Network Time Protocol (NTP) at the University of Michigan

Overview of this Document

• What is NTP?
• Why bother with NTP?
• How do I get NTP?
• How do I set up xntp in my department?

What is NTP?

NTP is a protocol built on top of TCP/IP that assures accurate local timekeeping with reference to radio, atomic or other clocks located on the Internet. This protocol is capable of synchronizing distributed clocks within milliseconds over long time periods. It is defined in STD 12, RFC 1119 (definition from The Free On-line Dictionary of Computing, http://wombat.doc.ic.ac.uk/)

Why bother with NTP?

Several UMCE services expect that system clocks on client machines are synchronized with the clocks on server machines. In particular, the Kerberos authentication service protects against certain types of attack by time-stamping transactions, and refusing to honor requests that appear to be "replays" of previously-honored requests. Additionally, the Andrew File System (AFS), which forms the basis of the Institutional File System (IFS) uses Kerberos for authentication.

How do I get NTP?

The package which implements the latest version of NTP is called xntp, and was developed at the University of Delaware. You can obtain the latest version of xntp via anonymous ftp to terminator.rs.itd.umich.edu in the file /unix/xntp/xntp-src.tar.Z. You may also find binary distributions there. Filenames for binary distributions will be named xntp-VERSION-OSNAME.tar.Z, e.g. the binary distribution for SunOS is named xntp-3.4h-sunos4.tar.Z

How do I set up xntp in my department?

First, decide which machine will be your time server. One machine in your department will "peer" with the ITD timeservers, and will also broadcast time on your local network. If your department has multiple subnets, you should provide one server for each subnet. Choose a machine which is likely to be available all the time to be your server. Since NTP imposes a very small load on a server, feel free to choose a departmental fileserver as an NTP server. Send mail to ntp-request@umich.edu with the domain name and IP address of the machine(s) which will be NTP server(s) in your department, along with a contact name and phone number. Note: this service is for University of Michigan departments only!

Second, obtain and install the NTP software on your server machine(s). The source distribution is available via anonymous ftp from terminator.rs.itd.umich.edu in /unix/xntp. Building the distribution from source is simple, assuming you have some experience building UNIX software from source code. We recommend that you compile and install the source distribution, instead of using a binary distribution. However, we understand that vendors are unbundling compilers, and some of you may not be able to compile the source. If you need help with the source or binary distributions, ask ntp-request@umich.edu.

The current version of NTP (3.4) runs on many OS platforms, including SunOS version 4 and 5 (e.g. Solaris), HP/UX versions 8 and 9, Ultrix versions 3 and 4, OSF/1, IRIX, AIX, A/UX, PTX, FreeBSD, NetBSD, BSD/386, Linux, and Unixware.

If you've chosen to use a binary distribution:

Use ftp to copy the file to your /tmp partition. Change directory to your /usr/local partition, become root, and type "zcat /tmp/distfilename | tar xvf -", where distfilename is the name of the binary distribution file you downloaded from terminator. This will create the /usr/local/ntp directory.

If you've chosen to build from source:

Uncompress and untar the source distribution in the area you normally use for building software. In the xntp source area, type make makeconfig. This step sets up the Makefiles for your machine. Then type make. The xntp software will be built. When the build is complete, create the destination directories with the commands:

mkdir /usr/local/ntp
mkdir /usr/local/ntp/bin
mkdir /usr/local/ntp/etc
mkdir /usr/local/ntp/man

The, install the sofware with make install. You may also want to copy man pages to the destination directory with cp doc/*.8 /usr/local/ntp/man.

Once you've got the software installed, there are three steps you need to follow for each machine (server and client) you'll be installing ntp on:

1. Choose an appropriate configuration file. For server machines, get the file ftp://terminator.rs.itd.umich.edu/unix/xntp/ntp.conf.server. You will need to modify the broadcastdirective in the file - see the comment in the file, and install it as /usr/local/ntp/etc/ntp.conf. For client machines, get the file ftp://terminator.rs.itd.umich.edu/unix/xntp/ntp.conf.client and install it as /usr/local/ntp/etc/ntp.conf (no modifications are necessary for the client configuration file).
2. You'll need to add a line to your system startup files to invoke the NTP daemon, xntpd, at boot time. How you do this is system-dependent. For example, on a Sun running SunOS 4.X, you can add the following lines to your /etc/rc.local file:

   #
   # Start up xnptd
   #
   if [ -f /usr/local/ntp/etc/rc.ntp ]; then
           sh /usr/local/ntp/etc/rc.ntp
   fi
   
   

3. Start the daemon on your departmental timeserver, either by rebooting your server, or by hand (type sh /usr/local/ntp/etc/rc.ntp) to start the daemon by hand. Wait a few minutes for the daemon to synchronize the time, the use the xntpdc program to observe the daemon's behavior:
   1. Type /usr/local/ntp/bin/xntpdc.
   2. type peers. You should see something like the following:

      xntpdc> peers
           remote           local      st poll reach  delay   offset    disp
      =======================================================================
      +destroyer.rs.it 141.211.164.2    2  256  377 0.00679  0.011446 0.00146
      +barbarian.rs.it 141.211.83.21    2 1024  377 0.00294  0.014128 0.00436
      ^141.211.164.255 0.0.0.5         16   64    0 0.00000  0.000000 16.0000
      *runningman.rs.i 141.211.164.2    2  256  377 0.00275  0.017432 0.01590
      

      Be sure that there are entries for the three ITD departmental nameservers (barbarian, runningman, and destroyer), and that there is an entry for your local net. The "st" (stratum) column for the ITD time servers should be "2", indicating that the ITD time servers are stratum-2 servers, e.g. they obtain their time from stratum-1 servers, which are directly connected to external time reference sources. If the stratum for any ITD time server is "16" then your server is not synchronizing successfully with the ITD time server. Contact ntp-request@umich.edu for help.
4. Once your departmental time server is working correctly, start the NTP daemon on each client machine with sh /usr/local/ntp/etc/rc.ntp (or reboot the machine after making changes to the /etc/rc files). Wait a few minutes for the daemon to synchronize the time, the use the xntpdc program to observe the daemon's behavior:
   1. Type /usr/local/ntp/bin/xntpdc.
   2. type peers. You should see something like the following:

      xntpdc> peers
           remote           local      st poll reach  delay   offset    disp
      =======================================================================
      -terminator.rs.i 141.211.164.13   3   64   10 0.00357 -0.156388 16.0000
      
      

      Be sure that your departmental server is listed, and that the stratum is "3". If the stratum for your departmental time server is "16" then your deparmental server is not broadcasting time on your subnet. Contact ntp-request@umich.edu for help.