.<\/li>\n\n\n\n<li><code>limited<\/code> \u2014 do not respond to time service requests if the packet violates the rate limit default values or those specified by the discard command. ntpq and ntpdc queries are not affected.<\/li>\n\n\n\n<li><code>lowpriotrap<\/code> \u2014 traps set by matching hosts to be low priority.<\/li>\n\n\n\n<li><code>nomodify<\/code> \u2014 prevents any changes to the configuration.<\/li>\n\n\n\n<li><code>noquery<\/code> \u2014 prevents ntpq and ntpdc queries, but not time queries, from being answered. This can help prevent NTP amplification attacks.<\/li>\n\n\n\n<li><code>nopeer<\/code> \u2014 prevents a peer association being formed.<\/li>\n\n\n\n<li><code>noserver<\/code> \u2014 deny all packets except ntpq and ntpdc queries.<\/li>\n\n\n\n<li><code>notrap<\/code> \u2014 prevents ntpdc control message protocol traps.<\/li>\n\n\n\n<li><code>notrust<\/code> \u2014 deny packets that are not cryptographically authenticated.<\/li>\n\n\n\n<li><code>notpport<\/code> \u2014 modify the match algorithm to only apply the restriction if the source port is the standard NTP UDP port 123.<\/li>\n\n\n\n<li><code>version<\/code> \u2014 deny packets that do not match the current NTP version.<\/li>\n<\/ul>\n\n\n\n<p>To restrict local access to the server, edit the <code>\/etc\/ntp.conf<\/code> and add the network range the server is allowed to receive requests from.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/ntp.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>...<\/strong>\n# Hosts on local network are less restricted.\n#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap\n<strong>restrict 192.168.43.0 mask 255.255.255.0 nomodify notrap\n<\/strong><strong>...<\/strong><\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure time servers<\/h4>\n\n\n\n<p>NTP is configured to use time servers from the Fedora pool by default. Therefore, change this by replacing the time servers with the servers close to your timezone area.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n<strong>...<\/strong>\n# Use public servers from the pool.ntp.org project.\n# Please consider joining the pool (http:\/\/www.pool.ntp.org\/join.html).\n#pool 2.fedora.pool.ntp.org iburst\n<strong>server 0.africa.pool.ntp.org iburst<\/strong>\n<strong>server 1.africa.pool.ntp.org iburst<\/strong>\n<strong>server 2.africa.pool.ntp.org iburst<\/strong>\n<strong>server 3.africa.pool.ntp.org iburst\n<\/strong><strong>...<\/strong>\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Firewall to Allow Incoming NTP connections<\/h3>\n\n\n\n<p>NTP listens on UDP port 123 and therefore, traffic to this port has to be e permitted through network and host-based firewalls in order for NTP to function. Run the command below to allow packets to port 123\/UDP.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=123\/udp --permanent\nfirewall-cmd --reload<\/code><\/pre>\n\n\n\n<p>Restart NTPd daemon<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart ntpd<\/code><\/pre>\n\n\n\n<p>To verify if NTP server is working normally, run the command below.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ntpq -p<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n     remote           refid      st t when poll reach   delay   offset  jitter\n==============================================================================\n*lon1.kakte.com  178.62.115.212   3 u   56   64  377  232.746  115.195 181.208\n+ntp3.inx.net.za 0.60.139.194     2 u   13   64  377  289.535   15.691 202.211\n+ntp.blueline.mg 193.79.237.14    2 u   55   64  377  501.236  131.465  54.479\n<\/code><\/pre>\n\n\n\n<p>Now that all is well, proceed to configure NTP client.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure NTP client<\/h2>\n\n\n\n<p>In order to receive time synchronization from our NTP server, proceed to configure the client. In this case, you can either use the NTP service daemon (<code>ntpd<\/code>) or <code>ntpdate<\/code> command as follows;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Using NTPd<\/h4>\n\n\n\n<p>Install ntp package that provides ntpd daemon.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>dnf install ntp -y<\/code><\/pre>\n\n\n\n<p>After the installation, you need to edit the <code>\/etc\/ntp.conf<\/code> configuration file to add the address of your NTP server.<\/p>\n\n\n\n<p>The server command takes the following syntax;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>server <em>address<\/em><\/code><\/pre>\n\n\n\n<p>where address is either the IP or resolvable hostname of the NTP server.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>...<\/strong>\n# Use public servers from the pool.ntp.org project.\n# Please consider joining the pool (http:\/\/www.pool.ntp.org\/join.html).\n#pool 2.fedora.pool.ntp.org iburst\n<strong>server 192.168.43.69 iburst\n...<\/strong><\/code><\/pre>\n\n\n\n<p>Save the configuration file and restart ntpd daemon.<\/p>\n\n\n\n<p>Verify the connection to the server using the netcat command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>nc -zuv 192.168.43.69 123<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>Ncat: Version 7.70 ( https:\/\/nmap.org\/ncat )\nNcat: <strong>Connected to 192.168.43.69:123<\/strong>.\nNcat: UDP packet sent successfully\nNcat: 1 bytes sent, 0 bytes received in 2.01 seconds.<\/code><\/pre>\n\n\n\n<p>Now that your client can successfully connect to your NTP server, verify that time synchronization is working;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ntpq -p<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>     remote           refid      st t when poll reach   delay   offset  jitter\n==============================================================================\n 192.168.43.69   167.99.82.6      4 u   31   64    7    0.292   67.320  12.531<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Using ntpdate<\/h4>\n\n\n\n<p>If you want to synchronize the time of your client with NTP server once, you can use <code>ntpdate<\/code> as follows;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>dnf install ntpdate -y<\/code><\/pre>\n\n\n\n<p>Once the installation is done, you can use the ntpdate to synchronize the time as follows;<\/p>\n\n\n\n<p>Start and enable ntpdate<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start ntpdate\nsystemctl enable ntpdate<\/code><\/pre>\n\n\n\n<p>To use ntpdate, you need to stop and disable ntpd<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl stop ntpd\nsystemctl disable ntpd<\/code><\/pre>\n\n\n\n<p>To verify that time synchronization works fine, run ntpdate command as shown below<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ntpdate 192.168.43.69<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>18 Nov 12:30:02 ntpdate[4983]: step time server 192.168.43.69 offset 3608.684470 sec<\/code><\/pre>\n\n\n\n<p>Great. That is all it takes to install and configure NTP server Using NTPd on Fedora 29\/Fedora 28.<\/p>\n\n\n\n<p>To configure NTP server on Fedora 30 using NTPd, then check our guide by following the link below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-ntp-server-using-ntpd-on-fedora-30\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Configure NTP Server using NTPd on Fedora 30<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is yet another guide on how to install and configure NTP server using NTPd on Fedora 29\/Fedora 28. Step through this guide in order<\/p>\n","protected":false},"author":1,"featured_media":12718,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,236,237],"tags":[5141,243,245,244],"class_list":["post-1445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-ntp","category-rhel","tag-how-to-install-and-configure-ntp-server-using-ntpd-on-fedora-29-fedora-28","tag-ntpd","tag-ntpdate","tag-ntpq","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1445"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=1445"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1445\/revisions"}],"predecessor-version":[{"id":21060,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/1445\/revisions\/21060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/12718"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=1445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=1445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=1445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}