Ubuntu 22.04 LTS: NTP Server

Introduction

Network Time Protocol (NTP) is a protocol used to synchronize the clocks of computers over a network. Ensuring your server's clock is accurately synchronized is crucial for time-dependent services, logging, and security mechanisms. In this guide, we will cover the steps to install and configure NTP on an Ubuntu 22.04 LTS server, using the Chrony implementation.

Prerequisites Configure NTP Server (NTPsec) Configure NTP Server (Chrony) Configure NTP Client

Prerequisites

• A server running Ubuntu 22.04 LTS
• Basic knowledge of Linux commands
• Superuser (root) access

Configure NTP Server (NTPsec)

Install NTPsec and Configure NTP server for time adjustment. NTP uses 123/UDP.

Step [1]Install and Configure NTPsec.

root@vms:~# apt -y install ntpsec
root@vms:~# vi /etc/ntpsec/ntp.conf
# line 24 : if you use your own NTP servers only and also 
# pool entries are a few, change number of value below or comment out the line
#tos minclock 4 minsane 3

# line 34 : comment out default settings and add NTP server pool you like to use
# * OK to keep default if you do not have specific requirements
#pool 0.ubuntu.pool.ntp.org iburst
#pool 1.ubuntu.pool.ntp.org iburst
#pool 2.ubuntu.pool.ntp.org iburst
#pool 3.ubuntu.pool.ntp.org iburst

# Use Ubuntu's ntp server as a fallback.
#server ntp.ubuntu.com
pool ntp.nict.jp iburst 

# verify status
root@vms:~# ntpq -p
     remote           refid      st t when poll reach   delay   offset   jitter
===============================================================================
 ntp.nict.jp     .POOL.          16 p    -  256    0   0.0000   0.0000   0.0001
-ntp-a3.nict.go. .NICT.           1 u    -   64    1  17.4839  -1.6838   1.1843
+ntp-b3.nict.go. .NICT.           1 u    -   64    1  20.2276  -0.4035   1.2985
+ntp-b2.nict.go. .NICT.           1 u    -   64    1  20.1772  -0.3506   1.1771
*ntp-k1.nict.jp  .NICT.           1 u    -   64    1  13.3053   0.1693   1.2011
-ntp-a2.nict.go. .NICT.           1 u    -   64    1  16.4007  -1.2824   1.2209
 ntp-a2.nict.go. .INIT.          16 u    -   64    0   0.0000   0.0000   0.0001
 2001:ce8:78::2  .INIT.          16 u    -   64    0   0.0000   0.0000   0.0001
 ntp-a3.nict.go. .INIT.          16 u    -   64    0   0.0000   0.0000   0.0001

Configure NTP Server (Chrony)

Install Chrony and Configure NTP server for time adjustment. NTP uses 123/UDP.

Step [1]Install and Configure Chrony.

root@vms:~# apt -y install chrony
root@vms:~# vi /etc/chrony/chrony.conf
# line 20 : comment out default settings and add NTP server pool you like to use
# * OK to keep default if you do not have specific requirements
#pool ntp.ubuntu.com        iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2
pool ntp.nict.jp iburst 

# add to last line : add network range you allow to receive time syncing requests from clients
allow 10.0.0.0/24
root@vms:~# systemctl restart chrony
# verify status
root@vms:~# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^- ntp-a3.nict.go.jp             1   6    17     1    -36us[  -36us] +/- 8587us
^- ntp-b3.nict.go.jp             1   6    17     1  -1399us[-1399us] +/-   10ms
^+ ntp-b2.nict.go.jp             1   6    17     0  -1167us[-1167us] +/- 9928us
^* ntp-a2.nict.go.jp             1   6     7     2   +264us[+1040us] +/-   10ms

Configure NTP Client

Configure NTP Client. NTP Client [systemd-timesyncd.service] is running by default on Ubuntu, so it's easy to set NTP Client. By the way, it's also possible to use NTPsec or Chrony as a NTP Client. If you use them, simply set only NTP server to sync time, do not set permission to receive time sync requests from other Hosts.

Step [1]Configure [systemd-timesyncd.service].

root@client:~# systemctl status systemd-timesyncd
*  systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/usr/lib/systemd/system/systemd-timesyncd.service; enabled>
     Active: active (running) since Fri 2024-04-26 05:52:41 UTC; 55s ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 591 (systemd-timesyn)
     Status: "Idle."
      Tasks: 2 (limit: 4612)
     Memory: 1.4M (peak: 2.0M)
        CPU: 27ms
     CGroup: /system.slice/systemd-timesyncd.service
             +-- 591 /usr/lib/systemd/systemd-timesyncd

root@client:~# vi /etc/systemd/timesyncd.conf
# add to last line : set NTP server for your timezone
NTP=vms.bizantum.lab
root@client:~# systemctl restart systemd-timesyncd
root@client:~# timedatectl timesync-status
       Server: 10.0.0.30 (vms.bizantum.lab)
Poll interval: 4min 16s (min: 32s; max 34min 8s)
         Leap: normal
      Version: 4
      Stratum: 2
    Reference: 3DCD7882
    Precision: 1us (-24)
Root distance: 11.184ms (max: 5s)
       Offset: -296us
        Delay: 192us
       Jitter: 343us
 Packet count: 4
    Frequency: +1.372ppm