# Setup NTP Server using NTPd on Ubuntu 20.04/18.04

Credit: [cr00t](https://kifarunix.com/author/cr00t/)

In this tutorial, you will learn how to install and setup NTP server using NTPd on Ubuntu 20.04/18.04. [Network Time Protocol](http://www.ntp.org/) is a networking protocol that is used to synchronize system clocks on a network. NTP uses clock stratum scheme to enable access to correct time sources. The *stratums* are numbered from 0 to 15, where the devices at stratum 0 are highly accurate time-keeping hardware devices and the latter is true. The *stratums* usually have NTP clients. An NTP client can also be configured as a server in a customized environment. This guide will cover on how to install and setup NTP server using NTPd on ubuntu 20.04/18.04. NTP daemon ( ntpd ) is an NTP client program. NTP client employs a server-client architecture where NTP clients synchronize time from NTP server(s).
## Setup NTP Server using NTPd on Ubuntu 20.04/18.04 ### Run System Update Before you can install and setup NTP Server using NTPd on Ubuntu 20.04/18.04, you need to update your package cache in order to install the latest version of *ntp*. ```wp-block-code sudo apt update -y ``` ### Install NTPd on Ubuntu 20.04/18.04 Once the update is done, proceed to install NTP daemon on Ubuntu 20.04/18.04. The ntpd daemon is provided by the *ntp* package. To check if *ntp* package is installed on Ubuntu 18.04/20.04 run the command: ```wp-block-code dpkg -l ntp ``` If the package is not installed you will get output similar to: ```wp-block-code dpkg-query: no packages found matching ntp ``` The *ntp* package is available on the default Ubuntu 18.04 and Ubuntu 20.04 repositories. Install *ntp* on Ubuntu 20.04/18.04 by running the command: ```wp-block-code sudo apt install ntp -y ``` Verify that that *ntp* package has been installed successfully by checking the version number: ```wp-block-code sntp --version ``` Output: ```wp-block-code sntp 4.2.8p12@1.3728-o (1) ``` ### Running NTPd on Ubuntu 20.04/18.04 After installation NTP is started and enabled to start at boot time: ```wp-block-preformatted systemctl status ntp ``` ```wp-block-code ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: e> Active: active (running) since Sun 2020-10-11 20:09:21 EAT; 55min ago Docs: man:ntpd(8) Main PID: 567 (ntpd) Tasks: 2 (limit: 585) Memory: 1.5M CGroup: /system.slice/ntp.service └─567 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 127:133 Onk 11 20:10:28 computers-VirtualBox ntpd[567]: Soliciting pool server 162.159.> Onk 11 20:10:29 computers-VirtualBox ntpd[567]: Soliciting pool server 160.119.> Onk 11 20:10:29 computers-VirtualBox ntpd[567]: Soliciting pool server 162.159.> Onk 11 20:10:29 computers-VirtualBox ntpd[567]: Soliciting pool server 162.159.> ... ``` ### Setup NTP Server using NTPd on Ubuntu 20.04/18.04 #### Configure NTP Server on Ubuntu 20.04/18.04 NTP daemon *(ntpd)* main configuration file is `/etc/ntp.conf`. The file is configured to enable NTP server to fetch the correct time from NTP servers of higher stratum such as ***pool.ntp.org***. The ***pool*** directive in the file enables setting of NTP time servers (pool) to use. `sudo vim /etc/ntp.conf` ```wp-block-code # Specify one or more NTP servers. # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for # more information. pool 0.ubuntu.pool.ntp.org iburst pool 1.ubuntu.pool.ntp.org iburst pool 2.ubuntu.pool.ntp.org iburst pool 3.ubuntu.pool.ntp.org iburst # Use Ubuntu's ntp server as a fallback. pool ntp.ubuntu.com ``` By default NTP on Ubuntu 20.04/18.04 uses *ubuntu* pool time servers from the NTP servers ***pool.ntp.org*** as seen from the above output. A list of time servers can be found at [NTP Public Pool Time Servers](http://www.pool.ntp.org/en/) where one can choose which timeserver to use according to their timezone. For example to use *ke.pool.ntp.org* pool: First comment out the default ubuntu pool timeservers: ```wp-block-code ... # more information. #pool 0.ubuntu.pool.ntp.org iburst #pool 1.ubuntu.pool.ntp.org iburst #pool 2.ubuntu.pool.ntp.org iburst #pool 3.ubuntu.pool.ntp.org iburst # Use Ubuntu's ntp server as a fallback. #pool ntp.ubuntu.com ... ``` To add up servers from the *ke.pool.ntp.org* pool add the following entry on the configuration file: ```wp-block-code ... #Use kenyan pool pool 0.ke.pool.ntp.org iburst pool 1.ke.pool.ntp.org iburst pool 2.ke.pool.ntp.org iburst pool 3.ke.pool.ntp.org iburst ... ``` ***TIP:*** *Setting the pool as pool.ntp.org allows the system to determine the nearest time servers to use.