f



LAN and a local NTP server (time protocol)

Is there a way to have a group of networked computers access one of the
computers in the LAN to synchronize their time?  I don't want these
computers to have internet access, but I would like them all to be set
to the same time (even if it isn't exactly the same as the atomic clock
at the Naval Observatory).  Can I set up one computer to be an NTP
server and the others access it for setting each computers time?

I'm currently using OSX jaguar.  I used to have a client-server
database that would set the time on each client as it accessed the
database.  However with OSX only the root user is able to set the time
programatically, so this part of the database no longer functions.

0
1/11/2005 2:18:49 AM
comp.sys.mac.system 33446 articles. 2 followers. jfmezei.spamnot (9469) is leader. Post Follow

22 Replies
927 Views

Similar Articles

[PageSpeed] 54

In article <1105409929.104365.33370@f14g2000cwb.googlegroups.com>,
 drillbit_99@yahoo.com wrote:

> Is there a way to have a group of networked computers access one of the
> computers in the LAN to synchronize their time?  I don't want these
> computers to have internet access, but I would like them all to be set
> to the same time (even if it isn't exactly the same as the atomic clock
> at the Naval Observatory).  Can I set up one computer to be an NTP
> server and the others access it for setting each computers time?
> 
> I'm currently using OSX jaguar.  I used to have a client-server
> database that would set the time on each client as it accessed the
> database.  However with OSX only the root user is able to set the time
> programatically, so this part of the database no longer functions.

Mac OS X can use an NTP server, if you set it up to do so in System 
Preferences.  This server could be local, if that's how you want to do 
it.  The stock distribution of Mac OS X includes ntpd, but you'll need 
to set it up at the command line.  Typing "man ntpd" will probably get 
you started.

-- 
Tom "Tom" Harrington
Macaroni, Automated System Maintenance for Mac OS X.
Version 2.0:  Delocalize, Repair Permissions, lots more.
See http://www.atomicbird.com/
0
tph (2302)
1/11/2005 5:00:17 AM
In article <tph-0596C7.22001710012005@localhost>,
 Tom Harrington <tph@pcisys.no.spam.dammit.net> wrote:

> In article <1105409929.104365.33370@f14g2000cwb.googlegroups.com>,
>  drillbit_99@yahoo.com wrote:
> 
> > Is there a way to have a group of networked computers access one of the
> > computers in the LAN to synchronize their time?  I don't want these
> > computers to have internet access, but I would like them all to be set
> > to the same time (even if it isn't exactly the same as the atomic clock
> > at the Naval Observatory).  Can I set up one computer to be an NTP
> > server and the others access it for setting each computers time?
> > 
> > I'm currently using OSX jaguar.  I used to have a client-server
> > database that would set the time on each client as it accessed the
> > database.  However with OSX only the root user is able to set the time
> > programatically, so this part of the database no longer functions.
> 
> Mac OS X can use an NTP server, if you set it up to do so in System 
> Preferences.  This server could be local, if that's how you want to do 
> it.  The stock distribution of Mac OS X includes ntpd, but you'll need 
> to set it up at the command line.  Typing "man ntpd" will probably get 
> you started.

in the Terminal,

man ntpd

or in a web broswer:

http://www.gsp.com/cgi-bin/man.cgi?section=5&topic=ntp.conf

My /etc/ntp.conf file is simple:

server ntp1.sf-bay.org minpoll 12 maxpoll 17
server time.berkeley.netdot.net minpoll 12 maxpoll 17
server time.apple.com minpoll 12 maxpoll 17

At a contract some years ago, they opened a hole in the firewall for one 
machine to be the ntp "master" on the network.  I set the ntp.conf file 
on all the machines to sync to that system.  Worked great.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...



0
vilain (1505)
1/11/2005 9:11:52 AM
>
> My /etc/ntp.conf file is simple:
>
> server ntp1.sf-bay.org minpoll 12 maxpoll 17
> server time.berkeley.netdot.net minpoll 12 maxpoll 17
> server time.apple.com minpoll 12 maxpoll 17
>
> At a contract some years ago, they opened a hole in the firewall for
one
> machine to be the ntp "master" on the network.  I set the ntp.conf
file
> on all the machines to sync to that system.  Worked great.

So how do a reference the ntp "master" on the network.  Do I just use
the IP address or the Apple OSX computer name?  And then, does the NTP
"master" need a special setup or program so that it may be the time
server?

0
1/11/2005 8:13:58 PM
In article <1105474437.991789.225990@c13g2000cwb.googlegroups.com>,
 drillbit_99@yahoo.com wrote:

> >
> > My /etc/ntp.conf file is simple:
> >
> > server ntp1.sf-bay.org minpoll 12 maxpoll 17
> > server time.berkeley.netdot.net minpoll 12 maxpoll 17
> > server time.apple.com minpoll 12 maxpoll 17
> >
> > At a contract some years ago, they opened a hole in the firewall for
> one
> > machine to be the ntp "master" on the network.  I set the ntp.conf
> file
> > on all the machines to sync to that system.  Worked great.
> 
> So how do a reference the ntp "master" on the network.  Do I just use
> the IP address or the Apple OSX computer name?  And then, does the NTP
> "master" need a special setup or program so that it may be the time
> server?

Ok, apparently reading man pages and documentation isn't your thing, so 
I'll spell it out for you:

client systems /etc/ntp.conf


server <IP ADDRESS of master ntp server>



master ntp server system /etc/ntp.conf

[list of 2-3 server lines suited to your site--you choose]


You can read up on ntpd at http://www.ntp.org.  It explains the full 
implementation.  Pay particular attention to the concept of strata.  

How to deal with firewall holes for ntp, etc. is left as an exercise for 
the reader.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...



0
vilain (1505)
1/11/2005 8:30:38 PM
Micheal,

Thanks.  I'm just new to the Terminal and Unix.  I appreciate the hand
holding.  I get a little fearful of editing with the Terminal and then
messing something up that I absolutely don't understand....  this seems
quite do-able though.

0
1/12/2005 2:36:53 AM
OK, here's what I've accomplished so far.

I enabled the root user and then opened /etc/ntp.conf file.  I replaced
the server shown with the following line that points to the computer on
my LAN that I want to be the ntp server.

server 200.168.1.102 minpoll 12 maxpoll 17

I haven't changed the /etc/ntp.conf file on my server because I am
confused as to actually what needs to be changed.  It is working well
right now and I am thinking that I can leave that file alone on the
server, is that correct?

Below is a readout from ntpq on the client.  I don't know if it is
helpful or not.

200-168-1-100:~ root# ntpq -p
remote           refid      st t when poll reach   delay   offset
jitter
==============================================================================
200-168-1-102.d 0.0.0.0         16 u    -  68m    0    0.000    0.000
4000.00

The client is never updated to the server's time even after setting the
dates forward and backward to maybe force a time check.  What should be
my next step?

0
1/16/2005 1:23:18 PM
In article <1105881798.301411.141280@f14g2000cwb.googlegroups.com>,
 drillbit_99@yahoo.com wrote:

> OK, here's what I've accomplished so far.
> 
> I enabled the root user and then opened /etc/ntp.conf file.  I replaced
> the server shown with the following line that points to the computer on
> my LAN that I want to be the ntp server.
> 
> server 200.168.1.102 minpoll 12 maxpoll 17
> 
> I haven't changed the /etc/ntp.conf file on my server because I am
> confused as to actually what needs to be changed.  It is working well
> right now and I am thinking that I can leave that file alone on the
> server, is that correct?
> 
> Below is a readout from ntpq on the client.  I don't know if it is
> helpful or not.
> 
> 200-168-1-100:~ root# ntpq -p
> remote           refid      st t when poll reach   delay   offset
> jitter
> ==============================================================================
> 200-168-1-102.d 0.0.0.0         16 u    -  68m    0    0.000    0.000
> 4000.00
> 
> The client is never updated to the server's time even after setting the
> dates forward and backward to maybe force a time check.  What should be
> my next step?

I'd drop the minpoll and maxpoll attributes for the internal machine.  
Those directives control the frequency of how often the time server is 
polled for changes in time.  For sync'ing to servers on the internet, 
it's best to control that, so keep them in. 

The server 200.168.1.102 isn't a "statum" or authoritative time server.  
The 2nd column is the "stratum" in the ntp time server authority.  16 
means it's just hanging out there all by itself.  A time server with an 
atomic clock has a stratum of "1".  Machines synchronized by these 
stratum 1 servers are in stratum 2.  I usually put one of those machines 
in my /etc/ntp.conf:

server time.apple.com minpoll 12 maxpoll 17

Your two machine's clocks are synchronized as far that goes, but they're 
not sync'd with any authoritative time service.  That should be OK for 
an internal network so that all the system's clocks are the same or 
close enough on all the systems.

This is what you want, right?

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...



0
vilain (1505)
1/16/2005 6:24:37 PM
Your right that the server 200.168.1.102 isn't a statum.  It is just
another computer on the local area network, but it is the one that I
would like to the other computer's on the local network to use for
setting their times.  These computers will not be accessing times
outside of the LAN.  There are no statums inside the LAN, just desktop
machines.  I can set the server 200.168.1.102 to the time manually, if
necessary.  All other computers should access it and reset their time
if necessary.

If I remove the minpoll/maxpoll from the ntp client ntp.conf file, will
it then access the server 200.168.1.102 correctly?  Right now, the
ntp.conf file on the server 200.168.1.102 reads as follows:

server time.apple.com minpoll 12 maxpoll 17

When you say that "Your two macine's clocks are synchronized as far
that goes" they are not.  They both have different times.  Do the
client machines have to be rebooted for the ntp.conf file to be active
with the changes?

0
1/16/2005 9:31:45 PM
In article <1105911105.191243.106800@f14g2000cwb.googlegroups.com>,
 drillbit_99@yahoo.com wrote:

> Your right that the server 200.168.1.102 isn't a statum.  It is just
> another computer on the local area network, but it is the one that I
> would like to the other computer's on the local network to use for
> setting their times.  These computers will not be accessing times
> outside of the LAN.  There are no statums inside the LAN, just desktop
> machines.  I can set the server 200.168.1.102 to the time manually, if
> necessary.  All other computers should access it and reset their time
> if necessary.
> 
> If I remove the minpoll/maxpoll from the ntp client ntp.conf file, will
> it then access the server 200.168.1.102 correctly?  Right now, the
> ntp.conf file on the server 200.168.1.102 reads as follows:
> 
> server time.apple.com minpoll 12 maxpoll 17
> 
> When you say that "Your two macine's clocks are synchronized as far
> that goes" they are not.  They both have different times.  Do the
> client machines have to be rebooted for the ntp.conf file to be active
> with the changes?

It depends on how far apart they are.  How much time are we talking?

If you read http://www.sun.com/blueprints/0701/NTP.pdf, it says "NTP is 
not based on the principles of synchronizing machines with each other.  
NTP is based on the principles of having all machines get as close as 
possible to the correct time."   This process can take some time, 
sometimes hours.

Since you didn't reboot, the NetworkTime startup script didn't run (see  
/System/Library/StartupItems/NetworkTime/NetworkTime).  Before it runs 
the ntp daemon, the script runs ntpdate to do immediate synchronization 
(ntpdate can't run when ntpd is running).

If you stop the ntp daemon, run ntpdate, and restart the ntp daemon on 
all the clients, you should be OK.

Since this is really shakey ground for you, just change the client's 
/etc/ntp.conf file to

server 200.168.1.102

This should do it.  Be aware that because you don't have any stratum 
machines, "ntpq -c peer" will show all clients at stratum 16.

If this doesn't do it, try opening an AppleCare support call and working 
the problem through Apple Support.  If you don't have a support contact, 
hire someone to help you further on this.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...



0
vilain (1505)
1/17/2005 8:26:05 AM
Thanks.  That should do it.  I will give this another try as soon as I
get the chance.  I do appreciate all the help.

0
1/17/2005 2:41:31 PM
Michael Vilain <vilain@spamcop.net> writes:

> master ntp server system /etc/ntp.conf
> 
> [list of 2-3 server lines suited to your site--you choose]

[A bit late to the thread.]

It's generally recommended that you use 4, or perhaps 5,
servers. There is fiarly simple and logical explanation for this.

Imagine if you have two wrist watches: if they state the same time
then it's great. If they differ, how do you know which one has the
correct time? Therefore you need another time source (total of 3) to
have a 'majority rules' way of keeping time. Even if they all don't
agree you would estimate a time on the clocks that are the closest
together. (Which is basically how the NTP algorithm works.)

The reason for the fourth clock in NTP is to counter any network
issues that may arise. That way even if one of your time source goes
away, you can still have a 'majority rules' set up.

-- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
0
1/17/2005 3:37:48 PM
drillbit_99@yahoo.com wrote:
> Your right that the server 200.168.1.102 isn't a statum.  It is just
> another computer on the local area network, but it is the one that I
> would like to the other computer's on the local network to use for
> setting their times.  These computers will not be accessing times
> outside of the LAN.  There are no statums inside the LAN, just desktop
> machines.  I can set the server 200.168.1.102 to the time manually, if
> necessary.  All other computers should access it and reset their time
> if necessary.

Here is an ntp configuration that might be more appropriate to your needs.

Say you have one or two single ntp servers on your local lan and you want 
all other hosts to synchronize to these  servers.  In this example 
configuration, the servers will broadcast an NTP time packet every 30 seconds
on the specified broadcast address.  NTP clientes will listen for these 
broadcasts and synchronize too them.  This has the advantage also of limiting 
the number of NTP packets to a minimum and you have redundancy if one NTP
server has to be taken down.

In the Server (example ntp.conf, note the broadcast directive) assuming
your lan's broadcast address is 192.168.1.255:

	server	time.nist.gov
	server	time-B.timefreq.bldrdoc.gov
	server	time.apple.com
	broadcast	192.168.1.255

All of your NTP clients on the 192.168.1.0 network would then have this very 
simple ntp.conf file:

	broadcastclient

-- 
John J. Rushford
http://www.larush.com
0
1/18/2005 1:01:12 AM
In article <GZednTp77OdFwnHcRVn-pg@comcast.com>,
 read_the_signature@null.com wrote:

> drillbit_99@yahoo.com wrote:
> > Your right that the server 200.168.1.102 isn't a statum.  It is just
> > another computer on the local area network, but it is the one that I
> > would like to the other computer's on the local network to use for
> > setting their times.  These computers will not be accessing times
> > outside of the LAN.  There are no statums inside the LAN, just desktop
> > machines.  I can set the server 200.168.1.102 to the time manually, if
> > necessary.  All other computers should access it and reset their time
> > if necessary.
> 
> Here is an ntp configuration that might be more appropriate to your needs.
> 
> Say you have one or two single ntp servers on your local lan and you want 
> all other hosts to synchronize to these  servers.  In this example 
> configuration, the servers will broadcast an NTP time packet every 30 seconds
> on the specified broadcast address.  NTP clientes will listen for these 
> broadcasts and synchronize too them.  This has the advantage also of limiting 
> the number of NTP packets to a minimum and you have redundancy if one NTP
> server has to be taken down.
> 
> In the Server (example ntp.conf, note the broadcast directive) assuming
> your lan's broadcast address is 192.168.1.255:
> 
> 	server	time.nist.gov
> 	server	time-B.timefreq.bldrdoc.gov
> 	server	time.apple.com
> 	broadcast	192.168.1.255
> 
> All of your NTP clients on the 192.168.1.0 network would then have this very 
> simple ntp.conf file:
> 
> 	broadcastclient

Actually, according to the OP, all the machines must be on a local LAN 
without any internet access.  So, the master can't sync against anything 
on the outside, as you suggest.  

I don't know what type of traffic the use of a broadcast/broadcastclient 
might cause.  I tend to be conservative about adding any extra 'noise' 
to a network and would hesitate to use this method.  What type of 
network overhead does it add as compared with setting each machine to 
sync to single master:

server 192.168.1.1

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...



0
vilain (1505)
1/18/2005 2:15:53 AM
In article <vilain-14B34A.18155317012005@news.giganews.com>,
Michael Vilain  <vilain@spamcop.net> wrote:
>
>Actually, according to the OP, all the machines must be on a local LAN 
>without any internet access.  So, the master can't sync against anything 
>on the outside, as you suggest.  

Then if they have to be synched to UTC, a WWVB or GPS clock is the
way to go.
0
russotto (1801)
1/18/2005 4:19:40 PM
My original idea was to get by on the cheap.  Just so all the computers
are the same time.....  I really don't care if they are the absolutely
correct time, e.i. the atomic clock style.

0
1/18/2005 9:23:18 PM
In article <9JmdnUeDFYiBqnDcRVn-sg@speakeasy.net>,
 russotto@grace.speakeasy.net (Matthew Russotto) wrote:

> In article <vilain-14B34A.18155317012005@news.giganews.com>,
> Michael Vilain  <vilain@spamcop.net> wrote:
> >
> >Actually, according to the OP, all the machines must be on a local LAN 
> >without any internet access.  So, the master can't sync against anything 
> >on the outside, as you suggest.  
> 
> Then if they have to be synched to UTC, a WWVB or GPS clock is the
> way to go.

If you sync to a single machine by making it a the master server and if 
that machine isn't sync'd to any stratum (thereby making everything 
stratum 16), will ntpd on the clients still try to bring all of them to 
match the master?  Or will they only try if the master is a lower 
stratum.  It wasn't clear from the ntp.org web site.

If that's the case, ntp won't work for this guy (nor will a GPS/WWVB 
clock as he has no budget).  In that case, I'd turn off ntp on the 
clients and use a nightly "ntpdate <master IP>" task in 
/etc/periodic/daily/500.daily

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...



0
vilain (1505)
1/18/2005 9:35:36 PM
In article <vilain-A78865.13353618012005@news.giganews.com>,
Michael Vilain  <vilain@spamcop.net> wrote:
>In article <9JmdnUeDFYiBqnDcRVn-sg@speakeasy.net>,
> russotto@grace.speakeasy.net (Matthew Russotto) wrote:
>
>> In article <vilain-14B34A.18155317012005@news.giganews.com>,
>> Michael Vilain  <vilain@spamcop.net> wrote:
>> >
>> >Actually, according to the OP, all the machines must be on a local LAN 
>> >without any internet access.  So, the master can't sync against anything 
>> >on the outside, as you suggest.  
>> 
>> Then if they have to be synched to UTC, a WWVB or GPS clock is the
>> way to go.
>
>If you sync to a single machine by making it a the master server and if 
>that machine isn't sync'd to any stratum (thereby making everything 
>stratum 16), will ntpd on the clients still try to bring all of them to 
>match the master?  Or will they only try if the master is a lower 
>stratum.  It wasn't clear from the ntp.org web site.

From what I remember way back when when I was setting these things up
(our production configuration included a clock, but I didn't have it
in development), they would not sync to a master unless the master was
lower stratum.  There was a way to make NTP think it had a provider (clock)
even when it didn't.

>If that's the case, ntp won't work for this guy (nor will a GPS/WWVB 
>clock as he has no budget).  In that case, I'd turn off ntp on the 
>clients and use a nightly "ntpdate <master IP>" task in 
>/etc/periodic/daily/500.daily

That could work, depends on how closely they have to be kept synched.
0
russotto (1801)
1/18/2005 9:48:15 PM
In article <1106083398.051464.14340@f14g2000cwb.googlegroups.com>,
 drillbit_99@yahoo.com wrote:

> My original idea was to get by on the cheap.  Just so all the computers
> are the same time.....  I really don't care if they are the absolutely
> correct time, e.i. the atomic clock style.

Then edit the crontab on all your systems to do the ntpdate and disable 
ntp on them.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...



0
vilain (1505)
1/19/2005 2:31:07 AM
So I disable ntp updates in the GUI for all clients.  Then in crontab I
will add the line

ntpdate <master IP>

Now, if ntp is ever reactivated in the GUI, I will have a conflict
unless the crontab is edited and the line removed.

0
1/19/2005 2:02:14 PM
read_the_signature@null.com writes:

> 	server	time.nist.gov
> 	server	time-B.timefreq.bldrdoc.gov
> 	server	time.apple.com
> 	broadcast	192.168.1.255

It is sufficient for most people to use the "pool" servers. It's
explained at:

http://ntp.isc.org/bin/view/Servers/NTPPoolServers

BTW, there's a Usenet group where a lot of experts hang out
(including the authors of NTP):

comp.protocols.time.ntp

-- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
0
1/19/2005 10:05:16 PM
Michael Vilain <vilain@spamcop.net> writes:

> If you sync to a single machine by making it a the master server
> and if that machine isn't sync'd to any stratum (thereby making
> everything stratum 16), will ntpd on the clients still try to bring
> all of them to match the master?  Or will they only try if the
> master is a lower stratum.  It wasn't clear from the ntp.org web
> site.

You can tell NTPd to use the system clock as a time source, and
pretend that it's a certain stratum. Here are the two lines that does
this:

        server 127.127.1.1
        fudge 127.127.1.1 stratum 10

I use stratum 10 so that if you ever do connect to the Internet then
the local clock won't interfere with the NTP algorithm.

Using the above your clients will be become stratum 11.

-- 
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well 
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
0
1/19/2005 10:09:07 PM
Michael Vilain <vilain@spamcop.net> wrote:
> >       broadcastclient
> 
> Actually, according to the OP, all the machines must be on a local LAN 
> without any internet access.  So, the master can't sync against anything 
> on the outside, as you suggest.  
> 
> I don't know what type of traffic the use of a broadcast/broadcastclient 
> might cause.  I tend to be conservative about adding any extra 'noise' 
> to a network and would hesitate to use this method.  What type of 
> network overhead does it add as compared with setting each machine to 
> sync to single master:
> 
> server 192.168.1.1
> 

The broadcast/broadcastclient method has far less traffic than would
be used having each machine sync to a single master.  You can use tcpdump
to watch it.  For each machine that syncs off the master there
are two packets sent, a query from the client and a response from the 
server.  In the broadcastclient method, the clients are totally silent,
you only see a broadcast packet every 30 seconds from the master.  The
clients simply listen and collect the broadcast every 30 seconds.

See for yourself with (as root): tcpdump 'port ntp'.
-- 
John J. Rushford
http://www.larush.com
0
1/20/2005 2:31:46 AM
Reply: