network-ntp.html

FreeBSD操作系统的详细使用手册

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>Clock Synchronization with NTP</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD Handbook" href="index.html" />
<link rel="UP" title="Network Servers" href="network-servers.html" />
<link rel="PREVIOUS"
title="File and Print Services for Microsoft燱indows clients (Samba)"
href="network-samba.html" />
<link rel="NEXT" title="Advanced Networking" href="advanced-networking.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD Handbook</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="network-samba.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 23 Network Servers</td>
<td width="10%" align="right" valign="bottom"><a href="advanced-networking.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="NETWORK-NTP" name="NETWORK-NTP">23.11 Clock Synchronization with
NTP</a></h1>

<i class="AUTHORGROUP"><span class="CONTRIB">Contributed by</span> Tom Hukins.</i> 

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35816" name="AEN35816">23.11.1 Overview</a></h2>

<p>Over time, a computer's clock is prone to drift. The Network Time Protocol (NTP) is
one way to ensure your clock stays accurate.</p>

<p>Many Internet services rely on, or greatly benefit from, computers' clocks being
accurate. For example, a web server may receive requests to send a file if it has been
modified since a certain time. In a local area network environment, it is essential that
computers sharing files from the same file server have synchronized clocks so that file
timestamps stay consistent. Services such as <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=cron&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">cron</span>(8)</span></a> also rely on
an accurate system clock to run commands at the specified times.</p>

<p>FreeBSD ships with the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a> <acronym
title="Network Time Protocol" class="ACRONYM">NTP</acronym> server which can be used to
query other <acronym title="Network Time Protocol" class="ACRONYM">NTP</acronym> servers
to set the clock on your machine or provide time services to others.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35832" name="AEN35832">23.11.2 Choosing Appropriate NTP
Servers</a></h2>

<p>In order to synchronize your clock, you will need to find one or more <acronym
title="Network Time Protocol" class="ACRONYM">NTP</acronym> servers to use. Your network
administrator or ISP may have set up an NTP server for this purpose--check their
documentation to see if this is the case. There is an <a
href="http://www.eecis.udel.edu/~mills/ntp/servers.html" target="_top">online list of
publicly accessible NTP servers</a> which you can use to find an NTP server near to you.
Make sure you are aware of the policy for any servers you choose, and ask for permission
if required.</p>

<p>Choosing several unconnected NTP servers is a good idea in case one of the servers you
are using becomes unreachable or its clock is unreliable. <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a> uses the
responses it receives from other servers intelligently--it will favor unreliable servers
less than reliable ones.</p>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35844" name="AEN35844">23.11.3 Configuring Your
Machine</a></h2>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN35849" name="AEN35849">23.11.3.1 Basic Configuration</a></h3>

<p>If you only wish to synchronize your clock when the machine boots up, you can use <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpdate&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span></a>. This may
be appropriate for some desktop machines which are frequently rebooted and only require
infrequent synchronization, but most machines should run <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a>.</p>

<p>Using <a href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpdate&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span></a> at boot
time is also a good idea for machines that run <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a>. The <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a> program
changes the clock gradually, whereas <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpdate&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span></a> sets the
clock, no matter how great the difference between a machine's current clock setting and
the correct time.</p>

<p>To enable <a href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpdate&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span></a> at boot
time, add <var class="LITERAL">ntpdate_enable="YES"</var> to <tt
class="FILENAME">/etc/rc.conf</tt>. You will also need to specify all servers you wish to
synchronize with and any flags to be passed to <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpdate&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpdate</span>(8)</span></a> in <var
class="VARNAME">ntpdate_flags</var>.</p>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN35883" name="AEN35883">23.11.3.2 General
Configuration</a></h3>

<p>NTP is configured by the <tt class="FILENAME">/etc/ntp.conf</tt> file in the format
described in <a href="http://www.FreeBSD.org/cgi/man.cgi?query=ntp.conf&sektion=5"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntp.conf</span>(5)</span></a>. Here is a
simple example:</p>

<pre class="PROGRAMLISTING">
server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net

driftfile /var/db/ntp.drift
</pre>

<p>The <var class="LITERAL">server</var> option specifies which servers are to be used,
with one server listed on each line. If a server is specified with the <var
class="LITERAL">prefer</var> argument, as with <tt
class="HOSTID">ntplocal.example.com</tt>, that server is preferred over other servers. A
response from a preferred server will be discarded if it differs significantly from other
servers' responses, otherwise it will be used without any consideration to other
responses. The <var class="LITERAL">prefer</var> argument is normally used for NTP
servers that are known to be highly accurate, such as those with special time monitoring
hardware.</p>

<p>The <var class="LITERAL">driftfile</var> option specifies which file is used to store
the system clock's frequency offset. The <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a> program uses
this to automatically compensate for the clock's natural drift, allowing it to maintain a
reasonably correct setting even if it is cut off from all external time sources for a
period of time.</p>

<p>The <var class="LITERAL">driftfile</var> option specifies which file is used to store
information about previous responses from the NTP servers you are using. This file
contains internal information for NTP. It should not be modified by any other
process.</p>
</div>

