Setting Up “NTP (Network Time Protocol) Server” in RHEL/CentOS 7

Network Time Protocol – NTP- is a protocol which runs over port 123 UDP at Transport Layer and allows computers to synchronize time over networks for an accurate time. While time is passing by, computers internal clocks tend to drift which can lead to inconsistent time issues, especially on servers and clients logs files or if you want to replicate servers resources or databases.

NTP Server Install in CentOS

NTP Server Installation in CentOS and RHEL 7

Requirements:

  1. CentOS 7 Installation Procedure
  2. RHEL 7 Installation Procedure

Additional Requirements:

  1. Register and Enbale RHEL 7 Subscription for Updates
  2. Configure Static IP Address on CentOS/Rhel 7
  3. Disable and Remove Unwanted Services in CentOS/RHEL 7

This tutorial will demonstrate how you can install and configure NTP server on CentOS/RHEL 7 and automatically synchronize time with the closest geographically peers available for your server location by using NTP Public Pool Time Servers list.

Step 1: Install and configure NTP daemon

1. NTP server package is provided by default from official CentOS /RHEL 7 repositories and can be installed by issuing the following command.

# yum install ntp
Install NTP in CentOS

Install NTP Server

2. After the server is installed, first go to official NTP Public Pool Time Servers, choose your Continent area where the server physically is located, then search for your Country location and a list of NTP servers should appear.

NTP Pool Server

NTP Pool Server

3. Then open NTP daemon main configuration file for editing, comment the default list of Public Servers from pool.ntp.org project and replace it with the list provided for your country like in the screenshot below.

Configure NTP Server in CentOS

Configure NTP Server

4. Further, you need to allow clients from your networks to synchronize time with this server. To accomplish this, add the following line to NTP configuration file, where restrict statement controls, what network is allowed to query and sync time – replace network IPs accordingly.

restrict 192.168.1.0 netmask 255.255.255.0 nomodify notrap

The nomodify notrap statements suggest that your clients are not allowed to configure the server or be used as peers for time sync.

5. If you need additional information for troubleshooting in case there are problems with your NTP daemon add a log file statement which will record all NTP server issues into one dedicated log file.

logfile /var/log/ntp.log
Enable NTP Logs in CentOS

Enable NTP Logs

6. After you have edited the file with all configuration explained above save and close ntp.conf file. Your final configuration should look like in the screenshot below.

NTP Server Configuration in CentOS

NTP Server Configuration

Step 2: Add Firewall Rules and Start NTP Daemon

7. NTP service uses UDP port 123 on OSI transport layer (layer 4). It is designed particularly to resist the effects of variable latency (jitter). To open this port on RHEL/CentOS 7 run the following commands against Firewalld service.

# firewall-cmd --add-service=ntp --permanent
# firewall-cmd --reload
Open NTP Port in Firewall

Open NTP Port in Firewall

8. After you have opened Firewall port 123, start NTP server and make sure you enable it system-wide. Use the following commands to manage the service.

# systemctl start ntpd
# systemctl enable ntpd
# systemctl status ntpd
Start NTP Service

Start NTP Service

Step 3: Verify Server Time Sync

9. After NTP daemon has been started, wait a few minutes for the server to synchronize time with its pool list servers, then run the following commands to verify NTP peers synchronization status and your system time.

# ntpq -p
# date -R
Verify NTP Server Time

Verify NTP Time Sync

10. If you want to query and synchronize against a pool of your choice use ntpdate command, followed by the server or servers addresses, as suggested in the following command line example.

# ntpdate -q  0.ro.pool.ntp.org  1.ro.pool.ntp.org
Synchronize NTP Time

Synchronize NTP Time

Step 4: Setup Windows NTP Client

11. If your windows machine is not a part of a Domain Controller you can configure Windows to synchronize time with your NTP server by going to Time from the right side of Taskbar -> Change Date and Time Settings -> Internet Time tab -> Change Settings -> Check Synchronize with an Internet time server -> put your server’s IP or FQDN on Server filed -> Update now -> OK.

