How to configure Open NTPD on OpenBSD 3.7

TOC

Configuring Master System
Configuring Client System
- Configuring Windows as Clients
Verifying Configuration Thanks

Abstract (or why do I want to do this?)

NTPD is used to keep system clocks up to date on networked hosts. It aids in reviewing logs, general maintenance and post incident forensic analysis by keeping the administrator, reviewer or analyst from having to determine what happened first on each system. In addition, NTP will allow for incremental adjustments to the time if the system time is within a certain threshold.

Master Server

top
In most configurations, you would have a single server, or farm of servers, connecting to the Internet to pull the time from the autoritative time server. The rest of the systems would then pull the time from your authoratative system. You must make the changes below as root.
# vi /etc/ntpd.conf
# $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
# sample ntpd configuration file, see ntpd.conf(5)

# Addresses to listen on (ntpd does not listen by default)
#listen on *
listen on ::1

# sync to a single server
#server ntp.example.org

# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
servers pool.ntp.org

In this section of code, we are allowing the NTPD daemon to listen for requests to sync. Then we are having the daemon connect to one of the open ntp servers. The IPs that exist in this DNS alias are as follows.
$ nslookup pool.ntp.org
Server: 208.180.118.2
Address: 208.180.118.2#53
Non-authoritative answer:
Name: pool.ntp.org
Address: 213.84.251.124
Name: pool.ntp.org
Address: 24.130.207.189
Name: pool.ntp.org
Address: 64.113.215.94
Name: pool.ntp.org
Address: 65.125.233.206
Name: pool.ntp.org
Address: 80.38.245.22
Name: pool.ntp.org
Address: 80.253.108.112
Name: pool.ntp.org
Address: 81.187.242.38
Name: pool.ntp.org
Address: 82.152.10.132
Name: pool.ntp.org
Address: 83.104.187.130
Name: pool.ntp.org
Address: 84.16.227.163
Name: pool.ntp.org
Address: 132.248.81.29
Name: pool.ntp.org
Address: 193.120.10.3
Name: pool.ntp.org
Address: 193.151.72.54
Name: pool.ntp.org
Address: 207.145.113.117
Name: pool.ntp.org
Address: 207.245.43.147
In addition to the /etc/ntpd.conf file that must be altered, we need to modify the /etc/rc.conf.local file to include the following (if you do not have an /etc/rc.conf.local you can create one as root.
# vi /etc/rc.conf.local
ntpd_flags= # enabled during install

Client configuration

top
The client configuration is easier. We dont need to allow the daemon to listen on a network port unless we are using a tiered architecture. For the configuration log, you must simply replace the IP or DNS name of the system you are using as your master or authoratative NTP server in the server field.
# vi /etc/ntpd.conf
# $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
# sample ntpd configuration file, see ntpd.conf(5)
# Addresses to listen on (ntpd does not listen by default)
#listen on *
# sync to a single server
#server ntp.example.org
server 192.168.1.20
# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
#servers pool.ntp.org
In addition to the /etc/ntpd.conf file that must be altered, we need to modify the /etc/rc.conf.local file to include the following (if you do not have an /etc/rc.conf.local you can create one as root.
# vi /etc/rc.conf.local
ntpd_flags= # enabled during install

Windows Clients

top
In order to make windows clients (Windows XP, Windows 2000) contact your NTP server, the following must be completed as administrator. The following actions set the SNTP (simple NTP) server to 192.168.1.12, cycle the service w32time and validate the server the host is using.
C:\>net time /setsntp:192.168.1.20
The command completed successfully.
C:\>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.
C:\>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.
C:\>net time /querysntp
The current SNTP value is: 192.168.1.20
The command completed successfully.

Verifying Configuration

top
The quick way to verify the configuration is to grep for ntpd.
$ grep ntpd /var/log/daemon
May 22 17:23:15 obsd3 ntpd[29943]: adjusting local clock by 0.175522s
May 22 18:44:44 obsd3 ntpd[14662]: adjusting local clock by 0.184475s
May 22 19:42:26 obsd3 ntpd[14662]: adjusting local clock by 0.159438s
May 22 23:08:08 obsd3 ntpd[14662]: adjusting local clock by 0.185314s
May 23 00:19:29 obsd3 ntpd[14662]: adjusting local clock by 0.158105s
May 23 17:55:48 obsd3 ntpd[31680]: adjusting local clock by -0.921275s
May 23 17:59:07 obsd3 ntpd[31680]: adjusting local clock by -0.778339s
May 23 18:01:12 obsd3 ntpd[31680]: adjusting local clock by -0.297160s
etc...

Thanks

top
  1. Theo and developers for the great OS.
  2. Henning Brauer for the development time for this daemon.
  3. NIST for their pdf on how to convert Win XP/2k to use a NTP server.