* ***iburst*** option in the configuration file changes the initial interval of polls to a NTP server in order to speed up the initial synchronization. #### Configure Access Control for NTP Server (Optional) NTP server can optionally be configured to only allow specific NTP client connections to query them using the ***restrict*** directive in the `/etc/ntp.conf` configuration file which uses the syntax: ```wp-block-code restrict address [mask mask] [other options] ``` This access control can be used to limit access to NTP service to particular LAN. For instance to only allow connections from the network 192.168.56.0/24, define the network address by appending the line: ```wp-block-code restrict 192.168.56.0 mask 255.255.255.0 nomodify notrap ``` Where: - ***nomodify*** options prevents any changes to the configuration. - ***notrap*** option prevents ntpdc control message protocol traps. More about restrict and other command options can be read on **`man ntp.conf`**. Save the configuration file and restart NTP server for the changes to take effect. ```wp-block-code sudo systemctl restart ntp ``` Check the status of NTP service ```wp-block-code systemctl status ntp ``` Output: ```wp-block-code ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-10-20 19:05:15 EAT; 1min 0s ago Docs: man:ntpd(8) Process: 8428 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 8446 (ntpd) Tasks: 2 (limit: 1111) Memory: 1.0M CGroup: /system.slice/ntp.service └─8446 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 127:133 Onk 20 19:05:20 null1-VirtualBox ntpd[8446]: Soliciting pool server 162.159.200.123 Onk 20 19:05:21 null1-VirtualBox ntpd[8446]: Soliciting pool server 162.159.200.1 Onk 20 19:05:22 null1-VirtualBox ntpd[8446]: Soliciting pool server 160.119.216.206 Onk 20 19:05:23 null1-VirtualBox ntpd[8446]: Soliciting pool server 160.119.216.197 Onk 20 19:05:24 null1-VirtualBox ntpd[8446]: Soliciting pool server 160.119.216.202 Onk 20 19:05:29 null1-VirtualBox ntpd[8446]: Soliciting pool server 160.119.216.197 Onk 20 19:05:29 null1-VirtualBox ntpd[8446]: Soliciting pool server 2606:4700:f1::1 Onk 20 19:05:37 null1-VirtualBox ntpd[8446]: Soliciting pool server 91.189.94.4 ``` Confirm NTP service is set to start at boot time: ```wp-block-code sudo systemctl is-enabled ntp ``` ```wp-block-preformatted enabled ``` If disabled, enable it by running the command below; ```wp-block-preformatted sudo systemctl enable ntpd ``` ### Verify System time Check NTP time after afew seconds. ```wp-block-code ntptime ``` Output: ```wp-block-code tp_gettime() returns code 0 (OK) time e3398bfb.b241700c Tue, Oct 20 2020 19:16:59.696, (.696311693), maximum error 78688 us, estimated error 5216 us, TAI offset 37 ntp_adjtime() returns code 0 (OK) modes 0x0 (), offset 251.894 us, frequency -11.169 ppm, interval 1 s, maximum error 78688 us, estimated error 5216 us, status 0x2001 (PLL,NANO), time constant 6, precision 0.001 us, tolerance 500 ppm, ``` ### Configure Firewall If Ubuntu UFW is enabled allow UDP port 123. NTP clients connect to NTP server on that particular port. ```wp-block-code sudo ufw allow from any to any port 123 proto udp ``` You can as well allow NTP queries from specific Network; ```wp-block-code sudo ufw allow from 192.168.56.0/24 to any port 123 proto udp ``` ### Verify NTP Time Service Verify NTP server by checking the NTP server connection to NTP peers by running the command; ```wp-block-preformatted ntpq -p ``` ```wp-block-code remote refid st t when poll reach delay offset jitter ============================================================================== 0.ke.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 1.ke.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 2.ke.