White space fix only. Translators can ignore.

Sponsored by: iXsystems
This commit is contained in:
Dru Lavigne 2014-01-31 21:54:18 +00:00
parent 3d667630bb
commit a74c7cf5d0
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/head/; revision=43711

View file

@ -5228,39 +5228,38 @@ Starting smbd.</screen>
<title>Clock Synchronization with NTP</title>
<indexterm><primary>NTP</primary>
<secondary>ntpd</secondary>
<secondary>ntpd</secondary>
</indexterm>
<para>Over time, a computer's clock is prone to drift. This is
problematic as many network services require the computers on a network
to share the same accurate time. Accurate time is also needed to ensure
that file timestamps stay
consistent. The
Network Time Protocol (<acronym>NTP</acronym>) is one way to provide clock
accuracy in a network.</para>
<para>Over time, a computer's clock is prone to drift. This is
problematic as many network services require the computers on a
network to share the same accurate time. Accurate time is also
needed to ensure that file timestamps stay consistent. The
Network Time Protocol (<acronym>NTP</acronym>) is one way to
provide clock accuracy in a network.</para>
<para>&os; includes &man.ntpd.8;
which can be configured to query other
<acronym>NTP</acronym> servers in order to
synchronize the clock on that machine or to provide time services to
other computers in the network. The servers which are queried
can be local to the network or provided by an <acronym>ISP</acronym>.
In addition, an <link
xlink:href="http://support.ntp.org/bin/view/Servers/WebHome">online
list of publicly accessible <acronym>NTP</acronym> servers</link>
is available. When choosing a public <acronym>NTP</acronym> server, select
one that is geographically close and
review its usage policy.</para>
<para>&os; includes &man.ntpd.8; which can be configured to query
other <acronym>NTP</acronym> servers in order to synchronize the
clock on that machine or to provide time services to other
computers in the network. The servers which are queried can be
local to the network or provided by an <acronym>ISP</acronym>.
In addition, an <link
xlink:href="http://support.ntp.org/bin/view/Servers/WebHome">online
list of publicly accessible <acronym>NTP</acronym>
servers</link> is available. When choosing a public
<acronym>NTP</acronym> server, select one that is geographically
close and review its usage policy.</para>
<para>Choosing several <acronym>NTP</acronym> servers is recommended in
case one of the servers becomes unreachable or
its clock proves unreliable. As <application>ntpd</application> receives responses,
it favors
reliable servers over the less reliable ones.</para>
<para>Choosing several <acronym>NTP</acronym> servers is
recommended in case one of the servers becomes unreachable or
its clock proves unreliable. As <application>ntpd</application>
receives responses, it favors reliable servers over the less
reliable ones.</para>
<para>This section describes how to configure <application>ntpd</application> on &os;. Further documentation can be found in
<filename>/usr/share/doc/ntp/</filename> in HTML
format.</para>
<para>This section describes how to configure
<application>ntpd</application> on &os;. Further documentation
can be found in <filename>/usr/share/doc/ntp/</filename> in HTML
format.</para>
<sect2>
<title><acronym>NTP</acronym> Configuration</title>
@ -5270,115 +5269,117 @@ Starting smbd.</screen>
<tertiary>ntpdate</tertiary>
</indexterm>
<para>To only synchronize the clock when a system boots,
use &man.ntpdate.8;. This alone can be appropriate for
desktops which are frequently rebooted. However,
most systems should
run <application>ntpdate</application> at boot time as well as configure <application>ntpd</application>.
This is because <application>ntpd</application>
changes the clock gradually, whereas <application>ntpdate</application>
sets the clock, no matter how great the difference between a
machine's current clock setting and the correct time.</para>
<para>To only synchronize the clock when a system boots, use
&man.ntpdate.8;. This alone can be appropriate for desktops
which are frequently rebooted. However, most systems should
run <application>ntpdate</application> at boot time as well as
configure <application>ntpd</application>. This is because
<application>ntpd</application> changes the clock gradually,
whereas <application>ntpdate</application> sets the clock, no
matter how great the difference between a machine's current
clock setting and the correct time.</para>
<para>To enable <application>ntpdate</application> at boot time, add
<literal>ntpdate_enable="YES"</literal> to
<filename>/etc/rc.conf</filename>. To also enable
<application>ntpd</application>, add the <literal>ntpd_enable="YES"</literal>
entry to <filename>/etc/rc.conf</filename>. Additional variables can be specified
in <filename>/etc/rc.conf</filename>. Refer to &man.rc.conf.5;,
&man.ntpdate.8;, and &man.ntpd.8; for details.</para>
<para>To enable <application>ntpdate</application> at boot time,
add <literal>ntpdate_enable="YES"</literal> to
<filename>/etc/rc.conf</filename>. To also enable
<application>ntpd</application>, add the
<literal>ntpd_enable="YES"</literal> entry to
<filename>/etc/rc.conf</filename>. Additional variables can
be specified in <filename>/etc/rc.conf</filename>. Refer to
&man.rc.conf.5;, &man.ntpdate.8;, and &man.ntpd.8; for
details.</para>
<para>Both applications
read <filename>/etc/ntp.conf</filename> to determine
which servers to query. Here is a simple example of an
<filename>/etc/ntp.conf</filename>:</para>
<para>Both applications read <filename>/etc/ntp.conf</filename>
to determine which servers to query. Here is a simple example
of an <filename>/etc/ntp.conf</filename>:</para>
<example>
<title> Sample <filename>/etc/ntp.conf</filename></title>
<example>
<title> Sample <filename>/etc/ntp.conf</filename></title>
<programlisting>server ntplocal.example.com prefer
server timeserver.example.org
server ntp2a.example.net
driftfile /var/db/ntp.drift</programlisting>
</example>
</example>
<para>The format of this file is
described in &man.ntp.conf.5;. The <literal>server</literal> option specifies which
servers to query, with one server listed on each line.