<div class="SECT3">
<h3 class="SECT3"><a id="AEN35906" name="AEN35906">23.11.3.3 Controlling Access to Your
Server</a></h3>

<p>By default, your NTP server will be accessible to all hosts on the Internet. The <var
class="LITERAL">restrict</var> option in <tt class="FILENAME">/etc/ntp.conf</tt> allows
you to control which machines can access your server.</p>

<p>If you want to deny all machines from accessing your NTP server, add the following
line to <tt class="FILENAME">/etc/ntp.conf</tt>:</p>

<pre class="PROGRAMLISTING">
restrict default ignore
</pre>

<p>If you only want to allow machines within your own network to synchronize their clocks
with your server, but ensure they are not allowed to configure the server or used as
peers to synchronize against, add</p>

<pre class="PROGRAMLISTING">
restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap
</pre>

<p>instead, where <tt class="HOSTID">192.168.1.0</tt> is an IP address on your network
and <tt class="HOSTID">255.255.255.0</tt> is your network's netmask.</p>

<p><tt class="FILENAME">/etc/ntp.conf</tt> can contain multiple <var
class="LITERAL">restrict</var> options. For more details, see the <var
class="LITERAL">Access Control Support</var> subsection of <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntp.conf&sektion=5"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntp.conf</span>(5)</span></a>.</p>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35926" name="AEN35926">23.11.4 Running the NTP
Server</a></h2>

<p>To ensure the NTP server is started at boot time, add the line <var
class="LITERAL">xntpd_enable="YES"</var> to <tt class="FILENAME">/etc/rc.conf</tt>. If
you wish to pass additional flags to <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a>, edit the <var
class="VARNAME">xntpd_flags</var> parameter in <tt
class="FILENAME">/etc/rc.conf</tt>.</p>

<p>To start the server without rebooting your machine, run <tt class="COMMAND">ntpd</tt>
being sure to specify any additional parameters from <var
class="VARNAME">xntpd_flags</var> in <tt class="FILENAME">/etc/rc.conf</tt>. For
example:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">ntpd -p /var/run/ntpd.pid</kbd>
</pre>

<div class="NOTE">
<blockquote class="NOTE">
<p><b>Note:</b> Under FreeBSD&nbsp;5.X, various options in <tt
class="FILENAME">/etc/rc.conf</tt> have been renamed. Thus, you have to replace every
instance of <var class="LITERAL">xntpd</var> with <var class="LITERAL">ntpd</var> in the
options above.</p>
</blockquote>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35948" name="AEN35948">23.11.5 Using ntpd with a Temporary
Internet Connection</a></h2>

<p>The <a href="http://www.FreeBSD.org/cgi/man.cgi?query=ntpd&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ntpd</span>(8)</span></a> program does
not need a permanent connection to the Internet to function properly. However, if you
have a temporary connection that is configured to dial out on demand, it is a good idea
to prevent NTP traffic from triggering a dial out or keeping the connection alive. If you
are using user PPP, you can use <var class="LITERAL">filter</var> directives in <tt
class="FILENAME">/etc/ppp/ppp.conf</tt>. For example:</p>

<pre class="PROGRAMLISTING">
 set filter dial 0 deny udp src eq 123
 # Prevent NTP traffic from initiating dial out
 set filter dial 1 permit 0 0
 set filter alive 0 deny udp src eq 123
 # Prevent incoming NTP traffic from keeping the connection open
 set filter alive 1 deny udp dst eq 123
 # Prevent outgoing NTP traffic from keeping the connection open
 set filter alive 2 permit 0/0 0/0
</pre>

<p>For more details see the <var class="LITERAL">PACKET FILTERING</var> section in <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=ppp&sektion=8"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">ppp</span>(8)</span></a> and the
examples in <tt class="FILENAME">/usr/share/examples/ppp/</tt>.</p>

<div class="NOTE">
<blockquote class="NOTE">
<p><b>Note:</b> Some Internet access providers block low-numbered ports, preventing NTP
from functioning since replies never reach your machine.</p>
</blockquote>
</div>
</div>

<div class="SECT2">
<h2 class="SECT2"><a id="AEN35965" name="AEN35965">23.11.6 Further Information</a></h2>

<p>Documentation for the NTP server can be found in <tt
class="FILENAME">/usr/share/doc/ntp/</tt> in HTML format.</p>
</div>
</div>

<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="network-samba.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="advanced-networking.html"
accesskey="N">Next</a></td>
</tr>

<tr>
<td width="33%" align="left" valign="top">File and Print Services for <span
class="TRADEMARK">Microsoft</span>&reg;&nbsp;<span class="TRADEMARK">Windows</span>&reg;
clients (Samba)</td>
<td width="34%" align="center" valign="top"><a href="network-servers.html"
accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">Advanced Networking</td>
</tr>
</table>
</div>

<p align="center"><small>This, and other documents, can be downloaded from <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/</a>.</small></p>

<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.<br />
For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
</body>
</html>