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 3.ke.pool.ntp.o .POOL. 16 p - 64 0 0.000 0.000 0.000 ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 0.000 0.000 -time.cloudflare 10.45.8.5 3 u 122 256 377 54.091 8.013 63.504 -time.cloudflare 10.45.8.5 3 u 153 256 161 54.158 8.587 40.443 +ntp0.icolo.io 160.119.216.202 3 u 8 128 377 16.850 4.389 0.586 *ntp1.icolo.io 146.64.8.7 2 u 82 128 375 16.379 4.501 1.584 +ntp2.icolo.io 146.64.8.7 2 u 65 128 377 16.524 4.709 0.742 ``` ### Synchronizing Client’s Time with NTP Server Now that the NTP server is configured, it is high time to configure clients to synchronize their clocks with the NTP server. #### Synchronizing using systemd timesyncd NTP In an Ubuntu system, an NTP Client**, `systemd-timesyncd.service,`** is running by default which can be used to set NTPd as a NTP client. Edit the file **`/etc/systemd/timesyncd.conf`** and add the address for your NTP server by adding such an entry at the end of the file: ```wp-block-preformatted vim /etc/systemd/timesyncd.conf ``` ```wp-block-code NTP=192.168.56.103 ``` Where `192.168.56.103` is the IP address of configured NTP server. Restart *systemd-timesyncd* NTP client service: ```wp-block-code sudo systemctl status systemd-timesyncd ``` Confirm the status of status that it is now synchronized with the configured NTP server. ```wp-block-code systemctl status systemd-timesyncd ``` Output: ```wp-block-code Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-10-20 20:02:49 EAT; 3s ago Docs: man:systemd-timesyncd.service(8) Main PID: 4466 (systemd-timesyn) Status: "Synchronized to time server 192.168.56.103:123 (ntp.kifarunix.com)." Tasks: 2 (limit: 667) CGroup: /system.slice/systemd-timesyncd.service └─4466 /lib/systemd/systemd-timesyncd ... ``` #### Using `ntpdate` to Synchronize Client Systems’ Time Optionally the `ntpdate` command can be used to manually synchronize client system time with NTP server. This guide uses Ubuntu 18.04 as the client. ##### Step 1: Install ntpdate Install `ntpdate` package, if not already installed. ```wp-block-code sudo apt install ntpdate -y ``` **NOTE:** Ensure that Client and NTP Server can communicate. You can use nc command to verify NTP server port connection. ##### Step 2: Use ntpdate Command to Query Time Service The `ntpdate` command can be uses to query time service from an NTP server by running the command: ```wp-block-code sudo ntpdate 192.168.56.103 ``` The output shows the time offset between the two systems. ```wp-block-code 20 Oct 20:31:54 ntpdate[5053]: adjust time server 192.168.56.103 offset 0.001313 sec ``` #### Synchronize time Automatically Using NTP NTP client can automatically be configured to query NTP server by using the NTPd daemon. ##### Step 1: Install NTP ```wp-block-code sudo apt install ntp -y ``` ##### Configure NTPd Client On Ubuntu 18.04 NTP service is set to run by default after installation. First check if the client is synchronized with NTP: ```wp-block-code timedatectl ``` The output will show if the system clock is synchronized or not. ```wp-block-code Local time: Qib 2020-10-20 19:41:59 EAT Universal time: Qib 2020-10-20 16:41:59 UTC RTC time: Qib 2020-10-20 16:35:32 Time zone: Africa/Nairobi (EAT, +0300) System clock synchronized: yes systemd-timesyncd.service active: no RTC in local TZ: no ``` If the system time is synchronized, disable the time synchronization by running the command: ```wp-block-code sudo timedatectl set-ntp off ``` ***TIP:*** *To toggle time synchronization back on:* *`sudo timedatectl set-ntp on`* To configure the NTP client to synchronize time from your NTP server, edit the ntp configuration file: ```wp-block-code sudo vim /etc/ntp.conf ``` Replace public NTP pool servers with your server. ```wp-block-code #pool 0.ubuntu.pool.ntp.org iburst #pool 1.ubuntu.pool.ntp.org iburst #pool 2.ubuntu.pool.ntp.org iburst #pool 3.ubuntu.pool.ntp.org iburst pool 192.168.56.103 iburst ``` Ideally the server can be added without commenting out the default NTP servers by making it the preferred reference clock using the **prefer** option: ```wp-block-code pool 192.168.56.103 prefer iburst ``` Save the configuration file and restart ntp. ```wp-block-code sudo systemctl restart ntp ``` The client is now successfully configured to sychronize system time with NTP server. This can be verified by running the command: ```wp-block-preformatted ntpq -p ``` ```wp-block-code remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.56.103 .POOL. 16 p - 64 0 0.000 0.000 0.000 *192.168.56.103 160.119.216.202 3 u 24 64 1 0.768 16.118 1.355 ``` From the output we can see NTP server (192.168.56.103) as the time synchronization host/source in the queue. Confirm NTP service is set to start at boot time: ```wp-block-code systemctl is-enabled ntp ``` To enable NTP service to start at boot time, just in case is not enabled, then you would run the command: ```wp-block-code systemctl enable ntp ``` Great, your NTP Clients should now be able to query the time services from your NTP Server. This brings us to the end of the guide on how install and setup NTP Server using NTPd on Ubuntu 20.04/18.04.