If a server entry includes <literal>prefer</literal>,
that server is preferred over other servers. A response
from a preferred server will be discarded if it differs
significantly from responses; otherwise it
will be used.
The <literal>prefer</literal> argument should only be used for
<acronym>NTP</acronym> servers that are known to be highly accurate, such as
those with special time monitoring hardware.</para>
<para>The format of this file is described in &man.ntp.conf.5;.
The <literal>server</literal> option specifies which servers
to query, with one server listed on each line. If a server
entry includes <literal>prefer</literal>, that server is
preferred over other servers. A response from a preferred
server will be discarded if it differs significantly from
responses; otherwise it will be used. The
<literal>prefer</literal> argument should only be used for
<acronym>NTP</acronym> servers that are known to be highly
accurate, such as those with special time monitoring
hardware.</para>
<para>The <literal>driftfile</literal> entry specifies which
file is used to store the system clock's frequency offset.
<application>ntpd</application> uses this to automatically
compensate for the clock's natural drift, allowing it to
maintain a reasonably correct setting even if it is cut off
from all external time sources for a period of time. This
file also stores information about previous responses
from <acronym>NTP</acronym> servers. Since this file contains
internal information for <acronym>NTP</acronym>, it should not be modified.</para>
<para>The <literal>driftfile</literal> entry specifies which
file is used to store the system clock's frequency offset.
<application>ntpd</application> uses this to automatically
compensate for the clock's natural drift, allowing it to
maintain a reasonably correct setting even if it is cut off
from all external time sources for a period of time. This
file also stores information about previous responses
from <acronym>NTP</acronym> servers. Since this file contains
internal information for <acronym>NTP</acronym>, it should not
be modified.</para>
<para>By default, an <acronym>NTP</acronym> server is accessible to any
network host. The <literal>restrict</literal>
option in <filename>/etc/ntp.conf</filename> can be used to
control which systems can access the server. For example,
to deny all machines from accessing the <acronym>NTP</acronym>
server, add the following line to
<filename>/etc/ntp.conf</filename>:</para>
<para>By default, an <acronym>NTP</acronym> server is accessible
to any network host. The <literal>restrict</literal> option
in <filename>/etc/ntp.conf</filename> can be used to control
which systems can access the server. For example, to deny all
machines from accessing the <acronym>NTP</acronym> server, add
the following line to
<filename>/etc/ntp.conf</filename>:</para>
<programlisting>restrict default ignore</programlisting>
<programlisting>restrict default ignore</programlisting>
<note>
<para>This will also prevent access from other <acronym>NTP</acronym> servers.
If there is a
need to synchronize with an external <acronym>NTP</acronym>
<para>This will also prevent access from other
<acronym>NTP</acronym> servers. If there is a need to
synchronize with an external <acronym>NTP</acronym>
server, allow only that specific server. Refer to
&man.ntp.conf.5; for more information.</para>
</note>
<para>To allow machines within the network to synchronize
their clocks with the server, but ensure they are not
allowed to configure the server or be used as peers to
synchronize against, instead use:</para>
<para>To allow machines within the network to synchronize their
clocks with the server, but ensure they are not allowed to
configure the server or be used as peers to synchronize
against, instead use:</para>
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
<para>where
<systemitem class="ipaddress">192.168.1.0</systemitem> is the
local network address and
<systemitem class="netmask">255.255.255.0</systemitem> is
the network's subnet mask.</para>
<para>where <systemitem
class="ipaddress">192.168.1.0</systemitem> is the local
network address and <systemitem
class="netmask">255.255.255.0</systemitem> is the network's
subnet mask.</para>
<para>Multiple <literal>restrict</literal> entries are supported.
For more
details, refer to the <literal>Access Control Support</literal>
subsection of &man.ntp.conf.5;.</para>
<para>Multiple <literal>restrict</literal> entries are
supported. For more details, refer to the <literal>Access
Control Support</literal> subsection of
&man.ntp.conf.5;.</para>
<para>Once
<literal>ntpd_enable="YES"</literal> has been added to
<filename>/etc/rc.conf</filename>, <application>ntpd</application>
can be started now without rebooting the system by typing:</para>
<para>Once <literal>ntpd_enable="YES"</literal> has been added
to <filename>/etc/rc.conf</filename>,
<application>ntpd</application> can be started now without
rebooting the system by typing:</para>
<screen>&prompt.root; <userinput>service ntpd start</userinput></screen>
</sect2>
<sect2>
<title>Using <acronym>NTP</acronym> with a <acronym>PPP</acronym>
Connection</title>
<title>Using <acronym>NTP</acronym> with a
<acronym>PPP</acronym> Connection</title>
<para><application>ntpd</application> does not need a permanent
connection to the Internet to function properly. However, if
a <acronym>PPP</acronym> connection is configured to dial out
on demand, <acronym>NTP</acronym> traffic should be prevented from
triggering a dial out or keeping the connection alive. This can be configured
with <literal>filter</literal>
on demand, <acronym>NTP</acronym> traffic should be prevented
from triggering a dial out or keeping the connection alive.
This can be configured with <literal>filter</literal>
directives in <filename>/etc/ppp/ppp.conf</filename>. For
example:</para>
@ -5398,8 +5399,8 @@ driftfile /var/db/ntp.drift</programlisting>
<note>
<para>Some Internet access providers block low-numbered ports,
preventing NTP from functioning since replies never
reach the machine.</para>
preventing NTP from functioning since replies never reach
the machine.</para>
</note>
</sect2>
</sect1>