Synchronizing servers with openntpd

Bad administrators don't pay attention to the date and time of servers until the have to correlate the logs due to some kind of incident and they realize there are differences between them.

If you don't want the forensics analysis to made you crazy, then you have to think about synchronizing the servers time using NTP (Network Time Protocol).

In this article, I'll show you how easy is this task with openntpd.

First of all, let's understand how it works: a client gets the time from a server using NTP, which works over UDP, and changes its time accordingly (just an small portion every time if the difference is too big).

Second, openntpd can be configured as a client, as a server or both. You can install it on all your servers (as clients by default) and they will synchronize with some time servers on Internet. However, I don't recommend you this configuration, for a lot of packets will go to Internet, taking some bandwidth and, in addition, this will depend on the port udp/123 to be opened, which may not work if there is a firewall or proxy.

Third, you may want to have a time server on your local network, so all the other servers will act as clients of this one, which in turn will act as the only client of the time servers on Internet.

SERVER CONFIGURATION

In my case, I'm using a Linux Debian 7.0 wheezy box.

Install the openntpd package:

apt-get install openntpd

Edit the configuration file /etc/openntpd/ntpd.conf and add the following line after all the other lines beginning with "listen on", which are commented (by default openntpd isn't executed as a server, thus you have to tell it to listen on some network interface):

listen on x.x.x.x

Substitute x.x.x.x for the IP address of the interface you want the daemon to listen on. I don't recommend you to use the wildcard * to listen on any interface, unless your server has got only one.

You'll see there many lines beginning with "servers". These tell the daemon where to connect to get the time to synchronize.

Now restart the service:

service openntpd restart

And look in the file /var/log/syslog for the line containing "listening on x.x.x.x" and many lines containing "adjusting local clock by" followed by an amount of seconds.




After a while, your server will be almost synchronized and then you can use it for your local network.

CLIENTS CONFIGURATION

For the clients I'm using a Linux Debian 6.0 squeeze box. In this case, the package openntpd is located in the backports repository, so I had to add it to the /etc/apt/sources.list before proceeding with the installation.

Once installed, open the configuration file /etc/openntpd/ntpd.conf and comment all the lines beginning with "server" or "servers". Then, add a line similar to this after the line "server ntp.example.org", which is commented:

server x.x.x.x

Substitute x.x.x.x for the IP address of the server you already configured.

Now restart the service and watch the syslog. You have to see a message like "ntp engine ready" and after it you may see a line containing "reply from x.x.x.x: not synced, next query" followed by a number of seconds. This means that your server is not still synchronized itself so it won't tell you the right time. After the number of seconds indicated, the client will retry.

Once your server is ready to accept requests, you'll see in the client's syslog a line containing "peer x.x.x.x now valid" and then "adjusting local clock by" from time to time.