Follow through this guide to learn how to setup NTP server using NTPd on Debian 10 Buster.<\/p>\n\n\n\n
Before you can proceed, run the command below to update your system packages.<\/p>\n\n\n\n
apt update -y<\/code><\/pre>\n\n\n\nInstall NTP on Debian 10 Buster<\/h3>\n\n\n\n
The ntp<\/strong> package provides the NTPd<\/strong> deamon that is responsible for setting and maintaining the system time of day in synchronism with Internet standard time servers. The ntp<\/strong> package is available on the default Debian 10 Buster repositories. Hence, you can install be executing the command below;<\/p>\n\n\n\napt install ntp -y<\/code><\/pre>\n\n\n\nRunning NTP Service<\/h3>\n\n\n\n
NTP is started and enabled to run on system boot after the installation. To check the status;<\/p>\n\n\n\n
systemctl status ntp<\/code><\/pre>\n\n\n\n\n\u25cf ntp.service - Network Time Service\n Loaded: loaded (\/lib\/systemd\/system\/ntp.service; enabled; vendor preset: enabled)\n Active: active (running) since Wed 2019-07-31 15:36:19 EDT; 4min 17s ago\n Docs: man:ntpd(8)\n Main PID: 6163 (ntpd)\n Tasks: 2 (limit: 4701)\n Memory: 1.4M\n CGroup: \/system.slice\/ntp.service\n \u2514\u25006163 \/usr\/sbin\/ntpd -p \/var\/run\/ntpd.pid -g -u 107:115\n<\/code><\/pre>\n\n\n\nTo check if it is enabled to run on system reboot;<\/p>\n\n\n\n
systemctl is-enabled ntp<\/code><\/pre>\n\n\n\nenabled<\/code><\/pre>\n\n\n\nConfigure NTP Pool<\/h3>\n\n\n\n
NTP is configured to use time servers from the Debian pool by default for time synchronization. You can configure your NTP server to use time servers close to your timezone.<\/p>\n\n\n\n
The obtain a list of the servers on your timezone (or your Continent) from NTP Public Pool Time Servers<\/a>. Next, open NTP configuration file and comment the Debian pool servers and add your timezone NTP pool time servers. For example, to use NTP time pool servers from Europe, you would add the lines below to NTP configuration.<\/p>\n\n\n\n\nserver 0.europe.pool.ntp.org\nserver 1.europe.pool.ntp.org\nserver 2.europe.pool.ntp.org\nserver 3.europe.pool.ntp.org\n<\/code><\/pre>\n\n\n\nvim \/etc\/ntp.conf<\/code><\/pre>\n\n\n\n\n...\n#pool 0.debian.pool.ntp.org iburst\n#pool 1.debian.pool.ntp.org iburst\n#pool 2.debian.pool.ntp.org iburst\n#pool 3.debian.pool.ntp.org iburst\nserver 0.europe.pool.ntp.org\nserver 1.europe.pool.ntp.org\nserver 2.europe.pool.ntp.org\nserver 3.europe.pool.ntp.org<\/strong>\n...\n<\/code><\/pre>\n\n\n\nConfigure NTP Server Access Control<\/h3>\n\n\n\n
To allow only specific NTP clients to query time services from your NTP server for time synchronization, you need to set the access control to define which clients to allow. This can be done using the NTP restrict<\/strong> parameter which takes the syntax;<\/p>\n\n\n\nrestrict address [mask mask] [other options]<\/code><\/pre>\n\n\n\nFor example, to allow hosts on 192.168.1.0\/24 network to query the just time and statistics from your NTP server;<\/p>\n\n\n\n
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer<\/code><\/pre>\n\n\n\n\n...\n# Local users may interrogate the ntp server more closely.\nrestrict 127.0.0.1\nrestrict ::1\n\n# Allow hosts from 192.168.1.0\/24 network to query time and statistics\nrestrict 192.168.1.0 mask 255.255.255.0 nomodify notrap nopeer\n...\n<\/code><\/pre>\n\n\n\nWhere:<\/p>\n\n\n\n
\nnomodify<\/code> options prevents any changes to the configuration<\/li>\n\n\n\nnotrap<\/code> option prevents ntpdc<\/code> control message protocol traps.<\/li>\n\n\n\nnopeer<\/code> option prevents a peer association being formed<\/li>\n<\/ul>\n\n\n\nFor a basic NTP server setup, that is just about the configuration. Save the configuration and restart the NTP service.<\/p>\n\n\n\n
systemctl restart ntp<\/code><\/pre>\n\n\n\nCheck NTP server connection to NTP peers and the summary of their state by running the command;<\/p>\n\n\n\n
