You probably know the NTP Pool Project, or perhaps you have noticed that in several Linux distributions it’s servers from this pool that are configured as default time servers. They are run by volunteers offering their own bandwidth and time to manage these NTP servers. From the project’s home page:
The pool is being used by millions or tens of millions of systems around the world. It’s the default “time server” for most of the major Linux distributions and many networked appliances (see information for vendors).
Because of the large number of users we are in need of more servers. If you have a server with a static IP address always available on the internet, please consider adding it to the system.
Therefore, I decided to contribute and added my own NTP server to the pool. To do this, I have used a Raspberry Pi model B+ and the Raspbian distro. I hope that these instructions will help more volunteers contribute to the project.
Stratum 1, 2, 3… ?
I have decided to go for a Stratum 2 NTP server, just because I didn’t have a GPS addon for the Pi. There are several nice guides on the Web on how to configure a Pi as a Stratum 1 server, so this guide will focus exclusively on the
Another important note from the “How do I join pool.ntp.org?” page of the project:
Note that it is not required that your server is a stratum 1 or 2 server – as this project is about load distribution mostly, there is no reason why a stratum 3 or even stratum 4 server shouldn’t join.
Configure the Raspberry Pi
- Put Raspbian on the SD card and boot the Pi for the first time
- Login (the default credentials are pi as the username and raspberry as the password)
sudo apt-get update && sudo apt-get upgrade
to upgrade the firmware of the Pi. It’s important that you run this after the update commands so that the latest version of the firmware update utility is downloaded and used
- A reboot is necessary after the firmware upgrade
- I recommend adding a new user and password to harden the system a bit:
sudo adduser new_user
- Require a password for this new user (notice that, by default, Raspbian doesn’t require a password when you acquire root privileges from the
- Look for the line
#includedir /etc/sudoers.dand add the following line in that section:
new_user ALL=(ALL) ALL
- Reboot and try to login with
new_userto check that the operation has completed successfully
- Delete the old
sudo userdel -r pi
- Check that the
piuser has been deleted:
cut -d: -f1 /etc/passwd
- Remove the
piuser line from
- Assign a static IP address to the machine. For reference, this is my
auto lo iface lo inet loopback iface eth0 inet static address 192.168.0.250 netmask 255.255.255.0 gateway 192.168.0.1 network 192.168.0.0 broadcast 192.168.0.255 dns-nameservers 192.168.0.254 126.96.36.199 188.8.131.52
- Now the most important part, configuring the NTP settings. It’s important to pick at least 3 different NTP servers for accurate measurements, 5 would be better. It’s also important, paradoxically, not to choose them from existing NTP Pool servers. I personally chose 5 from this list. Again for reference, this is my
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: <http://www.pool.ntp.org/join.html> server ntp.i2t.ehu.eus server ntps1-0.cs.tu-berlin.de server zeit.fu-berlin.de server ntp1.nl.uu.net server ntp2.fau.de # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient
sudo /etc/init.d/ntp restart
- Check that everything is working:
Your output should look similar to this:
which lists the IP addresses of the NTP servers you have configured in your
ntp.conffile and where they are getting the time from. Since this is a Stratum 2 NTP server, all of these servers are Stratum 1 and are therefore getting the time measurements from GPS.
This completes the configuration section of the server, but if you are picky, there are still a couple of things you might want to check.
Point clients to your server
Pointing client to your new NTP server is another good way to check if things are working. In Windows you can do this from the Date and Time control panel entry > Internet Time tab > Change Settings…
Enter your Pi’s IP address here and click on Update. If everything goes well, you should see a confirmation message like this:
On Linux, you just need to configure
ntp.conf so that it uses your NTP server. After doing so, if you run
ntpq -pn on the client, you should see one single entry with your Pi’s IP address:
If you cross check with your server’s
ntpq -pn output, you should see that the
refid value in your client’s output (i.e. the actual server the NTP server is taking the time from) matches the IP address marked by a * in the
remote column of the server’s output, i.e. the NTP server actually being used:
That’s it folks, now you only need to join this to the pool (and don’t forget to configure port forwarding before doing so). Please consider doing it, there is constant need for new NTP servers, and it won’t use much bandwidth anyway.