1. NTP服务器搭建
安装ntp yum install -y ntp
2. 外网使用ntp服务器作为基准
ntp服务器列表: time1.aliyun.com time2.aliyun.com time3.aliyun.com time4.aliyun.com time5.aliyun.com time6.aliyun.com time7.aliyun.com
先ntpdate检查能否和以上ntp服务器通信。ntpdate -q time1.aliyun.com
有以下输出表示正常
server 115.28.122.198, stratum 2, offset 53.490757, delay 0.0670913 Sep 15:27:48 ntpdate[16092]: step time server 115.28.122.198 offset 53.490757 sec
3. 修改配置文件
vim /etc/ntp.conf 做出以下修改
# For more information about this file, see the man pages# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). driftfile /var/lib/ntp/drift # Permit time synchronization with our time source, but do not# permit the source to query or modify the service on this system.restrict default nomodify notrap nopeer noquery # Permit all access over the loopback interface. This could# be tightened as well, but to do so would effect some of# the administrative functions.restrict 127.0.0.1restrict ::1 # 允许1-4网段的服务器来校时,不允许客户端来修改,登录ntp服务器 restrict 192.168.1.0 mask 255.255.255.0 nomodify notraprestrict 192.168.2.0 mask 255.255.255.0 nomodify notraprestrict 192.168.3.0 mask 255.255.255.0 nomodify notraprestrict 192.168.4.0 mask 255.255.255.0 nomodify notrap # Hosts on local network are less restricted.#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap # Use public servers from the pool.ntp.org project.# Please consider joining the pool (http://www.pool.ntp.org/join.html).#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst server time1.aliyun.comserver time2.aliyun.comserver time3.aliyun.comserver time4.aliyun.comserver time5.aliyun.comserver time6.aliyun.comserver time7.aliyun.com #broadcast 192.168.1.255 autokey # broadcast server#broadcastclient # broadcast client#broadcast 224.0.1.1 autokey # multicast server#multicastclient 224.0.1.1 # multicast client#manycastserver 239.255.254.254 # manycast server#manycastclient 239.255.254.254 autokey # manycast client # Enable public key cryptography.#crypto includefile /etc/ntp/crypto/pw # Key file containing the keys and key identifiers used when operating# with symmetric key cryptography. keys /etc/ntp/keys # Specify the key identifiers which are trusted.#trustedkey 4 8 42 # Specify the key identifier to use with the ntpdc utility.#requestkey 8 # Specify the key identifier to use with the ntpq utility.#controlkey 8 # Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats # Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitor # Enable Logfilelogfile /var/log/ntp.log
4. 使硬件时间和系统时间一致
修改配置文件 vim /etc/sysconfig/ntpd 添加
SYNC_HWCLOCK=yes
5. 启动ntpd服务并查看状态
systemctl start ntpd 设置自动启动 chkconfig ntpd on
等待10-15分钟后执行 ntpstat 查看同步状态
synchronised to NTP server (182.92.12.11) at stratum 3 time correct to within 470 ms polling server every 64 s发现已经同步。
执行ntpq -p 查看与ntp服务器连接状态
remote refid st t when poll reach delay offset jitter==============================================================================+time6.aliyun.co 10.137.38.86 2 u 10 64 77 41.139 8.490 1.523-time4.aliyun.co 10.137.38.86 2 u 5 64 77 3.479 15.026 1.354*time5.aliyun.co 10.137.38.86 2 u 10 64 77 37.243 10.643 1.554+120.25.115.19 10.137.38.86 2 u 5 64 77 3.574 5.228 2.803
*表示目前正在使用的上层NTP,+表示已连线,可提供时间更新的候补服务器
执行一下 hwclock –systohc 使系统时间和硬件时间一致。
6. 打开防火墙
由于ntp服务使用 123端口udp协议 所以需要打开防火墙。 执行firewall-cmd –zone=public –add-port=123/udp –permanent之后,再执行firewall-cmd –reload。
7. Linux 客户端使用ntpd服务同步时间
先安装ntp服务执行yum install -y ntp
修改配置文件 vim /etc/ntp.conf 修改server,添加日志
# 允许ntpserver主动修改客户端时间restrict 192.168.1.85 nomodify notrap noqueryrestrict 192.168.1.50 nomodify notrap noquery server 192.168.1.85server 182.168.1.50 logfile /var/log/ntp.log
其他保持默认。
启动 ntpd服务systemctl start ntpd
打开本地放火墙 123 UDP端口
执行 ntpq -p 查看与服务器连接状态。
remote refid st t when poll reach delay offset jitter==============================================================================+192.168.1.50 182.92.12.11 3 u 31 64 77 0.189 -30.963 42.392*192.168.1.85 182.92.12.11 3 u 43 64 77 0.190 -1.903 18.890 LOCAL(0) .LOCL. 10 l 60 64 77 0.000 0.000 0.000
执行 ntpstat 查看同步状态
synchronised to NTP server (192.168.1.85) at stratum 4 time correct to within 131 ms polling server every 64 s
8 Windows 使用客户端同步
8.1 组策略配置
win+r 运行gpedit.msc 启用全局配置
20170914-031152.png
启用ntp客户端
20170914-031233.png
win+r 执行 gpupdate /force
8.2. 使用自动配置工具
下载自动配置工具MicrosoftEasyFix50395.msi 下载地址在这个页面中
运行自动配置工具,做以下配置,多个服务器用空格隔开。
20170914-031246.png
之后在系统时间日期内执行同步查看结果。
20170914-031302.png
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/290877.html