ntpq -p<\/code><\/pre>\n\n\n\n\n remote refid st t when poll reach delay offset jitter\n==============================================================================\n+dbn-ntp.mweb.co 194.58.204.148 2 u 8 64 377 91.919 14.732 36.071\n*ntp4.inx.net.za 0.60.139.194 2 u 5 64 377 108.066 -0.762 30.303\n+ns2.botsnet.bw 209.51.161.238 2 u 11 64 377 79.363 14.837 44.564\n+ns1.botsnet.bw 209.51.161.238 2 u 4 64 377 123.420 -12.651 10.062\n<\/code><\/pre>\n\n\n\nAs you can see, our NTP server is now peered to ntp4.inx.net.za<\/strong>. The asterisk (*)<\/strong> shows preferred time source.<\/p>\n\n\n\nOpen NTP on Firewall<\/h3>\n\n\n\n
If UFW is running, you can simply allow NTP incoming queries from the specific network.<\/p>\n\n\n\n
ufw allow from 192.168.1.0\/24 to any port 123 proto udp<\/code><\/pre>\n\n\n\nConfigure NTP Client<\/h2>\n\n\n\n
To verify that the configured server is actually working, you need to setup an NTP client to query time from our NTP server. This guide similarly uses Debian 10 Buster as an NTP client.<\/p>\n\n\n\n
Well, if you need to just run time synchronization once, you can simply use the ntpdate<\/strong> command. To install ntpdate<\/strong>;<\/p>\n\n\n\napt install ntpdate<\/code><\/pre>\n\n\n\nOnce the installation is done, you can query time services from the server using ntpdate<\/strong> by running the command;<\/p>\n\n\n\nntpdate 192.168.1.107<\/code><\/pre>\n\n\n\n 3 Aug 09:02:15 ntpdate[1261]: adjust time server 192.168.1.107 offset 0.006268 sec<\/code><\/pre>\n\n\n\nIf you need to automatically set your client to query time from the NTP server all the time, you can use NTP daemon itself. Hence, install NTP package and configure it to query time services from your NTP server.<\/p>\n\n\n\n
apt install ntp<\/code><\/pre>\n\n\n\nOnce the installation is done, configure your NTP client to query the NTP server. This can be done by using the server<\/strong> command which takes the form;<\/p>\n\n\n\nserver<\/code> address<\/em><\/code><\/pre>\n\n\n\nFor example;<\/p>\n\n\n\n
server 192.168.1.107 iburst<\/code><\/pre>\n\n\n\nThe iburst<\/strong> option improve the time taken for initial synchronization.<\/p>\n\n\n\nYou can as comment out the default Debian NTP time pool servers so you can just use your own NTP server.<\/p>\n\n\n\n
Hence, open the NTP configuration file<\/p>\n\n\n\n
vim \/etc\/ntp.conf<\/code><\/pre>\n\n\n\n\n...\n# You do need to talk to an NTP server or two (or three).\n#server ntp.your-provider.example\nserver 192.168.1.107 iburst\n\n# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will\n# pick a different set every time it starts up. Please consider joining the\n# pool: <http:\/\/www.pool.ntp.org\/join.html>\n#pool 0.debian.pool.ntp.org iburst\n#pool 1.debian.pool.ntp.org iburst\n#pool 2.debian.pool.ntp.org iburst\n#pool 3.debian.pool.ntp.org iburst\n<\/code><\/pre>\n\n\n\nSave and quit the configuration file.<\/p>\n\n\n\n
Next, disable Systemd timesyncd ntp.<\/p>\n\n\n\n
timedatectl set-ntp off<\/code><\/pre>\n\n\n\nRestart NTP service<\/p>\n\n\n\n
systemctl restart ntp<\/code><\/pre>\n\n\n\nVerify time synchronization<\/h3>\n\n\n\nntpq -p<\/code><\/pre>\n\n\n\n remote refid st t when poll reach delay offset jitter\n==============================================================================\n 192.168.1.107 196.10.52.58 3 u 2 64 1 0.080 1102276 0.000<\/code><\/pre>\n\n\n\nGreat. You have successfully installed and configured NTP server using NTPd on Debian 10 Buster. You have also setup the client and tested the working of your NTP server. Enjoy.<\/p>\n\n\n\n
Related Guides;<\/p>\n\n\n\n
Configure NTP Server using NTPd on Fedora 30<\/a><\/p>\n\n\n\nHow to Install and Configure NTP Server Using NTPd on Fedora 29\/Fedora 28<\/a><\/p>\n\n\n\n