Build a Stratum 2 NTP Server with a Raspberry Pi

You probably know the NTP Pool Project, or perhaps you have noticed that in several Linux distributions it’s servers from this pool that are configured as default time servers. They are run by volunteers offering their own bandwidth and time to manage these NTP servers. From the project’s home page:

The pool is being used by millions or tens of millions of systems around the world. It’s the default “time server” for most of the major Linux distributions and many networked appliances (see information for vendors).

Because of the large number of users we are in need of more servers. If you have a server with a static IP address always available on the internet, please consider adding it to the system.

Therefore, I decided to contribute and added my own NTP server to the pool. To do this, I have used a Raspberry Pi model B+ and the Raspbian distro. I hope that these instructions will help more volunteers contribute to the project.

Stratum 1, 2, 3… ?

I have decided to go for a Stratum 2 NTP server, just because I didn’t have a GPS addon for the Pi. There are several nice guides on the Web on how to configure a Pi as a Stratum 1 server, so this guide will focus exclusively on the ntp software.

Another important note from the “How do I join” page of the project:

Note that it is not required that your server is a stratum 1 or 2 server – as this project is about load distribution mostly, there is no reason why a stratum 3 or even stratum 4 server shouldn’t join.

Configure the Raspberry Pi

  1. Put Raspbian on the SD card and boot the Pi for the first time
  2. Login (the default credentials are pi as the username and raspberry as the password)
  3. Run
    sudo apt-get update && sudo apt-get upgrade
  4. Run
    sudo rpi-update

    to upgrade the firmware of the Pi. It’s important that you run this after the update commands so that the latest version of the firmware update utility is downloaded and used

  5. A reboot is necessary after the firmware upgrade
    sudo reboot
  6. I recommend adding a new user and password to harden the system a bit:
    sudo adduser new_user
  7. Require a password for this new user (notice that, by default, Raspbian doesn’t require a password when you acquire root privileges from the pi user):
    sudo visudo
  8. Look for the line #includedir /etc/sudoers.d and add the following line in that section:
    new_user ALL=(ALL) ALL
  9. Reboot and try to login with new_user to check that the operation has completed successfully
  10. Delete the old pi user:
    sudo userdel -r pi
  11. Check that the pi user has been deleted:
    cut -d: -f1 /etc/passwd
  12. Remove the pi user line from visudo
  13. Assign a static IP address to the machine. For reference, this is my /etc/network/interfaces file:
    auto lo
    iface lo inet loopback
    iface eth0 inet static
  14. Now the most important part, configuring the NTP settings. It’s important to pick at least 3 different NTP servers for accurate measurements, 5 would be better. It’s also important, paradoxically, not to choose them from existing NTP Pool servers. I personally chose 5 from this list. Again for reference, this is my /etc/ntp.conf file:
    # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
    driftfile /var/lib/ntp/ntp.drift
    # Enable this if you want statistics to be logged.
    #statsdir /var/log/ntpstats/
    statistics loopstats peerstats clockstats
    filegen loopstats file loopstats type day enable
    filegen peerstats file peerstats type day enable
    filegen clockstats file clockstats type day enable
    # You do need to talk to an NTP server or two (or three).
    #server ntp.your-provider.example
    # maps to about 1000 low-stratum NTP servers.  Your server will
    # pick a different set every time it starts up.  Please consider joining the
    # pool: <>
    # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
    # details.  The web page <>
    # might also be helpful.
    # Note that "restrict" applies to both servers and clients, so a configuration
    # that might be intended to block requests from certain clients could also end
    # up blocking replies from your own upstream servers.
    # By default, exchange time with everybody, but don't allow configuration.
    restrict -4 default kod notrap nomodify nopeer noquery
    restrict -6 default kod notrap nomodify nopeer noquery
    # Local users may interrogate the ntp server more closely.
    restrict ::1
    # Clients from this (example!) subnet have unlimited access, but only if
    # cryptographically authenticated.
    #restrict mask notrust
    # If you want to provide time to your local subnet, change the next line.
    # (Again, the address is an example only.)
    # If you want to listen to time broadcasts on your local subnet, de-comment the
    # next lines.  Please do this only if you trust everybody on the network!
    #disable auth
  15. Restart ntp:
    sudo /etc/init.d/ntp restart
  16. Check that everything is working:
    ntpq -pn

    Your output should look similar to this:

    ntpq -pn
    which lists the IP addresses of the NTP servers you have configured in your ntp.conf file and where they are getting the time from. Since this is a Stratum 2 NTP server, all of these servers are Stratum 1 and are therefore getting the time measurements from GPS.

This completes the configuration section of the server, but if you are picky, there are still a couple of things you might want to check.

Point clients to your server

Pointing client to your new NTP server is another good way to check if things are working. In Windows you can do this from the Date and Time control panel entry > Internet Time tab > Change Settings…

Enter your Pi’s IP address here and click on Update. If everything goes well, you should see a confirmation message like this:

Windows NTP settings

On Linux, you just need to configure ntp.conf so that it uses your NTP server. After doing so, if you run ntpq -pn on the client, you should see one single entry with your Pi’s IP address:

ntpq -pn client

If you cross check with your server’s ntpq -pn output, you should see that the refid value in your client’s output (i.e. the actual server the NTP server is taking the time from) matches the IP address marked by a * in the remote column of the server’s output, i.e. the NTP server actually being used:

ntpw -pn client server

That’s it folks, now you only need to join this to the pool (and don’t forget to configure port forwarding before doing so). Please consider doing it, there is constant need for new NTP servers, and it won’t use much bandwidth anyway.

Further reading:


  1. Hook your GPS module to the Raspberry Pi and join the Pi into your network, with proper software, it can be your Stratum 1 NTP server that your Stratum 2 server, or since you have it inside your network every computer, sync time with.

  2. I have an RPi and GPS board happily running and has been for many months. It has my home network and that of a friend taking time from it.

    I did bounce the idea of joining the ntp pool on StackExchange but got soundly chastised by one expert and patronised by a couple of others, so gave up. Interesting to see the idea actually implemented, presumably successfully.

    • Adding the GPS module to my RPi has always been on the back of my head, that’s something that I will definitely do, hopefully quite soon.

      I am sorry about your experience on SE, it’s a great collection of websites but sometimes some of its communities are not very warm and welcoming :P Adding your server to the NTP pool does not require much though, you just have to register on the website ( and add the IP address of your Pi. I didn’t even know that SE had its own NTP pool.

Leave a Reply

© 2018 Daniel's TechBlog

Theme by Anders NorénUp ↑

%d bloggers like this: