ntp服务器搭建及客户端配置-使用阿里云
Posted sxhong
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ntp服务器搭建及客户端配置-使用阿里云相关的知识,希望对你有一定的参考价值。
1. NTP服务器搭建
安装ntp yum install -y ntp
2. 外网使用阿里云ntp服务器作为基准
阿里云ntp服务器列表:
time1.aliyun.com
time2.aliyun.com
time3.aliyun.com
time4.aliyun.com
time5.aliyun.com
time6.aliyun.com
time7.aliyun.com
先ntpdate检查能否和以上ntp服务器通信。
ntpdate -q time1.aliyun.com
有以下输出表示正常
server 115.28.122.198, stratum 2, offset 53.490757, delay 0.06709
13 Sep 15:27:48 ntpdate[16092]: step time server 115.28.122.198 offset 53.490757 sec
3. 修改配置文件
vim /etc/ntp.conf 做出以下修改
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
driftfile /var/lib/ntp/drift
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
# 允许1-4网段的服务器来校时,不允许客户端来修改,登录ntp服务器
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.3.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.4.0 mask 255.255.255.0 nomodify notrap
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server time1.aliyun.com
server time2.aliyun.com
server time3.aliyun.com
server time4.aliyun.com
server time5.aliyun.com
server time6.aliyun.com
server time7.aliyun.com
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
# Enable public key cryptography.
#crypto
includefile /etc/ntp/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor
# Enable Logfile
logfile /var/log/ntp.log
4. 使硬件时间和系统时间一致
修改配置文件 vim /etc/sysconfig/ntpd 添加
SYNC_HWCLOCK=yes
5. 启动ntpd服务并查看状态
systemctl start ntpd
设置自动启动
chkconfig ntpd on
等待10-15分钟后执行 ntpstat 查看同步状态
synchronised to NTP server (182.92.12.11) at stratum 3
time correct to within 470 ms
polling server every 64 s
发现已经同步。
执行ntpq -p 查看与阿里云ntp服务器连接状态
remote refid st t when poll reach delay offset jitter
==============================================================================
+time6.aliyun.co 10.137.38.86 2 u 10 64 77 41.139 8.490 1.523
-time4.aliyun.co 10.137.38.86 2 u 5 64 77 3.479 15.026 1.354
*time5.aliyun.co 10.137.38.86 2 u 10 64 77 37.243 10.643 1.554
+120.25.115.19 10.137.38.86 2 u 5 64 77 3.574 5.228 2.803
*表示目前正在使用的上层NTP,+表示已连线,可提供时间更新的候补服务器
执行一下 hwclock --systohc 使系统时间和硬件时间一致。
6. 打开防火墙
由于ntp服务使用 123端口udp协议 所以需要打开防火墙。
执行firewall-cmd --zone=public --add-port=123/udp --permanent之后,再执行firewall-cmd --reload。
7. Linux 客户端使用ntpd服务同步时间
先安装ntp服务执行yum install -y ntp
修改配置文件 vim /etc/ntp.conf 修改server,添加日志
# 允许ntpserver主动修改客户端时间
restrict 192.168.1.85 nomodify notrap noquery
restrict 192.168.1.50 nomodify notrap noquery
server 192.168.1.85
server 182.168.1.50
logfile /var/log/ntp.log
其他保持默认。
启动 ntpd服务systemctl start ntpd
打开本地放火墙 123 UDP端口
执行 ntpq -p 查看与服务器连接状态。
remote refid st t when poll reach delay offset jitter
==============================================================================
+192.168.1.50 182.92.12.11 3 u 31 64 77 0.189 -30.963 42.392
*192.168.1.85 182.92.12.11 3 u 43 64 77 0.190 -1.903 18.890
LOCAL(0) .LOCL. 10 l 60 64 77 0.000 0.000 0.000
执行 ntpstat 查看同步状态
synchronised to NTP server (192.168.1.85) at stratum 4
time correct to within 131 ms
polling server every 64 s
8 Windows 使用客户端同步
8.1 组策略配置
win+r 运行gpedit.msc 启用全局配置
启用ntp客户端
20170914-031233.pngwin+r 执行 gpupdate /force
8.2. 使用自动配置工具
下载自动配置工具MicrosoftEasyFix50395.msi
下载地址在这个页面中 https://support.microsoft.com/zh-cn/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
运行自动配置工具,做以下配置,多个服务器用空格隔开。
20170914-031246.png之后在系统时间日期内执行同步查看结果。
20170914-031302.png参考资料
CentOS搭建NTP服务器http://msiyuetian.blog.51cto.com/8637744/1712561
Windows客户端同步NTP服务http://4921679.blog.51cto.com/4911679/914473
如何在 Windows Server 中配置权威时间服务器 https://support.microsoft.com/zh-cn/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server
作者:若有所思11
链接:http://www.jianshu.com/p/199505ceebb1
來源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
以上是关于ntp服务器搭建及客户端配置-使用阿里云的主要内容,如果未能解决你的问题,请参考以下文章