linux下ntp服务配置
linux 下ntp服务器安装与配置
1.安装ntp服务
首先检查是否已安装ntp服务,如果未安装,请先安装;可以使用命令安装或者使用源码编译安装,我是使用源码编译安装的;
检查安装命令:rpm –qa | grep ntp
安装命令:apt-get install ntp
源码编译:
首先进入源码目录
./configure
--prefix=/usr \
--bindir=/usr/sbin \
--sysconfdir=/etc \
--enable-linuxcaps \
--with-lineeditlibs=readline \
--enable-all-clocks \
--enable-parse-clocks \
--enable-clockctl
make
make install
2.配置/etc/ntp.conf
2.1时间服务器配置
配置网络ntp服务器地址使用server关键字,格式:server [ip or hostname] [options...],在server后面写服务器地址(可以使IP或主机名),options这里最长使用的prefer,表示优先使用的服务器。
一定要记得配置下面2行,意思是无法链接网络服务器的情况下,使用本地时间作为时间源
server 127.127.1.0
fudge 127.127.1.0 stratum 6
2.1权限配置
权限配置使用restrict关键字,格式:restrict [address] mask [mask] [parameter]
其中parameter的参数主要有:
ignore:拒绝所有类型的ntp连接
nomodify:客户端不能使用ntpc与ntpq两支程式来修改服务器的时间参数
noquery:客户端不能使用ntpq、ntpc等指令来查询服务器时间,等于不提供ntp的网络校时
notrap:不提供trap这个远程时间登录的功能
notrust:拒绝没有认证的客户端,要注意,4.2版本以后的ntp不能添加此选项,否则对时会出现no data错误
nopeer:不与其他同一层的ntp服务器进行时间同步
limited:限制对时频率
一般使用默认配置,不用修改
3.启动ntp服务
service ntp start
service ntp restart
service ntp stop
启动后需要过5分钟左右才能正常对时,刚开始会报错
4.测试
ntpdate -d 127.0.0.15.附ntp.conf
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
server 127.127.1.0
fudge 127.127.1.0 stratum 8
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Needed for adding pool entries
restrict source notrap nomodify noquery
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)