ntp服务器搭建及客户端配置-使用阿里云

 

1. NTP服务器搭建


安装ntp yum install -y ntp

2. 外网使用阿里云ntp服务器作为基准

阿里云ntp服务器列表:
time1.aliyun.com
time2.aliyun.com
time3.aliyun.com
time4.aliyun.com
time5.aliyun.com
time6.aliyun.com
time7.aliyun.com

先ntpdate检查能否和以上ntp服务器通信。
ntpdate -q time1.aliyun.com

 

有以下输出表示正常

server 115.28.122.198, stratum 2, offset 53.490757, delay 0.06709
13 Sep 15:27:48 ntpdate[16092]: step time server 115.28.122.198 offset 53.490757 sec

 

3. 修改配置文件

vim /etc/ntp.conf 做出以下修改

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
 
driftfile /var/lib/ntp/drift
 
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery
 
# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1
 
# 允许1-4网段的服务器来校时,不允许客户端来修改,登录ntp服务器 
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.3.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.4.0 mask 255.255.255.0 nomodify notrap
 
 
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
 
server time1.aliyun.com
server time2.aliyun.com
server time3.aliyun.com
server time4.aliyun.com
server time5.aliyun.com
server time6.aliyun.com
server time7.aliyun.com
 
#broadcast 192.168.1.255 autokey        # broadcast server
#broadcastclient                        # broadcast client
#broadcast 224.0.1.1 autokey            # multicast server
#multicastclient 224.0.1.1              # multicast client
#manycastserver 239.255.254.254         # manycast server
#manycastclient 239.255.254.254 autokey # manycast client
 
# Enable public key cryptography.
#crypto
 
includefile /etc/ntp/crypto/pw
 
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography. 
keys /etc/ntp/keys
 
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
 
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
 
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
 
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats
 
# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

# Enable Logfile
logfile /var/log/ntp.log

 

4. 使硬件时间和系统时间一致

修改配置文件 vim /etc/sysconfig/ntpd 添加


SYNC_HWCLOCK=yes

5. 启动ntpd服务并查看状态


systemctl start ntpd
设置自动启动

chkconfig ntpd on

等待10-15分钟后执行 ntpstat 查看同步状态

synchronised to NTP server (182.92.12.11) at stratum 3 
   time correct to within 470 ms
   polling server every 64 s
发现已经同步。

 

执行ntpq -p 查看与阿里云ntp服务器连接状态

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+time6.aliyun.co 10.137.38.86     2 u   10   64   77   41.139    8.490   1.523
-time4.aliyun.co 10.137.38.86     2 u    5   64   77    3.479   15.026   1.354
*time5.aliyun.co 10.137.38.86     2 u   10   64   77   37.243   10.643   1.554
+120.25.115.19   10.137.38.86     2 u    5   64   77    3.574    5.228   2.803

*表示目前正在使用的上层NTP,+表示已连线,可提供时间更新的候补服务器

执行一下 hwclock --systohc 使系统时间和硬件时间一致。

6. 打开防火墙

由于ntp服务使用 123端口udp协议 所以需要打开防火墙。
执行firewall-cmd --zone=public --add-port=123/udp --permanent之后,再执行firewall-cmd --reload

7. Linux 客户端使用ntpd服务同步时间

先安装ntp服务执行yum install -y ntp

修改配置文件 vim /etc/ntp.conf 修改server,添加日志

# 允许ntpserver主动修改客户端时间
restrict 192.168.1.85 nomodify notrap noquery
restrict 192.168.1.50 nomodify notrap noquery

server 192.168.1.85
server 182.168.1.50

logfile /var/log/ntp.log

 

其他保持默认。

启动 ntpd服务systemctl start ntpd

打开本地放火墙 123 UDP端口

执行 ntpq -p 查看与服务器连接状态。

    remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+192.168.1.50    182.92.12.11     3 u   31   64   77    0.189  -30.963  42.392
*192.168.1.85    182.92.12.11     3 u   43   64   77    0.190   -1.903  18.890
 LOCAL(0)        .LOCL.          10 l   60   64   77    0.000    0.000   0.000

 

执行 ntpstat 查看同步状态

synchronised to NTP server (192.168.1.85) at stratum 4
time correct to within 131 ms
polling server every 64 s

8 Windows 使用客户端同步

8.1 组策略配置

win+r 运行gpedit.msc 启用全局配置

 
20170914-031152.png

启用ntp客户端

 
20170914-031233.png

win+r 执行 gpupdate /force

8.2. 使用自动配置工具

下载自动配置工具MicrosoftEasyFix50395.msi
下载地址在这个页面中 https://support.microsoft.com/zh-cn/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server

运行自动配置工具,做以下配置,多个服务器用空格隔开。

 
20170914-031246.png

之后在系统时间日期内执行同步查看结果。

 
20170914-031302.png

参考资料
CentOS搭建NTP服务器http://msiyuetian.blog.51cto.com/8637744/1712561
Windows客户端同步NTP服务http://4921679.blog.51cto.com/4911679/914473
如何在 Windows Server 中配置权威时间服务器 https://support.microsoft.com/zh-cn/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server

 


作者:若有所思11
链接:http://www.jianshu.com/p/199505ceebb1
來源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。

 

你可能感兴趣的:(3,系统)