Synchronize Windows Time with NTP

Synchronize Windows Time with NTP

That’s all! Setting up a local NTP Server on your network ensures that all your servers and clients have the same time set in case of an Internet connectivity failure and they all are synchronized with each other.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

27 Responses

  1. srinivas says:

    How to configure NTP daemon to use the system’s local clock as its primary time source ?

    • Matei Cezar says:

      Add this to ntp config file:

      server 127.127.1.0 # local clock
      fudge 127.127.1.0 stratum 10

      • srinivas says:

        I’ve tried that but i got the error as
        ntpdate[28681]: no server suitable for synchronization found

        when i did “ntpdate -dv” it throws an error as “Server dropped: strata too high”. But i see the server doing a transfer & receive from NTP Server.

        I tried changing the stratum value from 0-16 but still the same error.

        I’ve this error only when i set up the NTP Server and Client with immediate IP’s like x.x.x.137 (NTP Server) & x.x.x138 (NTP Client).
        I’ve an another server where the NTP server setup x.x.x.96 which syncs with external IP. With this NTP client x.x.x.138 is able to sync.

        But I want to know what I am missing to set immediate NTP server and client IP’s to configure NTP sync between them?

  2. labanda says:

    While trying to configure ntp server, i came across this issue. The user/group should be ntp/ntp.
    You need the add the following steps if you come across this error “No association ID’s returned”:
    chown ntp:ntp /etc/ntp.conf
    chmod 0640 /etc/ntp.conf
    systemctl stop ntpd
    systemctl start ntpd
    systemctl status ntpd

  3. Chetra says:

    I am configure ntp server on centos 7 and i want to sync it on windows 10 but when i update it can’t syn from ntp server. it show message : An error occurred while windows was synchronising with x.x.x.x.

    • Matei Cezar says:

      You have the same issue with other nodes trying to sync time with centos ntp server? verify if ntp port is open on server (123 tcp and udp).

  4. Shantanu says:

    I have configured ntp server on centos 6.7 and entered public ntp server address ” in.pool.ntp.org”. when i run command “ntpq -np” or “ntpstat” then its showing its syncing the time from public ntp server but in actual its not syncing the time automatically. when i set wrong time in my ntp server and wait for some time then it doesn’t correct my system time, Now if i run “ntpq -np, it says it is syncing time from local clock. In this condition i have to restart ntp service, then again it shows time syncing from public ntp server and correct the time also. But its not done automatically.
    We are using clients on windows os here. i have done the necessary settings in internet time tab (Given our ntp server ip) and in registery also but those are also not syncing automatically but if i click on update now button then it corrects the time.

    Please suggest on this.

    • Matei Cezar says:

      Add a cronjob to sync time, for instance every hour, using the ntpdate command: sudo ntpdate -s in.pool.ntp.org.

  5. penguin says:

    One slight correction:

    In step 8, the line
    # sytemctl status ntp
    should read:
    # sytemctl status ntpd

  6. Good -ish! In section 3 you say “open NTP daemon main configuration file” but give no clue as to where it is!

  7. Denis says:

    Excellent manual, thank you!

    One subtle note – you have misspelled in p. 7 (incorrect typographic dash). It should be:
    firewall-cmd –add-service=ntp –permanent

  8. Deepanjan says:

    how to bypass it through squid proxy

  9. Joseph Liu says:

    Do you find that ntpdate -q is much slower under RHEL 7 versus RHEL 6?

    This is what we found running ntpdate. It takes almost 7 seconds to get results back. In RHEL 6, it is quicker.

    $ time ntpdate -q 0.ro.pool.ntp.org
    server 194.102.255.19, stratum 2, offset -0.004015, delay 0.23289
    server 89.36.93.9, stratum 2, offset 0.009549, delay 0.20610
    server 85.204.240.2, stratum 2, offset -0.004843, delay 0.21089
    server 91.216.151.202, stratum 2, offset -0.009425, delay 0.21852
    29 Oct 11:22:26 ntpdate[22202]: adjust time server 85.204.240.2 offset -0.004843 sec

    real 0m6.913s
    user 0m0.002s
    sys 0m0.006s

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.