NTP (Network Time Protocol) is used to synchronize the system time with other devices over the network. This usually happens in a client-server model.
|caps||No||Use Linux capabilities library to control privilege|
|debug||No||No||Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see http://www.gentoo.org/proj/en/qa/backtraces.xml|
|ipv6||Yes||Adds support for IP version 6|
|openntpd||No||Allow ntp to be installed alongside openntpd|
|parse-clocks||No||Add support for PARSE clocks|
|samba||No||Provide support for Samba's signing daemon (needed for Active Directory domain controllers)|
|selinux||No||!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur|
|snmp||No||Adds support for the Simple Network Management Protocol if available|
|ssl||Yes||Adds support for Secure Socket Layer connections|
|vim-syntax||No||Pulls in related vim syntax scripts|
|zeroconf||No||Support for DNS Service Discovery (DNS-SD)|
Or alternatively, you can use OpenNTPD instead.
to adjust ntp-client's command & upstream servers.
Here you can specify with which servers you want to synchronize your local time for ntpd.
The default configuration is populated with
Per default the Gentoo servers are listed and enabled. A list of available servers can be found here: ntp.org. You can also define a home or company server here, given that ntpd is running and the machine is allowed to.
On systems, where network connection is not always available at boot (laptops etc.) it might be helpful to add the following lines to server configuration:
This sets localhost as a server with low priority, so that the daemon starts properly even without network connection and switches to using network servers when connection is established.
To control who is allowed to synchronize with this machine and change the configuration, you can change these options.
- access to NTP service allowed only from localhost. 'noquery' can be added to help prevent your server from being abused to conduct DDOS attacks
- access to NTP service allowed only from the 192.168.0.0/24 network.
- denying access to NTP's monlist functionality, used for querying traffic stats but also exploited in a denial-of-service attack.
Basic tools and common usage
To monitor status of the client.
To start at boot.
This used to be the client, but its functionality is now moved into ntpd & ntp-client itself. It is purely to set the local time when started and then exits (not a service):
If ntpd is run as a service, the time will automatically synchronize as long as the difference between the local time and the time on the server is less than 1000s (~17min). So it is pretty common to adjust the time initially to whatever the server time is as a trusted source:
Add ntpd to the default runlevel to have the time synchronized automatically. There is no need to run a client when the service is running. Make sure you are not running ntp-client or ntpdate.
To monitor status of the server.
To write your NTP sync time to the hardware at shutdown, and read hardware clock at start.
Or on a sufficiently modern kernel (3.9 or newer), you can configure Linux to handle it automatically:
The hwclock init script is not needed at all with this method, which speeds up the boot/shutdown process slightly.
systemd / timedatectl
systemd comes with timedatectl to manage your system clock time.
The manpage of timedatectl shows how ntpd and timedatectl can work together:
However, it also seems to work if ntpd.service is enabled
The time is synced despite the fact that timedatectl says ntp sync is off: