How do I implement NTP in my infrastructure?

This topic contains 2 replies, has 2 voices, and was last updated by  wildweaselmi 6 months, 3 weeks ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #13339


    I would like to implement NTP in our environment and would like some advice.



    Your best approach

    Implement a Stratum 1 device like a Symmetricom device (which has an external antenna pulling down from satellite) and you can use your core switch and point to those devices so they could be Stratum 2 device which means all your clients, servers, etc could point to the core switches (the stratum 2).

    Note: you don’t need to use Symmetricom devices.  Here is a link that provides multiple manufactures that provide this capability

    Also note that DHCP, option 42 is what is used to define ntp servers

    Display NTP Servers


    w32tm /query /peers


    systemsetup -getnetworktimeserver


    ntpd -q


    Set current time zone to <timezone>. Use “-listtimezones” to list time zones.

    systemsetup -settimezone <timezone>

    List time zones supported by this machine.

    systemsetup -listtimezones

    Display whether network time is on or off.

    systemsetup -getusingnetworktime

    Set using network time to either <on> or <off>.

    systemsetup -setusingnetworktime <on off>

    Display network time server.

    systemsetup -getnetworktimeserver

    Set network time server to <timeserver>.

    systemsetup -setnetworktimeserver <timeserver>

    These commands don’t actually SYNC the time like the traditional UNIX commands do.


    “systemsetup -setnetworktimeserver” = Simply *sets the ntp server IP/name* in the /etc/ntp.conf file. This is the ntp server that shows up in the Date/Time system pref pane GUI. This command doesn’t force the Mac to sync with the ntp server at all – it just tell Mac OS X *which ntp server* to use.

    “systemsetup -setusingnetworktime” = Simply *enables* or *disables* the ntp client in favor of a stand-alone manual time configuration. This is the equivalent of the “Set time/date automatically” check box in the Date/Time system pref pane GUI. Im not sure if disabling and then immediately enabling this would “tickle” the client to to go sync with the ntp server or not. Perhaps it does? If so this seems rather clunky that it must be ran twice to get it to poll the server and sync the time.

    Assuming the Mac has already been configured to use a ntp server (and its enabled) but for some reason the Mac’s time has drifted, the Apple commands do not appear to have a single command to tell the Mac to “sync now”. At least its not clearly defined in the man page to me.


    use ntpq by typing ntpq and pressing enter at the command line and your prompt will change to

    pe or peers – To display a billboard showing the status of configured peers and possibly other clients poking the daemon.

    ntpq> pe
         remote           refid      st t when poll reach   delay   offset  jitter
    *mifnt1swic01-     2 u  268  256  377  119.761    7.829  20.961

    as or – To display additional details for each peer separately that can be determined by the use the as command to display an index of association identifiers

    ntpq> as

    ind assid status  conf reach auth condition  last_event cnt
      1 41942  96f4   yes   yes  none  sys.peer   reachable 15

    Each line in this billboard is associated with the corresponding line in the pe billboard above. The assID shows the unique identifier for each mobilized association, while the status column shows the peer status word in hex, as defined in the NTP specification. Next, use the rv command and the respective assID identifier to display a detailed synopsis for the selected peer

    ntpq> rv 41942
    associd=41942 status=96f4 conf, reach, sel_sys.peer, 15 events, reachable,, srcport=123, dstadr=,
    dstport=123, leap=00, stratum=2, precision=-20, rootdelay=1.816,
    rootdisp=0.656, refid=,
    reftime=de3035e9.f6aba7f3  Thu, Feb 15 2018 11:38:01.963,
    rec=de3035ee.749f3054  Thu, Feb 15 2018 11:38:06.455, reach=377,
    unreach=0, hmode=3, pmode=4, hpoll=8, ppoll=8, headway=0, flash=00 ok,
    keyid=0, offset=7.829, delay=119.761, dispersion=17.144, jitter=20.961,
    filtdelay=   121.44  172.00  138.41  149.10  165.60  153.74  132.59  119.76,
    filtoffset=   19.72   49.29   22.77    6.08   28.96   28.53   18.49    7.83,
    filtdisp=      0.00    4.04    8.03   11.99   15.98   19.83   23.73   25.70

    Query NTP using (the -q stands for query only)

    sudo ntpdate -q

    Set date time using ntp server (the -u stands for update)

    sudo ntpdate -u

    You can debug ntpdate by running (the -d stands for debug)

    sudo ntpdate -d

    If you are worried about security or need to use TCP instead of UDP you can look at using tlsdate

    tlsdate: secure parasitic rdate replacement

    ‘tlsdate sets the local clock by securely connecting with TLS to remote servers and extracting the remote time out of the secure handshake. Unlike ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS enabled service, and provides some protection against adversaries that try to feed you malicious time information.

    You may also try and use the following to check

    sntp -d
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.