I would like to implement NTP in our environment and would like some advice.
You must be logged in to access attached files.December 28, 2018 at 4:46 pm
Your best approach
Implement a Stratum 1 device like a Symmetricom device (which has an external antenna pulling down from satellite) and you can use your core switch and point to those devices so they could be Stratum 2 device which means all your clients, servers, etc could point to the core switches (the stratum 2).
Note: you don’t need to use Symmetricom devices. Here is a link that provides multiple manufactures that provide this capability
Also note that DHCP, option 42 is what is used to define ntp servers
Display NTP Servers
w32tm /query /peers
ntpd -qDecember 28, 2018 at 4:50 pm
Set current time zone to <timezone>. Use “-listtimezones” to list time zones.
systemsetup -settimezone <timezone>
List time zones supported by this machine.
Display whether network time is on or off.
Set using network time to either <on> or <off>.
systemsetup -setusingnetworktime <on off>
Display network time server.
Set network time server to <timeserver>.
systemsetup -setnetworktimeserver <timeserver>
These commands don’t actually SYNC the time like the traditional UNIX commands do.
“systemsetup -setnetworktimeserver” = Simply *sets the ntp server IP/name* in the /etc/ntp.conf file. This is the ntp server that shows up in the Date/Time system pref pane GUI. This command doesn’t force the Mac to sync with the ntp server at all – it just tell Mac OS X *which ntp server* to use.
“systemsetup -setusingnetworktime” = Simply *enables* or *disables* the ntp client in favor of a stand-alone manual time configuration. This is the equivalent of the “Set time/date automatically” check box in the Date/Time system pref pane GUI. Im not sure if disabling and then immediately enabling this would “tickle” the client to to go sync with the ntp server or not. Perhaps it does? If so this seems rather clunky that it must be ran twice to get it to poll the server and sync the time.
Assuming the Mac has already been configured to use a ntp server (and its enabled) but for some reason the Mac’s time has drifted, the Apple commands do not appear to have a single command to tell the Mac to “sync now”. At least its not clearly defined in the man page to me.
use ntpq by typing ntpq and pressing enter at the command line and your prompt will change to
pe or peers – To display a billboard showing the status of configured peers and possibly other clients poking the daemon.
remote refid st t when poll reach delay offset jitter
*mifnt1swic01- 10.13.200.20 2 u 268 256 377 119.761 7.829 20.961
as or – To display additional details for each peer separately that can be determined by the use the as command to display an index of association identifiers
ind assid status conf reach auth condition last_event cnt
1 41942 96f4 yes yes none sys.peer reachable 15
Each line in this billboard is associated with the corresponding line in the pe billboard above. The assID shows the unique identifier for each mobilized association, while the status column shows the peer status word in hex, as defined in the NTP specification. Next, use the rv command and the respective assID identifier to display a detailed synopsis for the selected peer
ntpq> rv 41942
associd=41942 status=96f4 conf, reach, sel_sys.peer, 15 events, reachable,
srcadr=mifnt1swic01-core.eventguyz.com, srcport=123, dstadr=10.14.194.144,
dstport=123, leap=00, stratum=2, precision=-20, rootdelay=1.816,
reftime=de3035e9.f6aba7f3 Thu, Feb 15 2018 11:38:01.963,
rec=de3035ee.749f3054 Thu, Feb 15 2018 11:38:06.455, reach=377,
unreach=0, hmode=3, pmode=4, hpoll=8, ppoll=8, headway=0, flash=00 ok,
keyid=0, offset=7.829, delay=119.761, dispersion=17.144, jitter=20.961,
filtdelay= 121.44 172.00 138.41 149.10 165.60 153.74 132.59 119.76,
filtoffset= 19.72 49.29 22.77 6.08 28.96 28.53 18.49 7.83,
filtdisp= 0.00 4.04 8.03 11.99 15.98 19.83 23.73 25.70
Query NTP using (the -q stands for query only)
sudo ntpdate -q time.eventguyz.com
Set date time using ntp server (the -u stands for update)
sudo ntpdate -u time.eventguyz.com
You can debug ntpdate by running (the -d stands for debug)
sudo ntpdate -d time.eventguyz.com
If you are worried about security or need to use TCP instead of UDP you can look at using tlsdate
tlsdate: secure parasitic rdate replacement
‘tlsdate sets the local clock by securely connecting with TLS to remote servers and extracting the remote time out of the secure handshake. Unlike ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS enabled service, and provides some protection against adversaries that try to feed you malicious time information.
You may also try and use the following to check
sntp -d time.eventguyz.comDecember 30, 2018 at 6:21 pm
You must be logged in to reply to this topic.