linux 配置时间服务器

一、搭建时间同步服务器
1、编译安装ntp server

wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2.6.tar.gz
tar zxvf ntp-4.2.6.tar.gz
cd ntp-4.2.6
./configure –prefix=/usr/local/ntp –enable-all-clocks –enable-parse-clocks
make && make install

注:如以上下载地址无法访问,请从ntp官方下载网页(http://www.ntp.org/downloads.html)寻找下载地址。

2、修改ntp.conf配置文件

vi /etc/ntp.conf

①、第一种配置:允许任何IP的客户机都可以进行时间同步
将“restrict default kod nomodify notrap nopeer noquery”这行修改成:

restrict default nomodify

配置文件示例:/etc/ntp.conf

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify
# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service.  Do not permit those systems to modify the
# configuration of this service.  Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# --- OUR TIMESERVERS ----- 
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
# --- NTP MULTICASTCLIENT ---
#multicastclient			# listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server	127.127.1.0	# local clock
fudge	127.127.1.0 stratum 10	
#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay	0.008
#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys		/etc/ntp/keys

②、第二种配置:只允许192.168.18.***网段的客户机进行时间同步
在restrict default nomodify notrap noquery(表示默认拒绝所有IP的时间同步)之后增加一行:

restrict 192.168.18.0 mask 255.255.255.0 nomodify

配置文件示例:/etc/ntp.conf

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap noquery
# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1 
restrict 192.168.18.0 mask 255.255.255.0 nomodify
# -- CLIENT NETWORK -------
# Permit systems on this network to synchronize with this
# time service.  Do not permit those systems to modify the
# configuration of this service.  Also, do not use those
# systems as peers for synchronization.
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# --- OUR TIMESERVERS ----- 
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
# --- NTP MULTICASTCLIENT ---
#multicastclient			# listen on default 224.0.1.1
# restrict 224.0.1.1 mask 255.255.255.255 nomodify notrap
# restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# --- GENERAL CONFIGURATION ---
#
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available. The
# default stratum is usually 3, but in this case we elect to use stratum
# 0. Since the server line does not have the prefer keyword, this driver
# is never used for synchronization, unless no other other
# synchronization source is available. In case the local host is
# controlled by some external source, such as an external oscillator or
# another protocol, the prefer keyword would cause the local host to
# disregard all other synchronization sources, unless the kernel
# modifications are in use and declare an unsynchronized condition.
#
server	127.127.1.0	# local clock
fudge	127.127.1.0 stratum 10	
#
# Drift file.  Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
#
driftfile /var/lib/ntp/drift
broadcastdelay	0.008
#
# Keys file.  If you want to diddle your server at run time, make a
# keys file (mode 600 for sure) and define the key number to be
# used for making requests.
#
# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
# systems might be able to reset your clock at will. Note also that
# ntpd is started with a -A flag, disabling authentication, that
# will have to be removed as well.
#
keys		/etc/ntp/keys

3、以守护进程启动ntpd

/usr/local/ntp/bin/ntpd -c /etc/ntp.conf -p /tmp/ntpd.pid

4、ntpd启动后,客户机要等几分钟再与其进行时间同步,否则会提示“no server suitable for synchronization found”错误。

二、配置时间同步客户机

vi /var/spool/cron/root

增加一行,在每天的5点13分、9点13分、14点13分、19点13分与时间同步服务器进行同步

13 5,9,14,19 * * * /usr/sbin/ntpdate 192.168.18.2

备注:如果客户机没有ntpdate,可以下载ntpdate.tar.gz到/usr/sbin/目录,然后解压:

wget http://blog.s135.com/attachment/200708/ntdate.tar.gz
cd /usr/sbin/
tar zxvf ntpdate.tar.gz

发表评论