Link to home
Start Free TrialLog in
Avatar of cmidy
cmidy

asked on

Please, I need help setting up a ntp server and a ntp client.

I have a set of Unix[Solaris 8] machines in Melbourne and Sidney. They do not have a master clock. I need to set up one machine as the master clock for all Unix machines in Australia. I need to set up all other machines as ntp clients using IP.

The master clock should depends on at least two level 2 clocks in Austrailia(no level 1 clock).

The clients must be in synch with the master.
File permisions set properly -- ntp.conf only read/write by root.

The following is the server that should be the master clock "au1app017" and the ntp.conf file and ntp.client file already on the machine.

                                                             au1app017#cat ntp.conf
 
# Keep this machine from answering time queries
######restrict default noquery noserve
 
# Tell the machine to listen to the default multicast address (224.0.1.1) for
# NTP updates.
 
multicastclient
 
# Configure for authorized time synchonization using a key.
 
enable auth
keys /etc/ntp.keys
trustedkey 2
 
# Set up a drift file that will help keep the system clock from drifting too
# far between synchonization broadcasts.
 
driftfile /etc/ntp.drift

                                                                   au1app017#cat ntp.client

# @(#)ntp.client        1.2     96/11/06 SMI
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#
 
multicastclient 224.0.1.1

Avatar of bpeterse
bpeterse
Flag of United States of America image
Avatar of cmidy
cmidy

ASKER

Thanks bpeterse, the link you gave me provides an overview, but I still am lost on how to solve my problem especially with the specifications that I have to use.
Avatar of bpeterse
bpeterse
Flag of United States of America image
All your ntp.clients on the WAN should then point to your master server (for your network) in their NTP.conf:
********************************
# @(#)ntp.client        1.2     96/11/06 SMI
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#
 
# multicastclient 224.0.1.1
server {ip_address_for_au1app017}
**********************************
chmod 600 /etc/inet/ntp.conf  - BUT - you may want to leave it as the default 644.

Your network's master time server is ideally on the DMZ so it can synch with the internet's time servers without having to deal with firewall issues....
on au1app017: mv /etc/inet/ntp.conf to ntp.conf.orig
cp /etc/inet/ntp.server /etc/inet/ntp.conf
Your master server's ntp.conf:  
**********************************
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server pool.ntp.org

broadcast 224.0.1.1 ttl 4

enable auth monitor
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable
filegen clockstats file clockstats type day enable

keys /etc/inet/ntp.keys
trustedkey 0
requestkey 0
controlkey 0
********************************
For more information on your master server see the following link:
http://ntp.isc.org/bin/view/Servers/NTPPoolServers

I didn't see any master servers listed in Australia - so you might have to go outside the country for your time. ;-)
The key to keeping it simple though is to have only one master time server on your WAN that all your other servers will link to.  Your master server is the only machine no your WAN to go outside to grab the time from one of the atomic clocks.
After changes are made to your ntp.conf files, remember to HUP your ntpd process.

Avatar of cmidy
cmidy

ASKER

I think I am almost there.

I get the following results from the client. I am not sure if it is working.

On Client au1app013, I receive in lower case the Master Server au1app017, sometimes with *au1app017.      

root@au1app013 # ntpq -p
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
 au1app017       cobol.appello.n  3 u   40   64  301     0.46   -9.773 1882.10
root@au1app013 # ntpq -p
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
 au1app017       cobol.appello.n  3 u   27   64  203     0.44  -13.098 1880.95
root@au1app013 # ntpq -p
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
*au1app017       cobol.appello.n  3 u   35   64  377     0.50    0.033    0.09

root@au1app013 #


On Client au1app014, I receive in uppercase the  same Master Server AU1APP017.mhf2., sometimes with *AU1APP017.mhf2.

Why lowercase/uppercase and with and without *?



au1app014#ntpq -p
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
 AU1APP017.mhf2. cobol.appello.n  3 u   56   64  203     0.50  -11.777 1881.73
You have new mail in /var/mail/root
au1app014#ntpq -p
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
*AU1APP017.mhf2. cobol.appello.n  3 u    6   64  377     0.38    0.282    0.09
au1app014#ntpq -p
     remote           refid      st t when poll reach   delay   offset    disp
==============================================================================
*AU1APP017.mhf2. cobol.appello.n  3 u   24   64  377     0.41    0.156    0.08
au1app014#


Avatar of bpeterse
bpeterse
Flag of United States of America image
>On Client au1app014, I receive in uppercase the  same Master Server AU1APP017.mhf2., sometimes with *AU1APP017.mhf2.

>Why lowercase/uppercase and with and without *?

The * indicates the client machine is synched with the master.

I can't speak to the Upper/Lower case differences.
Avatar of bpeterse
bpeterse
Flag of United States of America image
A thought - how is AU1APP017 listed in /etc/hosts on au1app014?  Is it upper or lower case?  That's the only thing I can think of...
Avatar of bpeterse
bpeterse
Flag of United States of America image
BTW - everything looks like it's working. ;-p
Avatar of cmidy
cmidy

ASKER

I think I got the answer about the uppercase/lowercase and you were correct bpeterse.

on /etc/hosts of  au1app013

we have

root@au1app013 # cat hosts
127.0.0.1       localhost      
152.64.156.125  au1app013       loghost
152.64.156.140  au1app015
152.64.156.142  au1app016
152.64.156.138  au1app014
152.64.156.144  au1app017
151.108.224.9   nyspns02
root@au1app013 #

while on the other servers /etc/hosts no mention of au1app017 and it defaults to uppercase. Thanks!


au1app014#cat hosts
#
# Internet host table
#
127.0.0.1       localhost      
152.64.156.138  au1app014       au1app014.mhf2.mhf.mhc  loghost
au1app014#


But one last simple question, please.

Why is the * asterick sometimes  synching with the master and and sometimes not showing up? Does it matter?

ASKER CERTIFIED SOLUTION
Avatar of bpeterse
bpeterse
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial